Study shows companies still lukewarm (for now) on Web services |
 |
By Anne Saita, Information Security magazine Senior Editor
10 Dec 2003 | Information Security magazine |
|
|
Senior IT executives remain reluctant to widely deploy Web services -- touted two years ago as the next big thing -- because of security concerns. That trend, though, could reverse as security managers eye standards such as WS-Security and SAML to ease their apprehension, according to survey results released last week by identity management provider Netegrity.
Web services, which allow computers to communicate via the World Wide Web, are an attractive option for enterprises seeking better service for their customers and business partners. But the Netegrity survey of 100 senior-level IT executives, engineers and project managers at Global 2000 organizations indicates slightly more than half won't use them outside the corporate firewall until they're assured transactions are protected against a variety of cyberattacks.
"If companies don't build out a cohesive strategy for Web services security that ties into the overall enterprise security infrastructure, new deployments outside the firewall will open up an entire new area of vulnerability," notes Netegrity CTO Deppak Taneja in a statement.
More than 75% of those surveyed planned to roll out Web services in the next 12 months using one to four or more security standards, with WS-Security and SAML the most popular. Two varieties of XML ranked third and fourth, followed by X509 and Kerberos.
A vast majority of the respondents agreed it was important to integrate Web services security with an enterprise Web access management security infrastructure, according to survey results. More than half would use Microsoft .NET architecture, while 80% planned to use "application server architecture." A quarter of the group said they'd use up to four different types of architecture -- to be on the safe side.
|
|
|
|
