Microsoft’s security executives recently told Computing Canada it is investing a “”good portion”” of its US$6 billion research and development budget to ensure its customers’ computing environments are resilient in the presence of worms and viruses. More specifically, by sometime in 2005, Microsoft
aims to give its customers an 18-24 month vacation from virus attacks.
It plans to accomplish this lofty goal through a combination of education, outreach and building better security into new releases of its products.
But just because Microsoft is throwing some serious elbow grease into keeping the bad guys at bay don’t think you can tear down the firewalls.
The fact is most businesses couldn’t function without the Internet; it’s as essential to their operations as their employees. And as long as business is being conducted over a public network, there will always be opportunities for unsavory characters to wreak havoc.
Why then are companies tripping over themselves to implement Web services projects before all the wrinkles have been ironed out?
Research reveals most organizations see Web services as a Holy Grail of sorts, a vehicle that will provide unparalleled ease and efficiency in conducting business with partners, suppliers and customers.
In a survey conducted by the Delphi Group, four-fifths of respondents said Web services is either “”important or imperative”” to their business strategies.
But companies are receiving mixed messages — and sometimes from the same organization — when it comes to benefits and challenges of Web services. Late last month, one Gartner analyst warned that businesses that have not yet begun crafting a strategy for Web services can expect to lose efficiencies in their IT departments. This seems to be the message that’s grabbing all the corporate attention. Companies are so intent on remaining competitive they’re forging ahead without considering the inherent risks.
Then again, another Gartner analyst pointed out that companies need to take a serious look at both how they expose their data and which tools they’re counting on to protect them.
There’s another important issue to consider: Web services standards’ groups are still wrestling with the security issues raised by this technological advance. And most of their members have a vested interest in ensuring these issues are hammered out as soon as possible.
At the moment, hackers are working out their frustrations in greener pastures. They’re not focusing their efforts on penetrating XML-based protocols and Web services, but it won’t be too far off until those attacks begin in earnest. Analysts warn that companies that have not done their security homework will be in big trouble.
My advice: Look before you leap and if you are intent on leveraging everything Web services has to offer, make sure you start behind the firewall.
