Multi-Cloud Blog

SOA Security Best Practices

BMC Software
3 minute read
BMC Software

In an era where security breaches are as common as apple pie and backyard baseball, all the talk surrounds keeping networks and systems secure. In an SOA environment, security is just as important, though it looks a little different than security in other architectures. Aside from the obvious purpose of SOA security (keeping systems safe from attack), there is a side benefit: the ability to identify the services that are most and least used, which is truly valuable information in the SOA environment. Here are the best practices to follow when securing your SOA infrastructure.

Determine Your Goals and Strategies

You won’t arrive at the right place if you don’t start on the right road. Sit down and flesh out what your goals and strategies will look like before implementing anything.

The inevitable goal of security has to be broken down into clearly defined parts. That means identifying the threats most likely to affect your infrastructure and setting out specific strategies (including the deployment of tools and products) to thwart these particular threats. Be as specific as possible.

Determine Your Policies and Procedures

With your goals and strategies in mind, develop policies (such as, what traffic will be allowed, what the policies for accessing a specific service will be, etc.) and then set out specific procedures for enabling activities according to sound policy. It is important to note that policies have to be established and followed from the top down. In other words, it’s not okay to have a policy that doesn’t apply equally to executives and to other workers. While some workers may have access to services that others do not, there has to be a clear means of authorizing access that everyone has to follow.

Set Up Governance Mechanisms

What mechanisms will you put into place to assure that security policies are followed? There are good monitoring tools that allow IT to see what is being accessed, by whom, and when. These tools give you great visibility into the environment’s security, but also serve as a means to track high-use and low-use services. This gives IT the opportunity to provide more popular services and to identify why some services are not well utilized. Do they not serve their intended purpose? Is there simply not enough demand for them? Is there another solution that users find easier or more practical to use? All of this is valuable information in addition to providing great security for the environment.

Continue to Analyze and Improve Your Processes

What’s working? What isn’t? What new threat needs to be addressed before it becomes an issue? The key to a secure SOA environment is continual monitoring, adjusting, and improvement.

Unfortunately, SOA security is not a one-and-done deal. It requires adjustments over time as certain policies and procedures need to be tweaked and updated. Establish metrics that can be used to determine what’s working optimally and what needs to be adjusted. Also, keep up with the latest SOA security threats and develop a means to set up and deploy solutions to new threats as they come around. The proactive IT department is the one who won’t spend 2016 auditing SOA security breaches.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

BMC Software

BMC Software

BMC delivers software, services, and expertise to help more than 10,000 customers, including 84% of the Forbes Global 100, meet escalating digital demands and maximize IT innovation. From mainframe to mobile to multi-cloud and beyond, our solutions empower enterprises of every size and industry to run and reinvent their businesses with efficiency, security, and momentum for the future.