5.13. Managing Risk and Security
Once you move to SOA, you have opened up your IT infrastructure, to at least some degree, to your customers, suppliers, partners, investors, government regulators—and in some sense to everybody on the Internet, including criminals. SOA implies openness on a scale never before seen in IT.
But an unprecedentedly open system opens the door to unprecedented risks. Before, the system had only one interface: the user interface, which was well defined and well tested. Now, virtually anything can serve as a system interface, and any message that comes from another system could be a threat.
David Temkin, founder and chief technology officer of Laszlo Systems, creator of the OpenLaszlo rich Internet application platform, offers a good explanation of SOA and its relationship to the organization:
Typically, it used to be the case that if you wanted to get information from a repository, you wrote a specific application to get to it. Each application was a closed system, end to end. In an SOA model, enterprises define interfaces that allow the creation of enterprise toolboxes. These interfaces are readily exposed behind firewalls, with all the security concerns that go with that. In an information-rich company, you may have well over a thousand distinct applications that interact. As a result, system security needs to be taken very seriously. When IT systems contain all of the enterprise's data, customer information, procedures, and so on, a virtual break-in ...
Get The Next Leap in Productivity: What Top Managers Really Need to Know about Information Technology now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
