28 FEBRUARY, 2005

Burton Group outlines security considerations for transformative technologies

Burton Group, the only IT research firm focused on in-depth analysis of enterprise infrastructure technologies, forecasts that transformative technologies and service-oriented architecture (SOA) approaches are altering the information economy as they move into early majority deployment. However, these trends represent a double-edged sword for enterprise security technologists that fail to take a rigorous approach to security architecture.

In the Burton Group research report, "VantagePoint 2005-2006: Information Security Trends," Senior Vice President and Research Director Dan Blum predicts transformative technologies such as Web services, federated identity, digital rights management, trusted platform modules (TPMs) and virtualization will allow enterprises to construct a "virtual enterprise network." VENs provides on-demand connectivity for telecommuters, external partners, and internal employees.

"As this on-demand computing trend matures, more and more enterprises will move higher up the value chain and become online service providers to other enterprises," said Blum. "Enterprises that embrace these transformative technologies now will be best positioned to capitalize on the revenue growth from these services."

Burton GroupHowever, secure on-demand computing will take time because the online environment is becoming more hostile, as organized cybercrime co-opts hackers and botnets to launch phishing, spyware, and distributed denial of service attacks. Also, enterprises are continuing to escalate risk levels by putting more sensitive information and applications online. Knowledgeable insiders have more opportunities for fraud or other malfeasance. Regulations such as Sarbanes-Oxley require enterprises to introduce new technologies and SOA within context of a systematic, comprehensive approach to internal controls, audit, and security program governance.

Blum emphasizes that the above risks, regulatory considerations, the increased complexity of component re-use in SOA environments and the growing interdependencies between architecture layers and across value chains requires that technologists take a more rigorous approach to security architecture.

"Architects must do much more than specify Extensible Markup Language (XML)-based protocols for confidentiality and data integrity, or integration," says Blum. "They must also define how to manage use control, availability, and accountability in loosely coupled SOA systems across multi-tier application servers and loosely coupled partner domains."

Burton Group's "VantagePoint 2005-2006: Information Security Trends" is an in-depth research overview from Burton Group's newest research service: Security and Risk Management Strategies. www.burtongroup.com