Whether the organizational concern focuses on regulatory compliance or fine-grained control over the access of services, a well designed SOA can enable organizations to consistently apply security policies across all applications. Yet the distributed nature of a SOA results in a challenging environment in which to apply organizational security policies and can lead instead to a fragmented and inconsistent security infrastructure with serious performance implications.
Reducing Business Risk and Exposure
Security is no longer focused solely on restricting access to resources. In the enterprise it must also necessarily concern itself with regulatory compliance as the penalty for non-compliance can impact both the company’s financial position as well as the liberty of its executives. Regulations like Sarbanes Oxley, the PATRIOT Act, and Basel II as well as myriad state regulations focused on data privacy and protection are the concern of both business and IT. While generally accepted best practices for safeguarding data have long been implemented through the control of access to that data, the enterprise must also have a planned defense against the potential failure of those controls.
