Fine print: This scenario does not take into account the possibility of regulatory compliance issues, nor does it consider expenses associated with the loss of reputation, legal fees or the multitude of additional costs related to attacks or unauthorized access to data via Web services.
Also, consider the costs associated with implementing a single-tier solution, one in which Web services platforms provide all the security for exposed services. Given the degradation in performance likely to occur due to the additional burden of encryption, signatures and policy enforcement, you'll need to provision at least two servers to provide the same level of performance as a single WS-Security gateway. Factoring in the additional cost of SSL certificates, application software and hardware proves that a WS-Security gateway will provide a measure of cost savings in addition to its security features.
Lori MacVittie is a Network Computing technology editor working in our Green Bay, Wis., labs. She has been a software developer, a network administrator and a member of the technical architecture team for a global transportation and logistics organization. Write to her at [email protected].
Post a comment or question on this story.
Web Services Security
Given the arcane attack types--including request canonicalization, structure/schema misvalidation, XML External Entities and signed integer comparison attacks--it's no wonder some business-line managers haven't a clue why you go ballistic about casually deployed Web services.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
