SOA World Magazine serves as the Internet technology industry's journal of first resort for technical and strategic insights on the new distributed computing paradigm that is transforming use of the Internet by business and by individuals.

FROM THE EDITOR: Blowing My Horn
WRITTEN BY SEAN RHODY

There’s a biblical story about a walled city called Jericho. In the story, the walled city was under siege, and the folks who wanted in blew their horns for seven days and then the walls all fell down.

The Open Group has an initiative based on this story, called Jericho Security, which is based on the premise of security without walls. This is at odds with most current concepts of security, and yet it appears almost vital to the concepts Web 2.0 espouses such as collaboration, open discussions, and the free flow of information.

The conventional approach to security has been and to a certain extent remains one of putting up walls around things – organizations, servers, etc. Even the concepts and terms we use have a militarist bearing – firewalls, demilitarized zones – that connotes borders and maintaining integrity.

But the old saw about generals always being ready to fight the last war may also be apropos here. We’re not fighting an external enemy in many cases – a good number of costly security breaches have been internal. There are no clear battle lines, no solid borders in today’s corporations, just a mesh of various individuals and ecosystems working together.

Web 2.0 and social networking have further compounded the issue. I’ve had numerous conversations with organizations recently regarding the adoption of social computing and other Web 2.0 technologies. One uniform response from the corporate world is that blogs are bad. Whether it’s with respect to legal, regulatory, or privacy issues, invariably someone has decided that blogs are the latest incarnation of the Wild Wild West. Some big bad blogger is going to come along and say something so dreadful that it will cause massive disruption to the business and drive it into bankruptcy.

Never mind that we’ve all dealt with an electronic document mechanism for close to 20 years that serves as a model of how to deal with this challenge – it’s called e-mail. Policy, practice, and governance have been put in place to deal with the same challenges over the years and solutions exist.

Security has become a larger challenge – not only must we address the issue of protecting data at the source, we also must be able to address legislated concerns about communications and free expression. It’s become inexorably linked to social and governance issues such as HIPPA, Sarbanes-Oxley, and PCI. In this context, the concept of putting a wall around the organization becomes increasingly irrelevant. Security can’t be at the edge; it has to be part of the data, an integral part. And the definition of data, which in most cases means structured data in a database, has to undergo a rapid transformation. Data is not in the database anymore; it’s everywhere.

Recent data theft disclosures drive this point home. I suffered some credit card fraud recently. When I looked into the organizations I had credit with, it startled me that there were multiple incursions at different companies in which my identity may have been compromised.

It frightens me that instead of possibly identifying where the breach had occurred, what I saw was a pattern of breaches throughout the industry. Yet all of these organizations have firewalls and IT security groups. Obviously that’s not really helping to solve the problem.

Since many of the breaches in security have occurred within the firewall, it’s clear to me that security at the perimeter is not the answer to our problems. Without protection of the data, at the source, secured so that internal theft is pointless, we’re all at risk.

The plus side to all this is that once data is secure in this manner, the concepts of a wall around our organizations – you know, the one IT clamps down that prevents you from visiting Facebook or using instant messaging and generally interferes with you operating as efficiently at work as you do at home – vanishes. Then, finally, the walls can come down.

About the Author:
Sean Rhody is the editor-in-chief of SOA World Magazine. He is a respected industry expert and a consultant with a leading consulting services company.

Download SOA World Magazine, July 2008

PDF format, 12MB, 36Pages.

NAVIGATING THE SOA SECURITY WATERS
A critical aspect to success with SOA

You don’t have to be a chief information offi cer to realize that security is becoming a corporate concern as more business is transacted on the Web.

The mounting fears are well-founded. Web attacks are growing in sophistication. Data is fl owing faster and to more applications and more users. New Web development models, such as Web 2.0 and AJAX, are appearing. Web applications and the business processes they support are becoming more diverse and complex. A slight vulnerability in a Web application that is exploited one day can expose a million records the next. And, as these vulnerabilities spin out of control, the potential negative impact to a business is immense.

Introduce a new level of sophistication into the IT infrastructure — Service-Oriented Architecture (SOA) — and the security challenge advances to the next level. An SOA infrastructure is designed to make business processes more fl exible and faster-moving; however, creating services without adequate governance can quickly get out of control and become a nightmare to manage. ...

14 Software Can Be “Metered” Just Like Electricity with SOA Inside
ASH MASSOUDI
18 Using Modeling to Improve the Management of SOA Initiatives
SCOTT MCKORKLE

Visit SOA World Official Web Site

SOA WORLD LATEST STORIES
A Brief History of Cloud Computing: Is the Cloud There Yet?
By Paul Wallis
In order to discuss some of the issues surrounding The Cloud concept, I think it is important to place it in historical context. Looking at the Cloud's forerunners, and the problems they encountered, gives us the reference points to guide us through the challenges it needs to overcome ...

Avineon to Use SOA in Dept Defense Contract
By SOA World Magazine News Desk
Avineon has been awarded a Small Business Innovation Research (SBIR) Program Phase II contract by the U.S. Department of Defense (DoD) Naval Sea Systems Command (NAVSEA). Under the contract, which is a continuation of its Phase I work, Avineon will continue transforming NAVSEA's existi...

SOA Web-based Application, ProcessMaker, Will Be Available On the Intel Business Exchange
By SOA World Magazine News Desk
Colosa announced that its flagship solution, ProcessMaker, is one of the first applications to achieve certification through the Intel Certified Solutions Program and will be available on the Intel Business Exchange. The Intel Business Exchange is an online marketplace for small and me...

Comments (0)

Name

Email

Comment

smaller | bigger

Add Comment