ENN - Electric News.net
Free e-mail alerts & newsletter - Sign up here
Free e-mail alerts & newsletter - Sign up here
Edit your alerts
News
   CORRECTIONS
Survey
Let us know how to make ENN better!
Take our reader's survey.
Adworld

Face-to-Face: Dinesh Dhamija, CEO Ebookers
 Don't look now, but e-travel is booming -- and strangely, its successes are coming only after the dot-bomb and September 11, events that decimated related industries. Matthew Clark spoke with Dinesh Dhamija, CEO of highflying European e-travel firms Ebookers, as the company considers acquisitions, market share and the future.
More here

 

The following e-mail will be sent on your behalf.

 has sent the following story to you from ElectricNews.net.

The story is available from https://electricnews.net/news.html?code=7812786

Security issues could slow Web services 
Wednesday, June 12 2002
by Matthew Clark


Web services are being touted as the next big thing in enterprise and corporate
computing, but security issues could slow the Web services wave, warns Forrester.

Many analysts, as well as software and IT services companies, are touting the
power and indomitable future of Web services. And with new Web services
development tools on the market, it is becoming easier for companies that are
willing to experiment to deploy inexpensive Web services. But in a report
published this month, research company Forrester notes that "novices are easily
building and deploying Web services interfaces to critical data and unknowingly
exposing their firms to security risks." 





Web services, as a concept, has gathered steam over the last year, promoted by
companies including Irish firms Cape Clear, Vordel and Iona. 



Essentially Web services is the name developers have given to a way of making all
applications on a corporate network interoperable and available over the
Internet. Web services provide a standard way to discretely package any piece of
data, (such as information on a database, a specific query, business logic) and
make that data accessible to anything else (such as another database, a mobile
handset or an external partner's system). 



Forrester said back in December 2001, in a report entitled "Start Using Web
Services Now," that companies need to jump on the Web services bandwagon
immediately, in part because the technology can cut down on costs, but also
because rolling out the technology will be less expensive for early adopters. 





But in its latest report "Securing Web Services," the research firm warns that
without security, Web services will remain hidden in the back office. Forrester
also points out that security is the top concern companies have when considering
the deployment of Web services. 



"The vast majority of our customers aren't that concerned about security
because most of their Web services are deployed internally," explained PJ
Murray, product manager with Cape Clear. "But as soon as the stuff goes out
over the Internet, they suddenly become very concerned about security."





Traditional network applications may each have their own security mechanisms that
companies can manage on an individual basis. But with Web services, maintaining a
different security protocol for each module will make managing overall network
security impossible, Forrester claims, because firms will have hundreds, or
thousands, of Web services.



All of this leads to an impasse. Large firms are being urged to roll out Web
services, but the security that comes with them is either feeble, or it will
eventually be so complex it will be unmanageable. "In the short run, it's
possible to build one-off security for each Web service -- in much the same way
as firms do with any other application," explained Forrester. "But this
approach won't work beyond the first few Web services -- soon enough, firms will
need a better way."





The solution is to build a security abstraction layer, Forrester recommends. A
security abstraction layer (SAL) sits over an entire array of Web services in a
company's network and consists of a collection of users that are controlled by
the same authentication policy. Using a SAL, system administrators can assign
security permissions to each employee, controlling that person's ability to
access data and administration functions from a central point. 



The whole point of Web services is that they eliminate dependence on which
underlying technologies firms choose to use and "the same holds true for Web
services security," Forrester said in the report. "Firms can choose whichever
security products meet their needs best...but must ensure that the products can
speak the security standards highlighted here -- like WS-Security or SAML."



But Murray and Cape Clear are somewhat more pragmatic. He counters Forrester's
argument by saying, "We really like SAML...but customers are just too nervous
about ripping out all of their existing security infrastructure, only to replace
with untested technology." He added, "When it comes to Web services we are
really cutting edge, but when it comes to security we are quite conservative
because that's what they (the customers) demand."
Search

Jobs
ENN Corporate Services Ad Red Moon Media Ad ENN Message Boards House Ad
Powered by The CIA
Designed by Redmoon media

 

© Copyright ElectricNews.Net Ltd 1999-2002.