Hi. I'm Roger Thornton, CTO of Fortify Software. Today, weare going to be talking about SOA security.
When you see the letters SOA, you know what that means:Services Oriented Architectures, where we take inside the enterprise all of thesystems that run core pieces of our business, of the inventory, sales,financial and we create interfaces around those so that we can build all sortsof adhoc applications and rapidly integrate systems together in real times,both inside our company and with all our business partners in the outsideworld.
But when I see the letters SOA as a security person, I seeSecure Old Applications. Why is that? Well, in the security world, all theseaccess points, all these real-time access points that we're making into thesesystems, we call those attack surface paths, and all the threats that are outthere -- hackers, malicious insiders, viruses, and worms-- those aren't justfor operating systems those will come after your business applications too. Inthe past they never had a chance of getting near these applications. Why? Theywere deep inside the enterprise computing infrastructure of your company. Butonce you go to a Service Oriented Architecture, there are going to be numerouspaths into those systems, and what's the probability that back in the 1970s, orin the 1980s, or in the 1990s, when these were built, that people thought aboutthese threats addressing those applications were zero.
So SOA is an important technology and it's an importantenabler, but if you do it make sure you also read that as Secure Old Applications.
