Security: We have the technology, but do we have the will?

To find out the latest thinking about SOA security, I turned to a couple of ciphers — namely, TriCipher, and nCipher, two online security companies that recently conducted surveys on the state of advanced security. The results point to the fact that we have the technology for security, but we're going to have to work at managing the processes associated with security.

The TriCipher survey finds that managing authentication can be a costly and time-consuming process. A total of 68 percent identified the biggest business risk associated with authentication security failures as rising costs associated with downtime and IT administration. In addition, an issue that has plagued IT since the first computer was rolled out–simple password management–continues to be a big problem, according to 44 percent. The survey also found that 56 percent stated their existing strong authentication system was too hard to use, manage, or integrate with other systems.

nCipher's survey finds that three out of four companies are working on deploying cryptography to address a host of enterprise security issues, concluding that cryptography is no longer a niche technology. The increasing use of cryptographic keys across such a wide array of functions such as encryption, decryption, signing and authentication means that use of these keys is becoming more complex and diverse, that they are becoming more numerous and that different keys are subject to different security policies. These trends will greatly complicate the management of keys across the enterprise.

nCipher found that 74% of respondents said that they are using or plan to use encryption in the next 18 months to help address at least five major enterprise security issues including: the authentication of people, and devices; securing communications; protecting data at rest; protecting data integrity; and securing remote connectivity.

Currently, just 35% are using encryption right now for five or more security issues, indicating that an additional 39% plan to use cryptography to secure new issues within the next 18 months. As the use of encryption increases so does the number of cryptographic keys within the enterprise. Already, 16% of respondents report that they have more than 1,000 keys on servers, and 24% have more than 1,000 keys on desktops. Some report they have more than 10,000 keys on desktops.