In a recent survey, our readers reported security is the top organizational requirement for SOA. All of the agility in the world doesn’t matter if you can’t provide it in a secure fashion.
Yet traditional security isn’t sufficient to lock down a services infrastructure. Applications aren’t being housed on single servers in a static network. Changes in the application domain necessitate changes in the security domain and it is incumbent upon the application architects to plan for the different types of security that service-oriented architecture will require.
With that in mind, we’ve launched our new security lesson inside our Service Orientation for Architects School. It provides essential resources for architects looking to bake in the security that is essential for a proper SOA.
Burton Group’s Anne Thomas Manes offers up a Webcast on a holistic approach to SOA security. It deals with network options, end point intelligence and identity management practices. Steve Craggs of Lustratus Research identifies the top 5 SOA security traps in a podcast.
Craggs also has a written tip on the flexibility-security tradeoff.
It is no secret SOA is creating new vulnerabilities. It will be the users who educate themselves about how to protect against those new vulnerabilities, the ones who don’t expect someone else in the organization to find the holes, who make the most successful switch to service orientation.