In my previous post, I observed that disruptive Web services standardization will create many consolidations and mergers within the IT industry. Simultaneously, new markets are also springing up.
A biggie is IT security, which, of course, has given us heartburn for years. Now, Web services threatens to really keep us up at nights. A loosely coupled enterprise is inherently full of gaps and differing layers of requesters and responders. Vendors and standards bodies are working overtime to assuage fears, and OASIS' WS-Security
protocols address many types of security tokens and formats.
However, no one can, or should handle this alone. As Yankee Group
points out in a Line56 report
, a whole new industry is springing up around Web services and SOA security. "The Web services vision involves software and devices that can connect to each other globally which, while convenient for IT and business users alike, represents a massive security challenge."
Yankee Group says these concerns will fuel a $4 billion market for managed security services by 2008 that will exist to allay the fears of vulnerabilties in loosely coupled enterprises. However, 90% of this market will be outsourced, much of it overseas.
An interesting phenomenon, if companies decide their IT security is something that can be farmed out. Security is very much a control issue, and something they prefer to hold close to the vest. It remains to be seen if Web services and SOA take our thinking that
far outside the box.