Web services will need managed IDs to stay safe

By

As web services evolve from app-to-app to more complex transactions, they introduce new challenges for CSOs to consider.

Consider this: a staff portal calls Weather.com's web service for local weather conditions. The portal's web service requests could include host location, so a Boston employee gets Boston weather, for example. This may seem low-risk, but what if the calls are made to the employer's 401(k) provider? The request and underlying security must be identity-centric – coarse-grained, all-or-nothing security will not suffice.

Web services will need managed IDs to stay safe

In simple point-to-point web services, scale is manageable because the tight coupling between partners restricts the number of authorized identities. But as companies expose more web services, bulk identities are not sufficient. Companies will require better visibility into who is accessing web services. Coarse- or bulk-level identity is not sufficient.

This is why industry pundits and the press stress the importance of identity management in web services. Initially, people tend to visualize web services as app-to-app, making identity straightforward. But as the point-to-point model expands, identities become more fine-grained and harder to manage.

To reap the full benefits of Service Oriented Architectures while mitigating the security risks, enterprises should couple identity management with web services and adopt these four points:

  • Ensure consistency in security policy – abstract security policy from the web service container to a third-party security solution;
  • Extend existing investment protection – for those who have invested in ID management (IDM) solutions to protect web apps, it is a natural evolution to extend that same infrastructure to web services;
  • Consider scalability – managing a growing number of user identities can become a nightmare;
  • Monitor compliance and segregation of duties – developers creating security run the risk of creating risks or gaps by coding security directly into the web services container. IDM can mitigate this risk, as well as easing compliance by providing centralized audit.

Companies that adopt identity-centric web services will realize stronger security, better scalability and greater flexibility. Enterprises that rely on coarse-grained security risk potential security breaches.

Merritt Maxim is director of XML technologies for Netegrity, a division of Computer Associates, Inc.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
idsmanagedneedsafesecurityservicesstaytowebwill

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?