Is your organisation considering rolling out a Service Oriented Architecture (SOA) or Cloud / SaaS? Or are you already in the process of it? In either case it is critically important to consider the security and assurance implications early on. Only this way will you be able to minimise risks and to ensure the benefits of SOA / Cloud / SaaS. ObjectSecurity is an expert in SOA / Cloud /SaaS security. However narrow or broad your SOA definition of choice is, security plays an important role. Moreover, if security is implemented incorrectly, your SOA / Cloud / SaaS will not achieve the desired level of agility and reuse.

Contact consulting services sales SOA security success stories SOA security OpenPMF product Blog: model driven security TrustedSOA.org

In the narrow sense, you will need a good XML web services security architecture. Building such an architecture is a complex task because there are many security standards from many vendors and consortia, and it is important to choose products with stable and robust XML security standards that will be around for the forseeable future. In addition, it is necessary to choose a set of XML security standards that are interoperable. Compatible XML gateways and suitable backend infrastructure also needs to be selected and integrated carefully. In the broadest sense, you are looking at agile integration and orchestration of IT services that match the business processes. Such an agile SOA architecture will only be successful if security can be guaranteed in the face of frequent re-organisationss. This can only be achieved if the SOA infrastructure (XML web services and/or other middleware) can be automatically be reconfigured and redeployed without breaking security.

ObjectSecurity has strong expertise in both these areas. We can help you develop a secure SOA architecture that meets your requirements. Together with our XML product partners we can also recommend a range of suitable products to implement the underlying (XML and non-XML) infrastructure. ObjectSecurity's SOA security track record includes a consulting contract with QinetiQ for the UK Ministry of Defence, and workshops for BAA and blue-chips.