GMG Insight, the publishing arm of the Gibson Marketing Group, reported that 43 percent of senior IT executives perceived security threats as the most critical issue in the implementation of SOA and Web services based applications.

 

The survey titled “Global Report on SOA/Web services security initiatives” was sponsored by CA and covered 555 IT directors or above from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and Central and South America.

 

The Service Oriented Architectures (SOA) and Web services are being extensively used by organizations to meet the IT application and integration needs of their employees, customers and partners there by exposing the network to potential threat. The objective of the study was to asses this security threat and readiness level of the organizations in dealing with the same.

 

The survey results showed that on an average, a SOA or Web services applications received seven XML targeted attacks in the last one year, substantiating the security concern with externally facing applications.  

 

“The state of SOA and Web services security is similar to what we saw with Web sites and portals about 10 years ago. As organizations rolled out Web applications, best practice security management approaches had not yet been resolved and security became a significant challenge,” said Lina Liberti, vice president for CA (News - Alert) Security Management.

 

“Web services and SOA applications have experienced those same security issues, but we believe the best practice approaches implemented for Web applications apply to these application architectures as well.”

 

However, survey indicated that despite the security concerns 75 percent of the Web services were externally-facing while 68 percent were external SOA-based applications. 57 percent of the respondents also reported having deferred or slowed adoption due to security-related issues.

 

“The fact that respondents are deferring SOA and Web services applications for security reasons indicates a strong collaboration between business and IT security teams. They are truly evaluating risk versus benefit to the business,” Liberti said.

 

Liberti added, “Further evidence of the need for such collaboration is that 93 percent of the IT executives surveyed believe SOA and Web services security should be integrated with identity and access management systems, which directly support critical business concerns such as compliance.”

 

CA offers identity and access management (IAM) solution to manage user identities and their access to critical IT resources, including Web applications, Web services, and server-based files and data.