Security threats to SOA and Web services are a concern among enterprise IT executives, according to research sponsored by CA. The company disclosed survey results as it announced a new CA Federation Manager and enhancements to CA SOA Security Manager at CA World in Las Vegas this week.
The new federation manager and updated SOA security manager are designed to help guard SOA applications that integrate with business partners, customers and suppliers outside the firewall, said Matthew Gardiner, senior principal for product marketing at CA.
He noted that an independent survey sponsored by CA found that 43 percent of senior IT executives perceive security threats as the most critical issue in the implementation of SOA and Web services-based applications.
Not only are the IT executives perceiving the threat, they are also experiencing it.
"We asked them if they had had their external Web services attacked and they said yes," Gardiner explained. "On average they had been attacked seven times in the past year."
The transition to SOA could be hampered by security vulnerabilities if it is not addressed, he said.
The study performed by GMG Insights surveyed nearly 555 IT directors or above about their position on SOA and Web services deployments and security. More than half of the respondents (57 percent) reported they have deferred or slowed adoption of some SOA and Web services due to security-related issues.
Based on the survey, Gardiner said: "The concern for security is mitigating adoption of SOA. The unknown and uncertainty of how to secure and manage it is slowing adoption, so leading organizations are trying to get ahead of that curve by building in security as a service itself."
Because of the loosely-coupled nature of SOA, a federated approach is the best approach to this problem, Gardiner said.
"Federation really ties closely to service orientation and Web services," he explained. "If you think about providing services and tying them together into applications, a lot of times those services will be used internally. But they will also be used externally. The service owner doesn't necessarily know which case that is."
SOA Security Manager provides a centralized security system for services, so a centralized security group within IT can manage access and XML threat mitigation for hundreds or even thousands of services from one central point, Gardiner said.
CA Federation Manager provide the security group with features including:
- Ability to act as the identity provider (home site of the user) or the service provider (owner of the target application), or both;
- A new user interface and management model to simplify the deployment and management of federation partnerships;
- Granular control over which users in the Identity Provider user store can federate.
Also this week from CA came word that SAP will resell the CA Wily Introscope performance management software suite under the banner of the SAP Extended Diagnostics by CA Wily. It is meant to complement the capabilities of the SAP NetWeaver technology platform, monitoring Java and .NET Web applications, application servers, portals and other (SOA) infrastructure components.
CEO John Swainson told CA World attendees that complexity is the leading obstacle and fundamental issue facing the IT industry.
Among several 'disruptive technologies' likely to change enterprise computing he identified virtualization, SOA, and cloud computing. He announced that CA formed a separate business unit for SaaS to bring its products to market as on-demand services.SOA, said Swainson also can increase the complexity of the IT environment. "It can be very difficult to manage and secure these business transactions through your infrastructure, he said.