Security

Compute cloud services cross chasm, analyst says

IT cloud services are “crossing the chasm,” argues Frank Gens of IDC. But what do enterprises want and expect from the new paradigm in software delivery? Continued »

Test SOA for the unexpected

Testing service-oriented architecture requires thinking outside the box to the point that your test cases hit an application with totally unexpected input, argues Thomas Fredell, CTO of IntraLinks. Continued »

Deadline extended for SearchSOA.com products of the year

Last week we got flooded with requests to extend the deadline for our Products of the Year Awards submissions. Normally we’d have taken a “no soup for you” stance on this, but when the requests topped the dozen mark we figured we should grant an extension.

Now you’ve got until February 15 to fill out the nomination form. It will push back the announcement of winners until March, but we believe this will be the most comprehensive set of awards handed out in the SOA space and we wanted to make sure absolutely everyone gets a chance to submit.

For those of you who don’t know, we have eight categories:

1. Service design and modeling (including BPM)
2. Service assembly and integration (ESB, orchestration)
3. Service performance (testing, QA)
4. SOA runtime management
5. Data services/integration (including BI)
6. SOA security
7. SOA governance (including registry/repository)
8. Composite application assembly (portal, Ajax, RIA)

Products need to have been released between Dec. 1, 2006 and Nov. 30, 2007. You can check the nomination form for more details, though we highly recommend you explain how the product enables SOA and adheres to the principles of service orientation in your entry.

SOA security lesson

In a recent survey, our readers reported security is the top organizational requirement for SOA. All of the agility in the world doesn’t matter if you can’t provide it in a secure fashion.

Yet traditional security isn’t sufficient to lock down a services infrastructure. Applications aren’t being housed on single servers in a static network. Changes in the application domain necessitate changes in the security domain and it is incumbent upon the application architects to plan for the different types of security that service-oriented architecture will require.

With that in mind, we’ve launched our new security lesson inside our Service Orientation for Architects School. It provides essential resources for architects looking to bake in the security that is essential for a proper SOA.

Burton Group’s Anne Thomas Manes offers up a Webcast on a holistic approach to SOA security. It deals with network options, end point intelligence and identity management practices. Steve Craggs of Lustratus Research identifies the top 5 SOA security traps in a podcast.

Craggs also has a written tip on the flexibility-security tradeoff.

It is no secret SOA is creating new vulnerabilities. It will be the users who educate themselves about how to protect against those new vulnerabilities, the ones who don’t expect someone else in the organization to find the holes, who make the most successful switch to service orientation.