9 Soa Security Challenges
posted by John Spacey, February 12, 2011Everyone knows that SOA security can be a challenge. But why?
Here are 9 factors that often complicate SOA security:
1. Legacy application security
SOA services that wrap legacy applications must take into account the legacy application's security model. Many legacy applications have hardcoded, proprietary security models.
2. Loose coupling of services and applications
SOA security must not violate SOA design principles such as the Loose coupling of services and applications.
3. Services that operate across organizational boundaries
In the past, many organizations have heavily relied on network security to secure applications. However, SOA services often operate across organizational boundaries. It is not enough to simply secure the perimeter with network equipment such as firewalls.
4. Dynamic trust relationships
SOA services are often required to support dynamic trust relationships with partners, customers, and employees.
5. Composite services
The security model must handle scenarios where multiple services work together as a composite service.
6. Diverse mix of old and new technologies
Need to manage security and identity across a range of systems and services.
7. Protection of inflight business data
Data may traverse insecure networks.
8. Need to be compliant with a growing list of standards
SOA is standards oriented. There are a growing list of security SOA related security standards. There is an expectation that SOA security solutions will rely on established standards.
9. SOA flexibility
SOA solutions are intended to flexible and customizable. SOA security models should not restrict flexibility.
Recently on Simplicable
Cloud Guideposted by John SpaceyA guide to cloud computing including cheat sheets, best practices and metrics. |
Web Security: Battleships and Locustsposted by Anna MarThere are two types of web security threats: battleships and locusts. |
Web Security Illustratedposted by John SpaceyHow would you explain web security to your grandmother? |
The 10 Root Causes Of Security Vulnerabilitesposted by John SpaceyLearn about common root causes of security risks. |