A biggie is IT security, which, of course, has given us heartburn for years. Now, Web services threatens to really keep us up at nights. A loosely coupled enterprise is inherently full of gaps and differing layers of requesters and responders. Vendors and standards bodies are working overtime to assuage fears, and OASIS' WS-Security protocols address many types of security tokens and formats.
However, no one can, or should handle this alone. As Yankee Group points out in a Line56 report, a whole new industry is springing up around Web services and SOA security. "The Web services vision involves software and devices that can connect to each other globally which, while convenient for IT and business users alike, represents a massive security challenge."
Yankee Group says these concerns will fuel a $4 billion market for managed security services by 2008 that will exist to allay the fears of vulnerabilties in loosely coupled enterprises. However, 90% of this market will be outsourced, much of it overseas.
An interesting phenomenon, if companies decide their IT security is something that can be farmed out. Security is very much a control issue, and something they prefer to hold close to the vest. It remains to be seen if Web services and SOA take our thinking that far outside the box.