|
Intelligence in the network, and policies-based security measures will grow in importance and technical depth over the next several years. While much has been done at the transactional level to manage security, there are still many pockets of XML traffic that are not being scrutinized for security vulnerabilities.
But the larger threat is not about the technologies, it's about the policies and how security as a discipline is managed and maintained across an organization. You can't just look at XML content security from the network level, you need to look at it acoss all the levels, or the vulnerabilities will be discovered by someone other than those that should.
For example, a security management reference model that examines XML data from a lifecycle perspective can make comprehensive security a forethought, rather than an afterthought. What's needed are approaches to security for trusted infrastructure and proactive security management -- and identity and access management, and governance and so forth -- that reduces the amount of operational risk from top to bottom.
I suggest you find the security professionals in your organization, not just your network or IT department level. The full picture approach, not the bottom up one, is your best bet. Again, SOA will make those who maybe never worked together before, need to work together now.
|
