Can SOA be bad for your health?
Recently I featured in a podcast and wrote an article on the 5 SOA Security traps, and one particularly sticks in my mind.
The issue is about flexibility – a good thing, most people agree, but in security / governance terms it can be a two-edged sword, and so it proves to be in the case of SOA.
The problem comes down to security domains. IT implementations can be thought of as a group of structures with varying levels of security – all the way from a community village where anyone can wander in anywhere, up to castles with moats, drawbridges and even boiling oil! Imagine for example a company with a particular silo application which is highly sensitive and must be absolutely secure. This could be implemented on a high-availability cluster with hardware encryption, and even have physical access controlled by putting it in a room with locks on the door and a guard! Well, OK, this might a little over the top, but the point is the company can take whatever measures it sees fit to implement a high level security domain – think castle.
Now along comes SOA, with its philosophy of flexibility and shared, reusable services. Instead of running silos, applications become a linked set of services and logic, and the wonderful flexibility of SOA means these services could be running anywhere across the enterprise, on any platform and in any technology environment. So supposing there is a shared ‘create customer’ service, and the high-security application switches to using this service instead of its own redundant create customer code. Now, since the security is only as good as the weakest link, the security domain is broken. Someone just drilled a hole in the castle wall.
Of course, companies can take measures to ensure this disaster does not befall their critical apps. Procedures can be put in place to protect the integrity of the security domains, restricting changes to these applications and blocking them from SOA-based distribution. But many people are unaware of the exposure, and sometimes programmers, with the best intentions, might accidentally end up compromising operations. In the end, it is up to management to put in place any education programs, working practices and policies and then to enforce them. But at least forewarned is forearmed.
Steve
Posted in best practices, Business risk, enterprise architecture, governance, Imported, Security, SOA
Recent Comments
November 1, 2010 (8:36) CICS and PHP - DON'T PANIC It's great to see transactional support of any kind for a cloud language... be it PHP or not (whi...
July 16, 2010 (12:41) Does Micro Focus Server for SOA miss the point? I think Micro Focus has done a tremodeous introduction of Web Service from a COBOL. May not be a ...
June 15, 2010 (6:14) CICS and PHP - DON'T PANIC Hi Steve, Well, we don't actually *demand* that you host the PHP in regions separate to those ru...
April 3, 2010 (12:27) AMQP - Great idea, but it will never work As someone who has worked on DDS from an implementation perspective as well as an OMG standards p...
December 12, 2009 (9:15) Did Teilhard's JuxtaComm patent wipe out IBM, Microsoft and SAP? Subsequent to my post, the Calgary Herald ran an article (http://www.calgaryherald.com/business/P...
December 10, 2009 (9:01) AMQP - Great idea, but it will never work Now, this is a late reply! @Thorlin. I looked at DDS before embarking on AMQP (I also looked a...
December 7, 2009 (2:40) Come in Texas East District Court, your time is up The important thing to remember about patents is that they're all about the claims. While the bu...
October 27, 2009 (9:08) BAM vs BI Good article. Thanks, Emil
October 23, 2009 (11:04) So Oracle got Sun - but why? Oracle has stepped up the rhetoric when it comes to its plans for Sun. In a message to Sun custom...
September 16, 2009 (1:15) IBM gets Cognos to fill the gaps IBM has two BAM solutions now Cognos Now! and Websphere Business Monitor. Why two BAM solutions f...