CA Global Survey Finds Security a Primary Concern for SOA and Web Services Implementations
November 2008 by Marc Jacob
While Service Oriented Architectures (SOA) and Web services offer organizations innovative ways to meet the IT application and integration needs of their employees, customers and partners, they also introduce significant security challenges that must be addressed., 43 percent of senior IT executives perceive security threats as the most critical issue in the implementation of SOA and Web services-based applications.
This perception and concern about security is justified as the executives surveyed also reported experiencing an average of seven XML targeted attacks against externally facing SOA or Web services applications in the past year.
“The state of SOA and Web services security is similar to what we saw with Web sites and portals about 10 years ago. As organizations rolled out Web applications, best practice security management approaches had not yet been resolved and security became a significant challenge,” said Lina Liberti, vice president for CA Security Management. “Web services and SOA applications have experienced those same security issues, but we believe the best practice approaches implemented for Web applications apply to these application architectures as well.”
The survey also revealed that as organizations deploy SOA and Web services security systems, the vast majority of respondents (93 percent) believe integrating it with their identity and access management (IAM) solution is critical. However, just 43 percent of IT executives have done this integration to date.
Despite the security concerns, organizations surveyed have a surprisingly high percentage of externally facing SOA/Web services implementations. For example, respondents said that 75 percent of their Web services are externally-facing while 68 percent are external SOA-based applications. At the same time, more than half of the respondents (57 percent) reported they have deferred or slowed adoption of some SOA and Web services due to security-related issues.
“The fact that respondents are deferring SOA and Web services applications for security reasons indicates a strong collaboration between business and IT security teams. They are truly evaluating risk versus benefit to the business,” Liberti said. “Further evidence of the need for such collaboration is that 93 percent of the IT executives surveyed believe SOA and Web services security should be integrated with identity and access management systems, which directly support critical business concerns such as compliance.”
The CA-sponsored study surveyed nearly 555 IT directors or above about their position on SOA and Web services deployments and security. The respondents came from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and Central and South America
CA Identity and Access Management Solutions
CA offers a comprehensive identity and access management (IAM) solution designed to manage all user identities and their access to critical IT resources, including Web applications, Web services, and server-based files and data. The solution also helps organizations monitor and analyze all security events from discovery to resolution.