Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
I-SPAN09 – IASM
    10th International Symposium on Pervasive Systems, Algorithms, and Networks


      Governance of Info...
IASM

Agenda

    -Introduction & Background

    -Methodology


    -Security governance meta-structure


    -Conclusion...
IASM

Biography of Authors
    •       Janne J. Korhonen
    •       Researcher at Helsinki University of Technology
    •...
IASM

Background on EA and SOA in Dynamic Enterprise




                               S         A
                      ...
IASM

SOA Vendors for New Systematic Applications

 Gartner’s Magic
 Quadrant for
 Application
 Infrastructure for New
 Sy...
IASM

Evaluation of Current Architecture Frameworks
None of the assessed frameworks fully meets the major criteria
in the ...
IASM

Key SOA Concepts

         … a service?                                                 … service orientation?
     ...
IASM

A SOA Reference Architecture Sample




 Enterprise
 Architecture               Ref Architecture for
               ...
IASM

Concerns at Layer 7 - QoS
 1.Increased virtualization

 2.Loose coupling

 3.Widespread use of XML

 4.The compositi...
IASM

Typical Security Architecture for an Enterprise

             Externally                                            ...
IASM

SOA Security Reference Model by IBM




11 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
IASM




                                                                   Strategic
                                Stra...
IASM
                                   Security Policy




                                                              ...
IASM

Conclusion of paper

- Agile Governance Model promotes clarity in the role definition and
requirements management re...
Upcoming SlideShare
Loading in …5
×

Soa Governance And Security V1.1

1,639 views

Published on

This is a presentation for the paper "Governance of Information Security Elements in Service-Oriented Enterprise Architecture" published in the proceedings of 10th International Symposium on Pervasive Systems, Algorithms, and Networks

Published in: Technology
  • Be the first to comment

Soa Governance And Security V1.1

  1. 1. I-SPAN09 – IASM 10th International Symposium on Pervasive Systems, Algorithms, and Networks Governance of Information Security Elements in Service-Oriented Enterprise Architecture Mr Janne J. Korhonen Dr. Mehmet Yildiz Dr. Juha Mykkänen Department of Computer Science Certified Executive IT Architect HIS R&D Unit and Engineering IBM Australia and New Zealand University of Kuopio Helsinki University of Technology Melbourne, Australia Kuopio, Finland Helsinki, Finland Proposed Abstract: This paper identifies and analyzes governance roles and tasks in SOA security governance at macro level. Drawing from Information Security Management standards and frameworks on one hand and SOA considerations on the other hand, the identified governance elements are mapped to a governance structure that specifies planning and execution aspects at four organizational decision- making levels, resulting in a prescriptive model with practical relevance. This constructive study combines theoretical models and standards with industry experience of the authors. 1
  2. 2. IASM Agenda -Introduction & Background -Methodology -Security governance meta-structure -Conclusion 2
  3. 3. IASM Biography of Authors • Janne J. Korhonen • Researcher at Helsinki University of Technology • Research areas: – Enterprise Architecture and IT Governance • Particular research interest: Agile Governance Model • Dr Juha Mykkänen, post-doctoral researcher • University of Kuopio, Health Information Systems R&D Unit • Research activities: interoperability, standardization, modelling, service-oriented architectures, application integration, enterprise architecture • projects developing and applying SOA and integration approaches • Dr. Mehmet Yildiz, Enterprise Architect, IBM • Resarch interests: enterprise architecture, service oriented arthitecture, cloud computing, self healing systems, social computing 3
  4. 4. IASM Background on EA and SOA in Dynamic Enterprise S A O EA ESB 4
  5. 5. IASM SOA Vendors for New Systematic Applications Gartner’s Magic Quadrant for Application Infrastructure for New Systematic SOA Application Projects There are many vendors investing on SOA Application Projects. Leveraging their experience is important 5 Ref: Gartner’s Magic Quadrant for New Systematic Applications
  6. 6. IASM Evaluation of Current Architecture Frameworks None of the assessed frameworks fully meets the major criteria in the Regensburg study. Hence use of combination of frameworks is suggested. 6 Ref: Susanne Leist and Gregor Zellner University of Regensburg, Institute of Information Management, Germany
  7. 7. IASM Key SOA Concepts … a service? … service orientation? A way of integrating your A repeatable business business as linked Composable services task – e.g., check customer credit; open and the outcomes that new account they bring Interoperable SOA SOA Re-Usable Loosely … service oriented Coupled … a composite architecture (SOA)? application? An IT architectural style A set of related & that supports integrated services that service orientation support a business process built on an SOA 7
  8. 8. IASM A SOA Reference Architecture Sample Enterprise Architecture Ref Architecture for Ref Architecture for a Service Areas Ref Architecture for a Program Single Project 8 Ref: IBM and Open Group
  9. 9. IASM Concerns at Layer 7 - QoS 1.Increased virtualization 2.Loose coupling 3.Widespread use of XML 4.The composition of federated services 5.Heterogeneous computing infrastructures 6.Decentralized SLAs 7.The need to aggregate IT QoS metrics to produce business metrics 9 Ref: IBM and Open Group SOA Reference Architecture
  10. 10. IASM Typical Security Architecture for an Enterprise Externally Highly Controlled Secure Zone External Business Zone External Internal Zone Uncontrolled Demilitarized Zone Special Domain 10
  11. 11. IASM SOA Security Reference Model by IBM 11 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
  12. 12. IASM Strategic Strategy Tactical Macro Design Real-Time Operational Build / Micro Design Construct Run / Operate Design, Planning and Support Development and Execution 12
  13. 13. IASM Security Policy Strategic Organizational Security Compliance Tactical Asset Classification and Control Real-Time Operational Personnel Security Access Control Business Continuity Management System Development and Communications Maintenance and Operations Management Physical and Environmental Security Design, Planning and Support Development and Execution 13
  14. 14. IASM Conclusion of paper - Agile Governance Model promotes clarity in the role definition and requirements management related to the key security elements in enterprise architecture and SOAs. - The governance model, combined with suitable industry standards such as SOGP or ISO/IEC 17799 can be applied to the definition of roles and responsibilities of security governance activities in complex enterprise systems. - Specifically, it helps in positioning the security activities at the right organizational levels and at each level on either the planning or execution side so that all security requirements will be addressed adequately throughout the enterprise. 14

×