Welcome!

Microservices Expo Authors: TJ Randall, Liz McMillan, Elizabeth White, Pat Romanski, AppDynamics Blog

Related Topics: Microservices Expo

Microservices Expo: Article

SOA Web Services Journal - Collect(ing) Calls

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy

I'm sitting in the airport, waiting for my end-of-week flight, and listening to the latest security controversy. Apparently the government has compiled a database of phone records as part of their fight against terrorism - the theory being that by analyzing the call patterns and using some social engineering, they might be able to identify terrorist activity.

I have no idea if this is legal or not, but certainly it's something I never expected while I was using my phone. I suspect that many people besides me expected their communications to be confidential. Apparently the phone companies felt that was not the case.

A few months ago, a bank that I do business with lost a tape with all sorts of personal information pertaining to its customers. They later recovered the tape, but not before they'd had to send out a note to all of us letting us know our identities were in jeopardy.

Sadly, these are just some of the problems that present themselves in the wired world. They're not even examples of malicious behavior (I give the government the benefit of the doubt); they're just things that happen in the course of doing business, or running the country.

While these incidents don't pertain directly to Web services security, or to securing an SOA, they certainly illustrate the complexity of the problem and the seriousness of the issues.

Security is a fundamental IT issue, one that has been growing in complexity and difficulty since the invention of the network card. We all have information that is important to us, and keeping that information private is something we expect from the organizations that we share our information with.

SOA and Web services provide ease of communication and mechanisms for widespread distribution of application functionality, often outside the boundaries of the enterprise. Many business-to-consumer sites, for example, provide Web services interfaces to do things like bid on an auction or purchase an item. During the transaction, sensitive information is transmitted.

It's our expectation that this information will be protected, both when the transaction occurs and in the future. This requires security in many areas. During the transaction, establishing a secured connection and protecting the information transfer from snooping eyes is critical. Once the information is inside a company that employs an SOA infrastructure to support its applications, it's critical that all avenues to that information be safeguarded as well. This includes protecting databases from attacks, as well as ensuring that access to all of our sensitive information is both controlled and monitored, so that the classic disgruntled employee or corporate spy cannot simply siphon off all of our information to sell to criminals. This is not an easy task, and the various legislative programs such as HIPPA, which requires privacy for health records, can make the task even more challenging.

There's a balance too, between privacy and efficiency. Yes, I'd like my doctors to be able to see my records in an emergency, but at the same time, I'm not sure I want my insurance company to be able to do the same thing. Without question, creating an intelligent approach to information security is a complex task. Data never really disappears once you provide it to another source - and we have to all realize that providing information may have consequences that we never imagined. We have a responsibility as well to be diligent and to not allow social engineering and Internet scams to take us in. Responsibility starts with us, and extends to the people we trust with our information.

Our focus in this issue is on SOA and Web services security. This is always an important topic and, certainly in light of recent events, one of interest to all of us who work in information technology.

More Stories By Sean Rhody

Sean Rhody is the founding-editor (1999) and editor-in-chief of SOA World Magazine. He is a respected industry expert on SOA and Web Services and a consultant with a leading consulting services company. Most recently, Sean served as the tech chair of SOA World Conference & Expo 2007 East.

Comments (2)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Microservices Articles
At its core DevOps is all about collaboration. The lines of communication must be opened and it takes some effort to ensure that they stay that way. It’s easy to pay lip service to trends and talk about implementing new methodologies, but without action, real benefits cannot be realized. Success requires planning, advocates empowered to effect change, and, of course, the right tooling. To bring about a cultural shift it’s important to share challenges. In simple terms, ensuring that everyone k...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, will discuss how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galer...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, will discuss how to use Kubernetes to setup a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace....
"There is a huge interest in Kubernetes. People are now starting to use Kubernetes and implement it," stated Sebastian Scheele, co-founder of Loodse, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...