A specialized firewall is deployed to batten down the company's service-oriented architecture.
Every new technology poses new security risks--networks made Internet worms possible, and E-mail proved to be the "killer app" for delivering viruses. Web services will be no exception.
With that in mind, Motorola Inc. has turned to Web-services security startup Forum Systems Inc. as it morphs hundreds of IT processes into Web services. Motorola is deploying Forum's Sentry Web Services Security Gateway to provide secure transactions and authentication. Forum is expected to announce the deal shortly.
Motorola also is using Forum's XWall Web Services Firewall, which works much the same way as traditional application firewalls, albeit specifically for Web-service transactions. "It's helping us manage those operational requirements in a way that's optimized for the Web-services architecture. We don't have to worry about the regular firewall not having that [capability]," says William Boni, VP and chief information security officer at Motorola.
Cyberthreats are changing, Boni says, so it's more critical than ever to secure IT initiatives from the start. "We can no longer assume that it's hobbyists and hackers having fun," Boni says. "We're talking about significant customer and consumer information, things that can have a real financial impact. And all of that could be at risk if you don't put the right safeguards in place."
The modular nature of Web services presents a security challenge, potentially leaving companies that don't plan carefully open to attack, says Pete Lindstrom, research director at Spire Security. "And it'll be much more expensive trying to retrofit security later in the process than in the beginning," he says.
The risks include hackers placing malicious content within messages or infiltrating backend systems through misconfigured applications. "You have to absolutely build in the security upfront," says Toby Redshaw, Motorola corporate VP and director of IT strategy, architecture, and E-business. "You can't build a house out of concrete, and later have to add the plumbing because you forgot."
Motorola is adopting Web services to add efficiency to software development. "How many times should code be written to authorize credit-card payments online?" asks Redshaw. "Every piece of code requires licensing and someone to maintain it. If we can take 50 processes and turn it into one that can be reproduced, that's a powerful thing."
That promise, however, can only be realized if the approach remains secure. Says Redshaw, "The quickest way for me to kill the momentum around moving this company to a service-oriented architecture would be to have some failures on the security front."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.