A WS-Security gateway, sometimes called an XML gateway, XML firewall or SOAP proxy, can give you the network security features you need to prevent unauthorized access and transport- and application-layer attacks. (We tested these devices in our NWC Inc. labs. Our review, "Enemy at the Gateway," begins here.)
The Web services producer, typically an application server from a vendor such as BEA Systems, IBM, Microsoft or Novell, can provide control over authorization to specific operations based on consumer credentials and the specific data requested or submitted. A WS-Security gateway should provide message-level security, such as for authorizing operations, but there are situations in which this is impractical--for example, when you're securing third-party services. CRM, ERP and HR applications may offer Web services as a method of integration, but they sometimes use internal, proprietary methods of authentication and authorization. In such cases, you should insist that the application provide operation-level authorization.
The producer should also verify the data as it is prepared for processing and that the consumer is authorized to access the operation in question within the supplied parameters. Consider, for example, your Web services-enabled HR system: It's likely that all employees have access to this system, but each employee's right to view data within that system is limited, based on his or her role in the organization. In a Web services scenario, Bob from shipping would be granted access to the "employeeInformation" service and allowed to make a request of the "getSalary" operation, but only for himself.
This two-tiered security architecture is your best bet for Web services for several reasons:
Performance: Encryption, decryption, signing and verification of signatures are CPU-intensive tasks. Although cryptographic-acceleration hardware from Accelerated Encryption Processing, Broadcom Corp., nCipher and Rainbow Technologies can ease the CPU burden, it's better to perform these tasks at the edge of the network. Doing so provides integration with your other security devices, such as IDSs and load balancers. Also, at the edge, the application server can devote the bulk of its resources to processing requests, and the cost of managing multiple acceleration cards and certificates is alleviated.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
