A Guide to Securing XML and Web Services
The quantity of XML crossing the enterprise network is dramatically increasing as the range and depth of uses that companies find for XML grows. This torrent of XML traffic offers substantial business value to enterprises, but it also offers a new set of risks.
Companies are using Web Services today to facilitate integration with their most important systems, but XML, the heart of Web Services, is by its nature an open, human-readable format, and as a result offers little in the way of inherent security. It is critically important, therefore, for companies to secure their XML and Web Services traffic before they experience serious compromises to their enterprise IT security.
The existing traditional security infrastructure is inadequate to satisfy the security needs that XML and Web Services present. Companies must optimize their security infrastructure with centralized XML and Web Services security policy definition and control. Organizations must also focus on securing their XML and Web Services traffic is at the perimeter of the network, and find efficient ways to offload security functions on behalf of their XML and Web Services.
Traditional network firewalls, however, aren’t up to the task, because they don’t understand the content of the messages crossing their ports. This need motivates companies like Reactivity to create a new kind of network appliance known as an XML firewall that intercepts incoming XML traffic and takes policy-based actions based on the content of that traffic. Such XML firewalls are an integral part of any enterprise’s complete IT security infrastructure.