Tech
Security still up in the air for many
A new survey out today from Oblix finds security continues to be a showstopper for Web services implementations. About 42% of 260 IT managers and developers say security concerns have kept them from extending Web services beyond the firewall, versus 43% that say there has been no problem.
![joe-mckendrick.jpg](https://www.zdnet.com/a/img/resize/3a9e2a2508b774d727021d3ab7170658c00cfa84/2020/01/11/aadf959a-c685-4b4b-b144-e92dc3ac4cae/joe-mckendrick.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
A new survey out today from Oblix finds security continues to be a showstopper for Web services implementations. About 42% of 260 IT managers and developers say security concerns have kept them from extending Web services beyond the firewall, versus 43% that say there has been no problem. (Another 15% said they didn't know.) Interestingly, there is also 22% that say they're too worried about security inside their firewalls to roll out services.
Interesting as well is the fact that more than a third either won't or don't know when they will be deploying Web services security. And only 15% said securing Web services traffic is just as "critical" as other IT initiatives going on within their organizations. (To be fair, 51% called it "important.")
Among security specifications and mechanisms, interest is greatest in WS-Security, an OASIS specification that was finalized and released in the spring of 2004. Forty percent of respondents said they were likely to adopt WS-Security within the next 12 months.
Another finding from the survey: only 13% feel their current identity management and Web access control solutions are sufficient to secure their Web services. Most say these solutions need change or enhancement.
A classic cart-before-the-horse situation: We're just still getting our feet wet in Web services/SOA, and most deployments are peripheral, or non-mission-critical, so the urgency isn't there to invest in iron-clad security (which costs more to put in place). But security is also a showstopper for moving Web services/SOA deeper into the enterprise -- or out to partner networks.
Interesting as well is the fact that more than a third either won't or don't know when they will be deploying Web services security. And only 15% said securing Web services traffic is just as "critical" as other IT initiatives going on within their organizations. (To be fair, 51% called it "important.")
Among security specifications and mechanisms, interest is greatest in WS-Security, an OASIS specification that was finalized and released in the spring of 2004. Forty percent of respondents said they were likely to adopt WS-Security within the next 12 months.
Another finding from the survey: only 13% feel their current identity management and Web access control solutions are sufficient to secure their Web services. Most say these solutions need change or enhancement.
A classic cart-before-the-horse situation: We're just still getting our feet wet in Web services/SOA, and most deployments are peripheral, or non-mission-critical, so the urgency isn't there to invest in iron-clad security (which costs more to put in place). But security is also a showstopper for moving Web services/SOA deeper into the enterprise -- or out to partner networks.