Tuesday, December 22, 2009

Reducing the Complexity of Application Security

Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an infrastruture that enables rapid addition of both suppliers, buyers and partners for information exchange will perish and get demolished by a nimble and flexible competitor whose infrastructure has integration capabilities for rapid information exchange.

Mike Vizard from CTOEdge talks about the business drivers that compel companies to integrate yet face security challenges that hamper integration efforts: Reducing the Complexity of Application Security

Here's a snippet from Mike's article:

"As business-to-business interactions over the Web become more pervasive, so too does the complexity associated with securing those transactions.
Unfortunately, all that complexity serves only to dissuade businesses from integrating business processes across the Web at a time when we want to encourage that behavior. So the challenge facing chief technologists is to find a way to make it simpler to integrate business processes without having to introduce complex layers of security."
Key components that help reduce (and improve) application security include:
  1. Strong SOA Governance Enforecement, Monitoring and Security through XML Gateway such as Forum Sentry.
  2. Portal and Web services Authentication and Authorization decisions through Secure Token Services such as Forum Sentry STS - Identity Broker.
  3. Application Security Testing and Simulation through products such as SOAPSonar and SOAPSimulator for Identity, Privacy, Integrity and Penetration Testing.