Security as an Enabler for Web Services Applications
Corporations are discovering the power of Web Services-enabled e-business applications to increase customer loyalty, support sales efforts, and manage internal information. The common thread in these diverse efforts is the need to present end users with a unified view of information stored in multiple systems, particularly as organizations move from static Web sites to the transactional capabilities of electronic commerce. To satisfy this need, legacy systems are being integrated with powerful new Web Services based applications that provide broad connectivity across a multitude of back-end systems. These unified applications bring direct bottom-line benefits. For example:
On the Internet. A bank cements relationships with commercial customers by offering increased efficiency with online currency trading. This service requires real-time updates and links to back-office transactional and profitability analysis systems.
On extranets. A bank and an airline both increase their customer bases with a joint venture—a credit card that offers frequent flyer credits sponsored by the bank. This service requires joint data sharing, such as purchase payment and charge-back information, as well as decision support applications to retrieve, manipulate, and store information across enterprise boundaries. Additionally, employees from both companies need to access information.
On an intranet. A global manufacturer accelerates the organizational learning curve by creating a global knowledge sharing system for manufacturing research and development. Plant engineers on one continent can instantly share process breakthroughs with colleagues thousands of miles away.
On the other hand, these new e-business applications can have a dark side. They can open a direct pipeline to the enterprise’s most valuable information assets, presenting a tempting target for fraud, malicious hackers, and industrial espionage.
Appropriate protections are a prerequisite for doing business, both for maintaining an organization’s credibility with its stakeholders and for protecting its financial viability. For example:
- The bank offering currency trading needs to protect the integrity of its core systems from unauthorized transfers or tampering.
- The bank and airline in a joint venture may compete in other areas or through other partnerships. A secure barrier, permitting authorized transactions only, must be erected between the two enterprise computing environments.
- The manufacturer posting proprietary discoveries needs to ensure that competitors or their contractors cannot eavesdrop on the system. Attacks from both the outside and the inside must be blocked.
Enterprises rely on information security mechanisms to safeguard their Web Services applications
Next >> Securing Web Services |