Monday, November 30, 2009

Security

It struck me today that one very important topic in system integration is security, but that this is one that was largely missing from most of our topic presentations and discussions outside of single sign-on & SAML.

I did a couple quick searches through our texts and found an interesting quote in one of our texts:

From "Enterprise Application Integration" (Wiley), Chapter 1:

"In the 1998 FBI/Computer Security Institute Computer Crime and Security Survey, 64 percent of respondents said their enterprises had been successfully attacked. Data modification occurred in 14 percent of the attacks. Quantifiable losses reached $136 million."

 If things were bad in 1998 I would guess that they're worse now (just a gut feeling, not backed up by data in any way!), so I think that we must be aware of security issues if/when we are ever involved in the design, development or use of an integrated system. A few quick google searches show that there are a LOT of resources (or at least articles) covering security related to SOA, SOAP, XML, web portals, etc.

I know that in my own experiences with integration solutions (see my prior posts) I regularly handle rather sensitive personal information. The way that security is handled in these cases is largely handled by encrypting the data prior to sending it, effectively making any security issues an "internal" matter.

I'm curious if anyone has any particular examples of security done well or poorly in an integrated system?
Posted by at

2 comments:

  1. BunnyDecember 1, 2009 at 1:24 PM

    Well, Peter as you said we didnot cover the topics on security..but we kinda touched the security aspect also.. Best example is shibboleth.. and we also had a guest lecture on it..

    But i really dont know whether scope of system integration is extensible to security or not,..or is it only about integration & stuff???

    ReplyDelete
  2. peterDecember 1, 2009 at 2:21 PM

    Hi Asha,

    I guess I didn't really express my meaning very well...I'm not thinking so much about security from the standpoint of authentication, but more from the perspective of the factors that would determine how secure a particular integration solution is.

    For example, what is it that I need to be aware of when designing an integration solution to be reasonably sure that I'm not creating opportunities that a black hat could exploit in order to steal private information (e.g. personal information from an HR database)?

    ReplyDelete

Subscribe to: Post Comments (Atom)