Enterprise Software

Security holds back Web services

Security issues are the number one roadblock to takeup of Web services, a market analyst has claimed.

Security issues are the number one roadblock to takeup of Web services, according to one market analyst.

Last week industry pundits claimed that the submission of the latest version of the Web Services Security (WS-Security) specification to international standards body Organisation for the Advancement of Structured Information Standards (OASIS) was a move in the right direction.

But Jason Bloomberg, senior analyst at US-based XML and Web services analyst ZapThink, thinks it's still security concerns that are holding Web services back.

Bloomberg said that ZapThink research had found that Web services offered great potential for B2B communication and integration, but a lack of robust security and manageability solutions currently available was inhibiting companies from conducting business with each other via Web services.

Bloomberg expects there to be a spike in demand for Web services security solutions within the next 12 months. ZapThink is predicting the Web services security market will reach US$4.4 billion in 2006, and represent 65 percent of the total authentication, authorisation and administration security market.

It is advising enterprises to institute policies that apply to their entire network—including participants invited from outside—and to administer security in a hierarchical fashion. "Companies planning on using Web services across the firewall will necessarily have to resolve the resulting security issues first," the company warned.

There's a lot of politics involved in the forming of standards, Bloomberg said in an interview with ZDNet Australia. "For vendors to get together and decide to use common standards and to be committed to interoperability is an enormous advantage to the end user or enterprise customers," he said.

According to Bloomberg, there's the misconception that most of the work in Web services with enterprise customers is proof-of-concept. He said there were real-world Web services projects being implemented, although these were primarily within the firewall where companies could control both end points.

Editor's Picks