Trends Report

SOA Security 2009: Requirements And Design

Understanding Your SOA Security Requirements And Iterative Solution Design

July 16th, 2009
RH
Randy Heffner
With contributors:
Khalid Kark , Matt Czarnecki

Summary

In industry discussions about SOA, external integration is treated as the benchmark indicator of SOA security maturity: If it's secure enough for external integration, SOA must be secure. By that benchmark, 30% of SOA users think SOA security is mature enough — they have SOA-based external connections to customers and partners. Despite this, full maturity is yet to come for both internal and external SOA connections. Companies can achieve simple SOA security, which is mature and solid, by making service requests over a virtual private network. Advanced SOA security, which is in its early days, can involve federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations. The first major step in setting a strategy for your current and future SOA security solutions is to understand the breadth of your SOA security requirements. The second step is setting an iterative design process to ensure a fully integrated view that considers security requirements, industry specifications, SOA security products, and custom security integration possibilities.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.