ARCHIVE
ID Number: LE-20-9154



This research is provided for historical perspective;
portions of this document may not reflect current conditions.





Develop Your Web Services Security Strategy Now
29 August 2003
 
Mark Nicolett   Ray Wagner  

While widespread deployment of Web services across firewalls is still several years off, now is the time to develop the security layers that will be required for it.






Browse Topics


Other Options







Contact Gartner






Download Document:

PDF
develop_your_we...pdf (25.1KB)

Help with Downloads




Analysis


Most Web services applications have been deployed within the relatively secure confines of an enterprise's intranet. Although the widespread deployment of Web services across firewalls is several years away, now is the time to develop the layers of security that eventually will be required for it.

Adopt appropriate Web services standards: A wide variety of Web services security standards operate at the protocol, XML and policy levels. These standards are at various stages of development, adoption and maturity. Identify those standards that are required to support your business and application requirements (see "Making Sense of Web Services Security Standards").

Develop an identity and access management strategy: Outward-facing Web services applications will require a way to authenticate communications with external business partners, and may require a federated approach to identity and access management. A recent implementation by Southwest Airlines represents a milestone event in the area of SAML-enabled identity management (see "Southwest Airlines Shows SAML's Promise").

Make Web services security technology decisions: Web services security platforms (that is, Web services application firewalls) have emerged to provide perimeter protection at the application layer. Web services management platforms enable centralized management, monitoring and security functions. During the next three years, there will be major changes in the general-purpose firewall market and the Web services security technology market that will affect your Web services security options (see "Web Services Security Vendors Come to a Fork in the Road").

Develop strategies to protect against new forms of malicious-code attacks: The current set of Web services security standards and technologies can't protect Web services applications from a new class of malicious-code attacks that will emerge as the number of external-facing Web services applications increases. Implement Web services interfaces carefully, with special precautions for enterprise application interfaces (see "Web Services Security Standards Aren't Enough").

Mark Nicolett

Editor in Chief

Security & Privacy

spotlight.feedback@gartner.com

Ray Wagner

Contributing Editor

Security & Privacy

spotlight.feedback@gartner.com
Return to Top







Browse Topics:
 
Security Management
Identity and Access Management
Web Services
Web Services Security




© 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 408294