Web ApplicationsBy Deborah Gage | Posted 2007-02-16 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
It's what you don't know about the security problems of operating systems and web applications that can kill you. Here are five new technologies that may change your relationship with your data.
Software modules designed to be used by more than one application. Modules encapsulate a customer or a business servicelike canceling an orderthat automatically triggers other services, such as logging a credit in accounts receivable. The messaging protocol SOAP (Simple Object Access Protocol) is one of the ways applications pass messages so the services are carried out.
Deployment and Use
Still not widely used. However, more than 90% of companies eventually plan to implement SOA, according to Gartner.
SOA, like Web applications, can expose sensitive business information. The vendors whose applications are used in SOA infrastructures (Oracle, IBM, BEA, SAP and Microsoft, among others) still don't agree on standard ways to secure those systems, and there are several security challengesidentifying who's coming into your system, tracking files to make sure no copies are created, and encrypting data and communication channels. If, for example, the vendors agreed on how to manage decryption keys, "We could do that centrally and give a lot more teeth to security," says Scott Metzger, CIO of TrueCredit, a subsidiary of TransUnion that offers online credit reports.
What To Do
Before getting too deeply into SOA, Gartner says companies should create a governance committee of both business and technology people to figure out which services to build and how they fit into the business. They should also identify ways to create common security across all enterprise applications. The software modules should be treated, Metzger points out, "like the most sensitive fields in a database."