Open Versus Secure
This is really the nut to crack. How can you be open and secure at the same time? Depending on your business, how do you open up all your data and resources without ticking off regulators, auditors, compliance officers, and the like? Sure, opening up everything sounds fabulous until there is a security incident, and the lack of incidents fuels growth and provides a false sense of security.
One thing to try is authentication. Authenticate everything, and provide authentication yourself. Conduct your business over SSL. Sign your content. Sign your feeds. Claim some ownership. Even if the content is not yours, the users are. Don't you owe it to them to provide a safe environment?
As more companies try, attacks on data and privacy will continue to rise. For the poor companies that need to share their information with business partners, customers, vendors, and the like, over the Internet, it is essential that they figure out how to make the data available and secure.
Good luck with that. Let me know how it works out for you.
Lack of Security Standards
Security standards are not going to help. Unfortunately, there are no security standards that make everything safe. Web services have tried to push forward specifications for SOAP and WSDL, but that is all we have. The bigger security picture is difficult to paint since there are so many different views of how it should look.
Technology is not helping either. We still don't understand the full impact of new technologies ...
Get Securing Ajax Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
