As companies rush to exploit the opportunities of service-oriented architectures (SOAs), clouds and other distributed models of computing, determined outsiders and insiders may seek to exploit vulnerabilities.
Consequently, the pervasiveness of these technologies marks a fundamental change in how organisations should approach the accompanying security challenges-especially the top three challenges identified by many organisations as being fundamentally important in the next year.
Every day billions of people are connecting to one another and therefore identity has taken on a new focus. Applications are no longer secured behind a firewall; more and more they are composites and mashups created from sources inside and outside the enterprise.
Transactions depend on the level of trust each party places in the other's credentials and the systems supporting them. Yet considering the rising instances of identity theft and fraud, it is clear that without instituting policies, processes and best practices, that trust can be misplaced, unauthorised or uncertain.
In a SOA environment these concepts become more complex as identity is not limited to users alone. Often, services themselves must be given an identity. That is, when a service invokes another service, each service needs to take on an identity.
For example, a shipping service may be automatically invoked by an order processing system, and that system must recognise the shipping service as a trusted identity, or the order fails. From order processing to healthcare authorisations and high-value banking operations, every business must treat SOA security with great care, and trust is the core principle behind driving these business operations. The ramifications of failed policies can reach all the way to the bottom line.
Moreover, identity systems continue to proliferate, forcing individuals to become their own identity administrators, juggling a mixture of self-created and third-party issued identities for every service they interact with, and balancing the trade-offs between privacy and reputation that come with increased disclosure. Individuals must also have a common set of "operating procedures" with which to navigate the new security landscape.
Going forward, the challenge lies in developing a common set of identity policies, processes, best practices and technology, as well as multipurpose identity systems that can be used across service providers. These systems should be able to accommodate complex identity relationships while providing a simplified way to address common identity.