CA adds federated security to fight growing threats to SOA

By Rich Seeley and Jack Vaughan 19 Nov 2008 | SearchSOA.com

News on SOA, EAI, Web services Digg This!     StumbleUpon     Del.icio.us

Security threats to SOA and Web services are a concern among enterprise IT executives, according to research sponsored by CA. The company disclosed survey results as it announced a new CA Federation Manager and enhancements to CA SOA Security Manager at CA World in Las Vegas this week.

The new federation manager and updated SOA security manager are designed to help guard SOA applications that integrate with business partners, customers and suppliers outside the firewall, said Matthew Gardiner, senior principal for product marketing at CA.

He noted that an independent survey sponsored by CA found that 43 percent of senior IT executives perceive security threats as the most critical issue in the implementation of SOA and Web services-based applications.

Not only are the IT executives perceiving the threat, they are also experiencing it.

"We asked them if they had had their external Web services attacked and they said yes," Gardiner explained. "On average they had been attacked seven times in the past year."

The transition to SOA could be hampered by security vulnerabilities if it is not addressed, he said.

The study performed by GMG Insights surveyed nearly 555 IT directors or above about their position on SOA and Web services deployments and security. More than half of the respondents (57 percent) reported they have deferred or slowed adoption of some SOA and Web services due to security-related issues.

Based on the survey, Gardiner said: "The concern for security is mitigating adoption of SOA. The unknown and uncertainty of how to secure and manage it is slowing adoption, so leading organizations are trying to get ahead of that curve by building in security as a service itself."

Because of the loosely-coupled nature of SOA, a federated approach is the best approach to this problem, Gardiner said.

"Federation really ties closely to service orientation and Web services," he explained. "If you think about providing services and tying them together into applications, a lot of times those services will be used internally. But they will also be used externally. The service owner doesn't necessarily know which case that is."

SOA Security Manager provides a centralized security system for services, so a centralized security group within IT can manage access and XML threat mitigation for hundreds or even thousands of services from one central point, Gardiner said.

CA Federation Manager provide the security group with features including:

• Ability to act as the identity provider (home site of the user) or the service provider (owner of the target application), or both;
• A new user interface and management model to simplify the deployment and management of federation partnerships;
• Granular control over which users in the Identity Provider user store can federate.

Also this week from CA came word that SAP will resell the CA Wily Introscope performance management software suite under the banner of the SAP Extended Diagnostics by CA Wily. It is meant to complement the capabilities of the SAP NetWeaver technology platform, monitoring Java and .NET Web applications, application servers, portals and other (SOA) infrastructure components.

For more information Weak encryption creates SOA vulnerabilities How SAML fits into your SOA security scheme

CEO John Swainson told CA World attendees that complexity is the leading obstacle and fundamental issue facing the IT industry.

Among several 'disruptive technologies' likely to change enterprise computing he identified virtualization, SOA, and cloud computing. He announced that CA formed a separate business unit for SaaS to bring its products to market as on-demand services.

Tags: SOA security strategy,  SOA security tools,  SOA implementations,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SOA security strategy Common Web application security exploits and how to stop them Weak encryption creates SOA vulnerabilities SOA runtime major step for Eclipse – Milinkovich IBM, Microsoft, Google join OpenID SOA needs RIA – Burton Group Green computing takes center stage Software AG boosts SOA security SOA governance called vital to security SOA, Web services create software security challenges SOA policy beyond Java and .NET SOA security tools Some Eclipse SOA Tools Projects are archived as work on SCA, modeling, moves ahead Faster SOA testing drives iTKO Eclipse release Weak encryption creates SOA vulnerabilities SOA tools hit UML tipping point Eclipse Ganymede: Rich Ajax Platform focuses on users Eclipse Ganymede Part 1: What's in it for SOA? SOA picture worth 1,000 words for HP SOA remaking business analyst job OpenID: Leveraging a widely accepted identity Web service Layer 7 offers mainframe SOA appliance SOA implementations SOA implementation evolves from open source to Oracle SOA suite U.S. Coast Guard adopts SOA and ESB to better track ships at sea SOA Implementation: Should top down meet bottom up? ESB watered down by EAI, but distinction remains On the road to SOA – Part 1, Boubez on early insights On the road to SOA – Part 2, Governance is fundamental Sparx releases new SoaML profile for Enterprise Architect 7.5 SOA implementation: It's the increments, stupid Bury SOA inside a larger architectural vision Enterprise Architecture in the Agile age - Part 1, Styles of EA SOA implementations Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Service Integration Maturity Model  (SearchSOA.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary