How a Web Services Network Isn't Secured by Traditional Means

Measuring the likelihood of successful Web services attack on a Web services network is very difficult. The most recent CSI/FBI report on Cyber Security (2004) reported that 53% of survey respondents were successfully breached with a cost of damage in excess of $500,000 per incident. The actual percentage could be much higher due to many companies' reluctance to reveal security information. In fact, 48% of respondents did not report breaches to their Web services network – in general fearing leakage of information. What can be safely said is that a majority of companies were successfully attacked against their existing network technologies and protections: the XML Web services firewall and the traditional network firewall.

Web Services provides new conduits for attack and therefore will have a higher percentage of successful attack. Web Services are essentially standardized interfaces or APIs into many different types of applications. These applications are not protected in a consistent way, nor are existing technologies such as SSL and network firewalls prepared to protect them. In fact, a recent Gartner Group report stated that:

     "Web Services will reopen 70% of attack paths closed by network firewalls."

A recent IDC study found that security topped the list of Web Services software that companies would invest in. Over 70% of respondents in this May 2004 survey said that they planned to invest in security software for the Web Services network. Given the ease associated with services network attacks, do you have an adequate Web services security strategy?

For More Information

Understand why firewalls are not enough to protect your Web services network: learn about Web services and SOA management. Download the free white paper, SOA Primer: Comprehensive Runtime Governance from Actional