The Dark Side of TechnologyMarch 13, 2006 By: Tom Kevan
Cutting-edge technology is exciting. It often leaves you shaking your head in amazement. But there's another element that adds excitement to the latest and greatestunpleasant surprises. Even when the technology works the way it's supposed to, there are always facets that no one thought of until the shortcoming jumps up and bites us on our collective backside.
SOAs and Web Services
Take service-oriented architectures (SOAs) and Web services, for example. These tremendous integration technologies form an application-software framework that encompasses a collection of applications, defines the applications' data and functions, and makes these resources available as services to all the software participating in the framework. SOAs and Web services eliminate the barriers created by the different data models, protocols, and platforms of each application and allow the software to integrate and interact seamlessly. They put relevant sensor data and process information into the hands of those working on production lines, in boardrooms, and outside the enterprise as suppliers and business partners.
A Question of Security
These cutting-edge technologies can also open your company's network to viruses, Trojan horses, worms, and information theft-vulnerabilities that can seriously harm or shut down your operations. The messages used by SOAs and Web services to transmit data and functionality can pass through your network's security and allow embedded malicious code to attack your information infrastructure. The very mechanisms that enable integration (e.g., XML and the Simple Object Access Protocol) can make these threats invisible to the firewall that is meant to protect your company.
Who is responsible for this flaw? We are. The security measures built into SOAs and Web services can make significant demands on a company's application server. So what do we do? Turn them off. But users aren't the only culprits. The software vendors that make it possible to implement SOAs and Web services need to include ways of scanning the XML messages and detecting the threats.
Software vendors are now moving to close this breach, but harm has already been done. Does this mean that you shouldn't use these new technologies? No. SOAs and Web services provide greater levels of operational agility, let you add new functionality to your IT systems, and make it possible to leverage your existing information assets. You just need to pay close attention to the security features of any system you're thinking of implementing. Simply understand that anything new entering the market needs a shakedown period to get all the bugs out.
Most Read Articles