In-Depth

New Software to Secure SOA-driven Apps

Security remains a key reason some developers shy away from service-oriented architectures. IBM’s new release may help change that.

• By Jason Turcotte
• 08/22/2006

Security remains a key reason why some developers continue to shy away from service-oriented architectures (SOA) but as awareness grows, so are solutions. IBM announced plans to release new System z mainframe integration software that will help secure SOA-based apps.

IBM previewed the new Tivoli software last week; the software will provide new mainframe management features that focus on secure Web applications powered by SOA. While the transactional and business perks of SOA are obvious, security complexities often overshadow those benefits. IBM reps say their soon-to-be released solution puts security at the forefront.

The Tivoli Federated Identity Manager for z/OS systems lets businesses collaborate and manage identities and resources throughout multiple companies in a secure manner. The software secures network traffic across firewalls. Because Identity Manager covers both distributed and mainframe environments, users won’t need to constantly switch areas of their IT infrastructure to maintain SOA security.

“IBM’s new software helps integrate mainframes—already the hub of today’s SOA computing environments—into IT infrastructures ready to adopt SOAs,” says Al Zollar, general manager of IBM Tivoli software. “By building out SOAs, our customers are delivering business services that require the security, resiliency, and performance that are the hallmark of System z.”

Zollar announced the upcoming software this week at SHARE in Baltimore, an independent, volunteer-run conference that caters to IBM’s enterprise community. Zollar also offered a sneak peek at the Tivoli Composite Application Manager, which will automatically monitor, analyze, and resolve SOA problems arising from within the IT infrastructure, and the Tivoli OMEGAMON XE, a product that will address IT issues across apps, middleware, and systems before they are ever SOA-enabled. OMEGAMON will monitor app security without IT staff intervention.

Experts say when it comes to SOA-based applications, simply relying on network security is insufficient. The process requires much more than the ill-conceived safety blanket of a firewall.

Security experts point to the new wave of SOA security tools that include AmberPoint SOA Management and SOA Software XML VPN Controller. IBM’s new solutions will join the likes of the company’s DataPower XS40 XML Security Gateway and SOA Software’s XML VPN Appliance, which both have the ability to federate identities among disparate systems.

The new Tivoli software is due out by the end of the year.