Are XML Gateways Really the Answer? - by Andrew Townley
Posted by Gary E Smith - THE SOA NETWORK at Thursday, November 02, 2006 7:55 AM and is filed under blog 
Are XML Gateways Really the Answer? - Yes They are Becoming Part of the Solution
With the continued evolution of SOA there is a trend in the industry to move commoditized functionality to the network in the form of various hardware devices: XML/SOA Appliances, Firewalls, Gateways, etc. This trend has been repeated in the past with various other network functionality and will likely to continue to happen in the future. However one needs to remember that functionality is typically productized using the 80/20 rule initially, then over time as standards and technology matures additional functionality is added. In other words products are designed to meet the largest market opportunity and most common applications. It is up to the consumer to understand the application of these devices to their environments.
As a product manager that has commercialized a number of telecommunications products you can't implement every possible feature/functionality, so you build to address the largest portion of your targeted markets and then through an iterative approach you add additional functionality as you get feedback from the marketplace. Additional functionality is driven by customer demand, problem reports, different product applications, competitive analysis, etc. If you are a consumer keeping this in perspective will help you to understand that you can't simply throw hardware at the solving a complex security problem. These products are meant to be implemented witin an overall security architecture in mind.
I talked about this problem in a couple of my blogs:
Interview with Gary McGraw
Discussion with Jeff Wiliams
While Gary and Jeff take a hard line against solving security problems in hardware/firmware, I think there is a happy medium of solving security problems with a combination of software and hardware - the real danger they want to alert people to - is that addressing security is not a hardware only solution. Simply buying a box and throwing it on the network doesn't abdicate you of your overall responsibilies.
There are many dangers of relying on hardware only security solution and you must keep the overall security archtecture in mind. Fortunately the reality is that most installations don't happen in complete isolation. Having a good working relationship with the networking vendors to understand the application of the their products to your environment will ensure that it will meet your needs now and into the future. Most reputable XML/SOA Networking Vendors will work with you to address the particular needs of your environment, since it is in their best interest to make sure it meets your needs. Also these vendors need to refine their products so they can meet the needs of their future customers to address a wider audience. Vendor participation is essential for the both consumers and vendors in order to evolve these products and this is particularly true when a technology such as SOA is not completely mature and evolving.
Caveat Emptor! - While as a consumer you always need to be aware of what you are buying I think that XML/SOA Firewalls and Gateways are becoming part of the solution. There are many Vendor/Customers examples where these products are solving real world problems. Working closely with your vendor and keeping your overall security architecture in perspective will help you apply these products to meet the needs of your environment.
For Andrew's Blog check out at:
Are XML Gateways Really the Answer?
___________________________________________________
>> Back to Main Page
Gary E. Smith
SOA Security Architect
With the continued evolution of SOA there is a trend in the industry to move commoditized functionality to the network in the form of various hardware devices: XML/SOA Appliances, Firewalls, Gateways, etc. This trend has been repeated in the past with various other network functionality and will likely to continue to happen in the future. However one needs to remember that functionality is typically productized using the 80/20 rule initially, then over time as standards and technology matures additional functionality is added. In other words products are designed to meet the largest market opportunity and most common applications. It is up to the consumer to understand the application of these devices to their environments.
As a product manager that has commercialized a number of telecommunications products you can't implement every possible feature/functionality, so you build to address the largest portion of your targeted markets and then through an iterative approach you add additional functionality as you get feedback from the marketplace. Additional functionality is driven by customer demand, problem reports, different product applications, competitive analysis, etc. If you are a consumer keeping this in perspective will help you to understand that you can't simply throw hardware at the solving a complex security problem. These products are meant to be implemented witin an overall security architecture in mind.
I talked about this problem in a couple of my blogs:
Interview with Gary McGraw
Discussion with Jeff Wiliams
While Gary and Jeff take a hard line against solving security problems in hardware/firmware, I think there is a happy medium of solving security problems with a combination of software and hardware - the real danger they want to alert people to - is that addressing security is not a hardware only solution. Simply buying a box and throwing it on the network doesn't abdicate you of your overall responsibilies.
There are many dangers of relying on hardware only security solution and you must keep the overall security archtecture in mind. Fortunately the reality is that most installations don't happen in complete isolation. Having a good working relationship with the networking vendors to understand the application of the their products to your environment will ensure that it will meet your needs now and into the future. Most reputable XML/SOA Networking Vendors will work with you to address the particular needs of your environment, since it is in their best interest to make sure it meets your needs. Also these vendors need to refine their products so they can meet the needs of their future customers to address a wider audience. Vendor participation is essential for the both consumers and vendors in order to evolve these products and this is particularly true when a technology such as SOA is not completely mature and evolving.
Caveat Emptor! - While as a consumer you always need to be aware of what you are buying I think that XML/SOA Firewalls and Gateways are becoming part of the solution. There are many Vendor/Customers examples where these products are solving real world problems. Working closely with your vendor and keeping your overall security architecture in perspective will help you apply these products to meet the needs of your environment.
For Andrew's Blog check out at:
Are XML Gateways Really the Answer?
___________________________________________________
>> Back to Main Page
Gary E. Smith
SOA Security Architect
Comments