Friday, April 10, 2009

Security Isn't Just "Security" Anymore

Companies deploying composite applications often think of security as a complex and daunting aspect of their initiatives, ivolving PKI, Identity and Access Management solutions and so on. But security is often just a matter of knowing what's going on. At AmberPoint, we've been talking about how "Situational Awareness" is critical for the security of composite applications. And that means you not only need to watch your service-enabled apps. You also need to be able to look in on your EJBs and JDBC connections to see what's going on.

I recently spoke with an AmberPoint customer, a large mobile phone retailer, who confirmed this. Their business goal is to integrate as many partners as possible to enable cell phone activation. They're starting with around 500 services, and for Phase I AmberPoint monitoring meets their security requirements!

How is that? Well, they need to get a handle on what's out there. That’ll help prevent rogue services. Rogue services are usually not malicious--they're just orphaned services, test apps that (somehow) slipped out into production, or an "unofficial" integration point that made a developer's life easier at some point in the past. Preventing all this is the first step on the road to trustworthy composite applications. And you need to keep in mind that an intermediary or broker approach won't let you rest as easily as the broad coverage you get from a BTM solution like AmberPoint.

0 comments:

Post a Comment