Enterprises deploying SOA applications require centralized yet flexible management of security policies, coupled with consistent enforcement across their SOA ecosystems. In many cases, organizations have already invested in security infrastructure and now seek a way to leverage that infrastructure within their SOA ecosystems. However, traditional methods of securing applications come up short, lacking the comprehensiveness, consistency and flexibility required by SOA.

AmberPoint uniquely solves the SOA security problem by providing intelligent, "hands-free" security policy provisioning. This ensures that existing security infrastructure, processes and tools are consistently applied across the heterogeneous environments typical of SOA. AmberPoint's policy-driven approach to runtime governance provides the key to unlocking the benefits of a secure SOA.

Architects usually break-down SOA security into three areas—the first mile, the middle mile and the last mile.

First-Mile Security

By deploying secure application components, enterprises place a burden on those who want to consume services, requiring service consumers to spend time and resources implementing security features. Services secured using a policy-based solution also mandate that those client applications go through a development cycle every time security policies are updated.

AmberPoint enables enterprises to quickly and securely on-ramp service consumers to the SOA network. Out-of-the-box encryption and strong, two-factor authentication for SOA clients minimize vulnerability to common threats and aid regulatory compliance. AmberPoint's SOA security solution offers unique capabilities for automatically updating consumer applications as service-side policy changes—which means end-to-end SOA security with less coding and fewer obstacles to SOA agility.

Middle-Mile Security

Even within the internal network, it's important to avoid broadcasting sensitive data to every participant in a distributed transaction. AmberPoint makes it easy to keep SOA intermediaries—from security appliances to ESBs—on a need-to-know basis. Easy-to-use application security and intelligent content filtering provide confidentiality and integrity in distributed environments.

Last-Mile Security

Brokers, proxies and appliances are necessary, but do not suffice for SOA security. As long as the service endpoints are not enforcing policy, applications are vulnerable. This is especially true when the services, through the technology called WSDL, provide their own blueprints for integration and compromise.

Many solutions rely on awkward and inflexible technologies such as client SSL and IP white-listing to "solve" the last-mile problem. However, this ultimately diminishes system agility—the reason for migrating to SOA in the first place. AmberPoint provides full-featured, non-intrusive, policy-driven SOA security at the very endpoint, where applications and messages are at their most vulnerable.

AmberPoint security policies offer protection for inbound and outbound messages, providing support for:

• Authentication
• Fine-grained access control
• Identity propagation
• Intelligent content filtering
• Out-of the-box integration with leading Identity Management Systems and other security infrastructure
• Widely interoperable WS Security features such as integrity and confidentiality
• SAML-based identity sharing

Integration with Enterprise Security Solutions

Most organizations have already deployed a range of security infrastructure. They are simply looking for a way to bring those solutions and processes to bear on the challenge of SOA security. AmberPoint enables enterprises to unleash existing security rules on heterogenous SOA application components, meaning all user provisioning processes will immediately be reflected in the authentication and access control behavior of the distributed SOA system.

AmberPoint provides out-of-the-box, policy-based support for industry-leading identity and security solutions:

• Security appliances
• Public key infrastructure (PKI)
• Single Sign-On solutions
• Identity Management Systems
• LDAP v3 compliant repositories

By providing standards-based support for security integration, AmberPoint dramatically reduces the time, effort, and cost of securing SOA applications. The ability to re-use existing security solutions means additional ROI as those solutions are seamlessly repurposed to provide authentication, access control, and other security features in the context of SOA.

More Information

For more information about AmberPoint's solutions for SOA security, please also see the following:

• AmberPoint's SOA Security White Paper:
  "Policy Driven Security for a Trustworthy SOA."
• Archived webcast with Burton Group VP and Research Director Anne Thomas Manes:
  "Think Globally, Act Locally for SOA Security."