Professional Documents
Culture Documents
An SOA is more efficient because it calls up just Yet in the UK just 34 per cent of organisations
those parts of applications required to perform a have implemented a full SOA, including legacy
service, rather than loading the entire applications, while 50 per cent have still to
application. It also allows functional components implement an SOA.
of different applications to be combined in
innovative ways to develop new services. In terms of overall security, German
organisations take the most proactive security
But there is a downside. An SOA can also stance among respondents and are the most
increase security problems. Each software advanced in terms of building security into the
component must be authenticated when it is software applications that they develop.
accessed.
UK respondents, on the other hand, are the least
If this does not happen, it's all too easy for some likely to test applications for security using static
outsider to inject a piece of rogue code into the code analysis tools and reusable models for
request, contaminating a whole business defining the levels of security required for
process. particular applications.
Another security weakness is that many These tools are useful in automating traditional
organisations are SOA-enabling legacy code reviews and uncovering possible security
applications as well as the new software that issues so that they can be dealt with before the
they are developing. This approach potentially application or service is allowed into the main
exposes existing applications over open run-time environment.
networks.
The survey reveals some concerning issues.
These legacy applications were never designed Closer analysis shows that across all three
to be accessed in this manner and so lack a countries, less than half of organisations are
security model to address external threats. using testing tools such as static code analysis
when deploying a full SOA that exposes legacy
applications.
Commissioned by Fortify Software, Quocirca
recently conducted a survey across Germany,
the UK and US to assess the take-up of SOA. When individual countries are analysed, just 26
Almost three-fifths of respondents are per cent of German organisations implementing
implementing a large-scale SOA, including web- full SOA deployments are using these tools.
enabling existing applications.
That figure runs counter to the high-level
findings that appear to show German
organisations as more security conscious. In the
About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology
and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the
views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-
world practitioners with first hand experience of ITC delivery who continuously research and track the industry
and its real usage in the markets.
Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption – the personal and
political aspects of an organisation’s environment and the pressures of the need for demonstrable business value in
any implementation. This capability to uncover and report back on the end-user perceptions in the market enables
Quocirca to advise on the realities of technology adoption, not the promises.
Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC
has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocirca’s
mission is to help organisations improve their success rate in process enablement through better levels of
understanding and the adoption of the correct technologies at the correct time.
Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC
products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of
long term investment trends, providing invaluable information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise
that ITC holds for business. Quocirca’s clients include Oracle, Microsoft, IBM, Dell, T-Mobile, Vodafone, EMC,
Symantec and Cisco, along with other large and medium sized vendors, service providers and more specialist
firms.