Wednesday, May 30, 2012

Exotic, new connections: Embedded devices

Prepare for a host of new networking problems as devices never meant to be computers become network connected, reports Deb Radcliff. 

http://www.scmagazine.com/exotic-new-connections-embedded-devices/article/236308/3/ 

Phones, vehicles, traffic lights, medical devices, buildings, even weapons – everything's getting plugged in these days. This connectivity might make sense from a management and efficiency perspective. However, these devices – often chip-enabled and communicating over multiple protocols and channels – present risk management problems that keep IT pros up at night.
 Along with encryption, access controls and authentication will need to be able to operate in an environment with multiple types of traffic. Specifically, these systems must determine what type of devices are sending traffic on the network and how to handle their entree based on what they do or do not know about those devices and users, says Mamoon Yunus, chief executive officer of Newton Mass.-based web services provider Crosscheck Networks. “We believe access and information exchange between exotic endpoints will best be controlled through a gateway that sits behind the network firewall,” he says. This will serve as a proxy for identifying the device requesting access, signing and authenticating tokens and supporting information exchange.

Wednesday, May 09, 2012

Service Technology Magazine: Reducing Application Cost and Risk through Centralized SOA Security

Service Technology Magazine recently published an article on the merits of centralized SOA security.  Here's the abstract:

Abstract: This article compares centralized and decentralized application security models. It focuses on technical costs and organizational considerations while comparing these models. The analysis shows that centralized management of security policies has significant advantages over decentralized application security deployments including cost reduction, better risk mitigation and greater freedom for application developers to focus on creating business value. 

Introduction
Now, more than ever before, the global business environment expects greater customer service, demands deeper value chain integration and drives fiercer competition while requiring corporations to perform efficiently with diminishing resources. IT departments are in the midst of this global storm and are now pushed to deliver applications rapidly while minimizing costs. Fortunately, with the maturity of agile development, SOA and related standards, and cloud computing, the foundations are available for building resilient, nimble and cost effective IT infrastructure that is responsive to business needs.

Download complete article:  PDF, HTML

Friday, January 06, 2012

IT Knowledge Exchange: XML security appliance shopping advice

James Denman wrote an interesting piece titled XML security appliance shopping advice where he talks about real-life challenges faced by customers and their use of XML appliances such as Forum Sentry to solve such problems.

Earlier this month I wrote an article on a Software as a Service provider that employed a SOA security appliance for authentication and identity federation. OmegaFi, the SaaS provider in question, fills an interesting niche – providing financial services for Greek fraternities and sororities. Helping college kids run their organizations more like a not-for-profit business is not always easy, but OmegaFi has thrived on their particular set of challenges. I recently had some correspondence with the company’s CIO, John Woolbright that I would like to share.
Full Article: XML security appliance shopping advice