9 Soa Security Challenges
posted by John Spacey, February 12, 2011Everyone knows that SOA security can be a challenge. But why?
Here are 9 factors that often complicate SOA security:
1. Legacy application security
SOA services that wrap legacy applications must take into account the legacy application's security model. Many legacy applications have hardcoded, proprietary security models.
2. Loose coupling of services and applications
SOA security must not violate SOA design principles such as the Loose coupling of services and applications.
3. Services that operate across organizational boundaries
In the past, many organizations have heavily relied on network security to secure applications. However, SOA services often operate across organizational boundaries. It is not enough to simply secure the perimeter with network equipment such as firewalls.
4. Dynamic trust relationships
SOA services are often required to support dynamic trust relationships with partners, customers, and employees.
5. Composite services
The security model must handle scenarios where multiple services work together as a composite service.
6. Diverse mix of old and new technologies
Need to manage security and identity across a range of systems and services.
7. Protection of inflight business data
Data may traverse insecure networks.
8. Need to be compliant with a growing list of standards
SOA is standards oriented. There are a growing list of security SOA related security standards. There is an expectation that SOA security solutions will rely on established standards.
9. SOA flexibility
SOA solutions are intended to flexible and customizable. SOA security models should not restrict flexibility.
Service-oriented Architecture (SOA) is as simple as can be — it can all be boiled down to these 9 principles. |
Recently on Simplicable
6 Steps To Business Process Management Successposted by Anna MarWant to automate, monitor, measure and continually optimize your business? You might need BPM. |
6 Reasons You Need a SaaS Data Escrow Serviceposted by Anna MarIf you use SaaS you need a data escrow service — here's why. |
5 Common Current State Architectural Blueprint Mistakesposted by Anna MarA current state architectural blueprint is essential to your success as an IT organization. After all, you can't effectively manage a complex architecture that's not documented. |
9 Reasons You Need a Current State Architectural Blueprintposted by Anna MarA current state enterprise architecture blueprint represents your organization's high level architecture. It's probably the most important documentation that any IT organization can create and maintain. |