A new survey out today from Oblix finds security continues to be a showstopper for Web services implementations. About 42% of 260 IT managers and developers say security concerns have kept them from extending Web services beyond the firewall, versus 43% that say there has been no problem. (Another 15% said they didn't know.) Interestingly, there is also 22% that say they're too worried about security inside their firewalls to roll out services.
Interesting as well is the fact that more than a third either won't or don't know when they will be deploying Web services security. And only 15% said securing Web services traffic is just as "critical" as other IT initiatives going on within their organizations. (To be fair, 51% called it "important.")
Among security specifications and mechanisms, interest is greatest in WS-Security, an OASIS specification that was finalized and released in the spring of 2004. Forty percent of respondents said they were likely to adopt WS-Security within the next 12 months.
Another finding from the survey: only 13% feel their current identity management and Web access control solutions are sufficient to secure their Web services. Most say these solutions need change or enhancement.
A classic cart-before-the-horse situation: We're just still getting our feet wet in Web services/SOA, and most deployments are peripheral, or non-mission-critical, so the urgency isn't there to invest in iron-clad security (which costs more to put in place). But security is also a showstopper for moving Web services/SOA deeper into the enterprise -- or out to partner networks.