Motorola Secures Web Services

Every new technology poses new security risks--networks made Internet worms possible, and E-mail proved to be the "killer app" for delivering viruses. Web services will be no exception.

With that in mind, Motorola Inc. has turned to Web-services security startup Forum Systems Inc. as it morphs hundreds of IT processes into Web services. Motorola is deploying Forum's Sentry Web Services Security Gateway to provide secure transactions and authentication.

Motorola also is using Forum's XWall Web Services Firewall, which works much the same way as traditional application firewalls, albeit specifically for Web-service transactions. "It's helping us manage those operational requirements in a way that's optimized for the Web-services architecture. We don't have to worry about the regular firewall not having that [capability]," says William Boni, VP and chief information security officer at Motorola.

Cyberthreats are changing, so it's more critical than ever to secure IT initiatives from the start, Boni says. "We're talking about significant customer and consumer information, things that can have a real financial impact. All of that could be at risk if you don't put the right safeguards in place."

The modular nature of Web services presents a security challenge, says Pete Lindstrom, research director at Spire Security. The risks include hackers placing malicious content within messages or infiltrating back-end systems through misconfigured applications. Says Toby Redshaw, Motorola's VP and director of IT strategy, architecture, and E-business, "You have to absolutely build in the security up front."

Motorola is adopting Web services to add efficiency. "How many times should code be written to authorize credit-card payments online?" Redshaw says. "If we can take 50 processes and turn them into one that can be reproduced, that's a powerful thing."

That promise, however, can only be realized if the approach remains secure. Says Redshaw, "The quickest way for me to kill the momentum around moving this company to a service-oriented architecture would be to have some failures on the security front."