Security Key To Web Services


Web services are spawning a new breed of security technology.

Westbridge Technology is among a handful of start-ups addressing security challenges created by XML-based Web services. Next month, the Mountain View, Calif.-based company plans to ship its XML Message Server (XMS) software, said Kerry Champion, Westbridge president and CEO.

XMS includes an XML application firewall, a new type of firewall that filters SOAP messages and allows companies to secure Web services networks within and across enterprises, Champion said. Traditional network firewalls that define perimeters won't work for Web services, which are designed to allow open access to specific functions across multiple organizations, he said.

Another start-up, Forum Systems, unveiled Forum Sentry, an appliance for secure transmission and acceleration of XML data. The Salt Lake City-based vendor touts the hardware as the first XML Web services security appliance.

Developers also are rolling security into Web services as vendors rush to fill the gap, said Chris Wysopal, director of research and development at @Stake, a Cambridge, Mass.-based security firm. "The biggest thing for people to recognize is that the [Web services platform is immature as far as security goes," he said. "So they can't rely on any built-in security infrastructure the way they can with a lot of other platforms."

Web services increase the exposure of a company's internal business processes to security breaches, but Wysopal predicts that businesses will dive into the new technology without adequate safeguards.

However, differing standards and competition between Sun Microsystems and Microsoft will stymie Web services growth, said Andrew Gray, CTO of Icons, a security consulting firm based in North Brunswick, N.J. "I don't see a level of cooperation that's requisite for developing not just standards compliance but interoperable products," he said.