Microservices Expo Authors: Flint Brenton, Yeshim Deniz, Pat Romanski, Elizabeth White, Lori MacVittie

Related Topics: Microservices Expo

Microservices Expo: Article

SOA Web Services Journal - Collect(ing) Calls

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy. Apparently the government has compiled a database of phone records as part of their fight against terrorism - the theory being that by analyzing the call patterns and using some social engineering, they might be able to identify terrorist activity.

I have no idea if this is legal or not, but certainly it's something I never expected while I was using my phone. I suspect that many people besides me expected their communications to be confidential. Apparently the phone companies felt that was not the case.

A few months ago, a bank that I do business with lost a tape with all sorts of personal information pertaining to its customers. They later recovered the tape, but not before they'd had to send out a note to all of us letting us know our identities were in jeopardy.

Sadly, these are just some of the problems that present themselves in the wired world. They're not even examples of malicious behavior (I give the government the benefit of the doubt); they're just things that happen in the course of doing business, or running the country.

While these incidents don't pertain directly to Web services security, or to securing an SOA, they certainly illustrate the complexity of the problem and the seriousness of the issues.

Security is a fundamental IT issue, one that has been growing in complexity and difficulty since the invention of the network card. We all have information that is important to us, and keeping that information private is something we expect from the organizations that we share our information with.

SOA and Web services provide ease of communication and mechanisms for widespread distribution of application functionality, often outside the boundaries of the enterprise. Many business-to-consumer sites, for example, provide Web services interfaces to do things like bid on an auction or purchase an item. During the transaction, sensitive information is transmitted.

It's our expectation that this information will be protected, both when the transaction occurs and in the future. This requires security in many areas. During the transaction, establishing a secured connection and protecting the information transfer from snooping eyes is critical. Once the information is inside a company that employs an SOA infrastructure to support its applications, it's critical that all avenues to that information be safeguarded as well. This includes protecting databases from attacks, as well as ensuring that access to all of our sensitive information is both controlled and monitored, so that the classic disgruntled employee or corporate spy cannot simply siphon off all of our information to sell to criminals. This is not an easy task, and the various legislative programs such as HIPPA, which requires privacy for health records, can make the task even more challenging.

There's a balance too, between privacy and efficiency. Yes, I'd like my doctors to be able to see my records in an emergency, but at the same time, I'm not sure I want my insurance company to be able to do the same thing. Without question, creating an intelligent approach to information security is a complex task. Data never really disappears once you provide it to another source - and we have to all realize that providing information may have consequences that we never imagined. We have a responsibility as well to be diligent and to not allow social engineering and Internet scams to take us in. Responsibility starts with us, and extends to the people we trust with our information.

Our focus in this issue is on SOA and Web services security. This is always an important topic and, certainly in light of recent events, one of interest to all of us who work in information technology.

More Stories By Sean Rhody

Sean Rhody is the founding-editor (1999) and editor-in-chief of SOA World Magazine. He is a respected industry expert on SOA and Web Services and a consultant with a leading consulting services company. Most recently, Sean served as the tech chair of SOA World Conference & Expo 2007 East.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
SOA Web Services Journal News 06/09/06 01:38:11 PM EDT

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy. Apparently the government has compiled a database of phone records as part of their fight against terrorism - the theory being that by analyzing the call patterns and using some social engineering, they might be able to identify terrorist activity.

SOA Web Services Journal News 06/09/06 01:08:29 PM EDT

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy. Apparently the government has compiled a database of phone records as part of their fight against terrorism - the theory being that by analyzing the call patterns and using some social engineering, they might be able to identify terrorist activity.

@MicroservicesExpo Stories
The general concepts of DevOps have played a central role advancing the modern software delivery industry. With the library of DevOps best practices, tips and guides expanding quickly, it can be difficult to track down the best and most accurate resources and information. In order to help the software development community, and to further our own learning, we reached out to leading industry analysts and asked them about an increasingly popular tenet of a DevOps transformation: collaboration.
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

SYS-CON Events announced today that eCube Systems, the leading provider of modern development tools and best practices for Continuous Integration on OpenVMS, will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. eCube Systems offers a family of middleware products and development tools that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
Digitization is driving a fundamental change in society that is transforming the way businesses work with their customers, their supply chains and their people. Digital transformation leverages DevOps best practices, such as Agile Parallel Development, Continuous Delivery and Agile Operations to capitalize on opportunities and create competitive differentiation in the application economy. However, information security has been notably absent from the DevOps movement. Speed doesn’t have to negat...
Application transformation and DevOps practices are two sides of the same coin. Enterprises that want to capture value faster, need to deliver value faster – time value of money principle. To do that enterprises need to build cloud-native apps as microservices by empowering teams to build, ship, and run in production. In his session at @DevOpsSummit at 19th Cloud Expo, Neil Gehani, senior product manager at HPE, will discuss what every business should plan for how to structure their teams to d...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
When we talk about the impact of BYOD and BYOA and the Internet of Things, we often focus on the impact on data center architectures. That's because there will be an increasing need for authentication, for access control, for security, for application delivery as the number of potential endpoints (clients, devices, things) increases. That means scale in the data center. What we gloss over, what we skip, is that before any of these "things" ever makes a request to access an application it had to...
Join Impiger for their featured webinar: ‘Cloud Computing: A Roadmap to Modern Software Delivery’ on November 10, 2016, at 12:00 pm CST. Very few companies have not experienced some impact to their IT delivery due to the evolution of cloud computing. This webinar is not about deciding whether you should entertain moving some or all of your IT to the cloud, but rather, a detailed look under the hood to help IT professionals understand how cloud adoption has evolved and what trends will impact th...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, will discuss how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team a...
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will present at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said “No to LUNs.” With Tintri they manag...
DevOps is speeding towards the IT world like a freight train and the hype around it is deafening. There is no reason to be afraid of this change as it is the natural reaction to the agile movement that revolutionized development just a few years ago. By definition, DevOps is the natural alignment of IT performance to business profitability. The relevance of this has yet to be quantified but it has been suggested that the route to the CEO’s chair will come from the IT leaders that successfully ma...
The evolution of JavaScript and HTML 5 to support a genuine component based framework (Web Components) with the necessary tools to deliver something close to a native experience including genuine realtime networking (UDP using WebRTC). HTML5 is evolving to offer built in templating support, the ability to watch objects (which will speed up Angular) and Web Components (which offer Angular Directives). The native level support will offer a massive performance boost to frameworks having to fake all...
As we enter the final week before the 19th International Cloud Expo | @ThingsExpo in Santa Clara, CA, it's time for me to reflect on six big topics that will be important during the show. Hybrid Cloud This general-purpose term seems to provide a comfort zone for many enterprise IT managers. It sounds reassuring to be able to work with one of the major public-cloud providers like AWS or Microsoft Azure while still maintaining an on-site presence.
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and microservices. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your conta...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
DevOps theory promotes a culture of continuous improvement built on collaboration, empowerment, systems thinking, and feedback loops. But how do you collaborate effectively across the traditional silos? How can you make decisions without system-wide visibility? How can you see the whole system when it is spread across teams and locations? How do you close feedback loops across teams and activities delivering complex multi-tier, cloud, container, serverless, and/or API-based services?
Today every business relies on software to drive the innovation necessary for a competitive edge in the Application Economy. This is why collaboration between development and operations, or DevOps, has become IT’s number one priority. Whether you are in Dev or Ops, understanding how to implement a DevOps strategy can deliver faster development cycles, improved software quality, reduced deployment times and overall better experiences for your customers.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...