Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Wednesday 7 May 2008

"Security stove-piping" & agility (e.g. SOA)

It is clear that end-users are trying to get away from stove-piped, hard-coded IT environments. Instead, they want agile, reconfigurable, modular IT environments, as e.g. advocated by Service Oriented Architecture (SOA). A lot of effort has been put into architecting modular, model-driven approaches to achieve system agility.

Unfortunately security typically gets overlooked, and traditional security tools are deployed and configured (e.g. manually configured policies set in app servers, IAM systems etc.). The result is a system that is almost as stove-piped as before. ObjectSecurity calls this problem "security stove-piping".

Model driven security as a security management approach enables agility and security, and is therefore a critical ingredient in the SOA security mix. Contact ObjectSecurity if you would like to discuss this further.

No comments: