Feeds

The policy is...get some

Apps upgrades will need policies, even if you don't want them

Internet Security Threat Report 2014

Further indications that the coming upgrades of the major business applications such as SAP and Oracle could cause unsuspecting IT managers more problems than they have planned for, first noted here, have come from SOA Software.

Acknowledging that the next round of upgrades will all be enabled to run within - or even run - Service Oriented Architecture environments, the company's executive VP of product strategy, Frank Martinez, observed that IT managers now face a situation where it would no longer be a question of whether they opt for an SOA environment, as they will get it anyway. "The only questions they face now are 'when', and 'how'," he said. "And this can raise issues they have not planned for."

One of the most important issues is the fundamental change SOA can bring in the way IT is exploited in running businesses. Up until the arrival of SOA consumers have had to interact with suppliers' business systems in whatever way demanded by those business systems and the processes they run.

There has always been, therefore, an implicit direct coupling between the two, with any supplier policy automatically impacting the consumers for good or ill.

As Martinez points out, however, SOA infrastructures change this situation significantly. "It is not only possible to completely decouple the consumer and supplier sides of the business but also for the consumer side to start driving the way a company does business," he said. "That means businesses now need separate consumer-side and supplier-side policies and that they need to be decoupled from each other."

Though many users may opt to upgrade their applications suites to obtain other functionality than the SOA capabilities, the fact they are there, available for use by developers, means that business processes may be open to unintentional vulnerabilities simply because no management or process policies are in place. Such policies need to be implementable from the moment any upgraded application suite moves into the production environment.

The real trick then, according to Martinez, is having the ability to manage the necessary mediation between policies when contention occurs. For many businesses this issue will be a new one they have face, and one that cannot be avoided once they upgrade their applications. "Yes, it is a daunting prospect for many of them," he acknowledged. "But the fact that it is daunting is no longer acceptable as an argument."

Policy mediation is only one of four main areas of infrastructure management that users need to address as they drift into the SOA waters, the others being management tools, security and governance.

Martinez suggests that, taken together, this produces the need for very deep end-to-end integration across the infrastructure, deeper than the level of integration currently provided by available standards. "These may not close the loop around applications or process life cycles," he said.

But policy definition and implementation remain two of the most serious issues facing businesses as they plan for application suites upgrades, for they remain something of an unsuspected dark horse in the stable of new technologies those users will be acquiring. The key step for many will not be in implementing policies well.

As Martinez put it: "SOA has tools to manage and implement the most complex policies and mediate between them. But the users now need to understand that they do need the policies in the first place." ®

Remote control for virtualized desktops

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.