How To Plug 5 Big Security Holes - ' Web Applications ' (
Page 5 of 5 )
>>Service-Oriented Architecture
The Technology
Software modules designed to be used by more than one application. Modules encapsulate a customer or a business service—like canceling an order—that automatically triggers other services, such as logging a credit in accounts receivable. The messaging protocol SOAP (Simple Object Access Protocol) is one of the ways applications pass messages so the services are carried out.
Deployment and Use
Still not widely used. However, more than 90% of companies eventually plan to implement SOA, according to Gartner.
The Vulnerability
SOA, like Web applications, can expose sensitive business information. The vendors whose applications are used in SOA infrastructures (Oracle, IBM, BEA, SAP and Microsoft, among others) still don't agree on standard ways to secure those systems, and there are several security challenges—identifying who's coming into your system, tracking files to make sure no copies are created, and encrypting data and communication channels. If, for example, the vendors agreed on how to manage decryption keys, "We could do that centrally and give a lot more teeth to security," says Scott Metzger, CIO of TrueCredit, a subsidiary of TransUnion that offers online credit reports.
What To Do
Before getting too deeply into SOA, Gartner says companies should create a governance committee of both business and technology people to figure out which services to build and how they fit into the business. They should also identify ways to create common security across all enterprise applications. The software modules should be treated, Metzger points out, "like the most sensitive fields in a database."
Projects: Security 
