References (16)



Securing Data Beyond PCI in a SOA Environment: Best Practices for Advanced Data Protection

Ulf T. Mattsson

Protegrity Corp.

November 6, 2008

New business models rely on open networks with multiple access points to conduct business in real time, driving down costs and speeding responses to revenue generating opportunities. That's the good news. The bad news is that this modern business architecture is often riddled with vulnerabilities that can easily be exploited to gain unauthorized access to sensitive information.

To make life even more exciting, you can't rely on traditional best practices like establishing strong boundaries around critical applications to secure SOAs or you'll be defeating the features and flexibility that SOA brings to the enterprise.

Another attractive feature of SOAs is the use of standardized contracts and contract retrieval methods, which make life much easier for developers, authorized users and malicious hackers. Using a collection of freely available contract descriptions a hacker can target weakly authenticated or high-value services, easily penetrate an improperly secured SOA, eavesdrop on SOAP message traffic and see information that may be private. In addition, it is relatively easy to intercept a SOAP message in an unsecured SOA and reroute it or transform its content for purposes of mischief or fraud.

Layers of security - including integrated key management, identity management and policy-based inforcement as well as encryption are essential for a truly secure SOA. This article reviews a practical implementation of a transparent, risk-based management approach that can be used to lock down sensitive data utilizing policy driven encryption and key management for data-at-rest and in-transit across enterprise systems.

Number of Pages in PDF File: 12

Keywords: PCI, Visa, CISP, SB1386, compliance, Mastercard

JEL Classification: C88

Open PDF in Browser Download This Paper

Date posted: November 9, 2008 ; Last revised: November 12, 2008

Suggested Citation

Mattsson, Ulf T., Securing Data Beyond PCI in a SOA Environment: Best Practices for Advanced Data Protection (November 6, 2008). Available at SSRN: https://ssrn.com/abstract=1296764 or http://dx.doi.org/10.2139/ssrn.1296764

Contact Information

Ulf T. Mattsson (Contact Author)
Protegrity Corp. ( email )
One Cantebury Green
Stamford, CT 06901
United States
HOME PAGE: http://www.ulfmattsson.com
Feedback to SSRN

Paper statistics
Abstract Views: 898
Downloads: 142
Download Rank: 162,790
References:  16