SOA Security and Compliance

Organizations must ensure SOA security and compliance to protect their reputation and bottom line. Yet many companies tightly couple policies to the services to which they apply, putting the IT teams responsible for services in charge of the related policies. This can lead to inconsistencies in policies and gaps in coverage, as well as high IT costs resulting from re-coding policies as services change and vice versa.

Centralized Management, Distributed Enforcement of SOA Security and Compliance

Progress® Actional® Enterprise separates the policy lifecycle and service lifecycle. It provides centralized creation and management of policies for SOA security and compliance, while ensuring distributed policy enforcement. As a result, security and compliance experts can author policies once and apply them across the service-oriented architecture (SOA), ensuring consistent policy enforcement while reducing risk and cost. While alternative approaches can only apply policies to services and operations, Actional applies policies to end-to-end processes wherever they flow. Once policies are applied, they dynamically adapt to changes in services, processes, and schema, and are seamlessly enforced without the time and cost of being re-coded or re-applied.

SOA Security and Compliance Features

Actional mediates the variety of SOA security and compliance requirements present in the extended enterprise. It provides flexible, standards-based support for authentication and authorization, and integrates with a broad range of identify management and single sign-on (SSO) technologies.  For compliance, e.g., with Sarbanes-Oxley, it records audit data to a relational database, where it is available to any audit tools.

Actional also applies policy to abstract information types, such as "personal identity" or "credit card details," providing consistent control over sensitive information in messages. And with Actional, organizations can enforce last-mile security by creating "trust zones" that prevent message traffic from reaching a service endpoint if it hasn't passed through a designated security enforcement point.

SOA Security: PCI Compliance

Actional can also help merchants and other companies that deal with credit card information comply with the Payment Card Industry Data Security Standard (PCI DSS) for providing a secure, traceable, and audit-ready environment. Key features include selectively auditing only specific message fields, so that the entire credit card number isn't stored and restricting access to cardholder data on a need-to-know basis.


You may also be interested in...


Related Topics

Management for Today's Interconnected Applications

Actional Enterprise
Manage interconnected applications for business transaction assurance from pre-production to runtime.

Actional Application Development 
Fix quality and validation issues in your SOA and service based applications before production.

Actional Diagnostics 
Accelerate Web service development, testing and validation with tools to improve service quality, performance, and compliance, and simplify time consuming XML-oriented tasks.

Actional for ESB Management 
Enhance ESB management to ensure reliable operations across your entire service-oriented architecture (SOA).

Why Runtime Governance Is Critical for Service-based Applications

Learn the details about Actional's comprehensive Web services governance solution, including the various kinds of Web services management, their importance, and how to get started.

Progress Worldwide Sites

Worldwide Offices Close
Sitemap Close
Sitemap Close
Sitemap Close
Sitemap Close
Sitemap Close
Sitemap Close