Register for Burton Group Catalyst 2006
Burton Group Catalyst Conference Burton Group Catalyst Conference 2006 - San Francisco June 12-14

FRIDAY JULY 15, 2005

Application Security: Aligning Developer Needs and Security Imperatives
Cross-Cutting Concern: Building the Virtual Enterprise: Secure Networks, Secure Applications
Network Security: Aligning Security Policy and Network Operations
<< Return to 2005 Archive Index

Application Security: Aligning Developer Needs and Security Imperatives

The Web services framework enables composite applications that leverage service-oriented architecture (SOA) design practices, creating more cost-effective distributed architectures. As enterprises adopt SOA, they open their systems, enabling greater agility and easier integration. But enterprise architects must also protect these systems from intentional or inadvertent threats. These security concerns have stymied SOA and Web services implementation for many enterprises. And whether it's a new generation of applications based on Web services, or legacy applications, application security is one of the toughest problems enterprises face.

Security is more than just a protocol or product. It requires a comprehensive approach that spans technologies, design practices, development teams, and business processes. Security must be a conscious goal, starting with design and development and running through run-time policies, procedures, and processes. But how can enterprises manage security end-to-end? For developers, the separation of concerns makes development more efficient by letting developers with the appropriate expertise implement specific functions that many applications can re-use. But that separation of concerns also presents thorny problems when it comes to security. How much security expertise should developers have? How re-usable are security services? Just how secure are re-usable security services? To what degree can re-usable security and identity management services free developers to focus on the business problem instead of security? When so many applications and infrastructure components are reused, where is the accountability?

During the Application Security session, seasoned experts from Burton Group's application, identity, and security practices will come together to discuss the best practices that enable developers to build secure applications. This session will cover long-term trends and issues related to Web services security, with special attention to the WS-Security specification and real-world implementation considerations. We'll discuss the difference between understanding how to build security services (which is the job of the security architect), and understanding how to use security services well and wisely in an application (which is the job of the developer).

Through our focus on these and other topics, you'll gain a better understanding of how these emerging technologies will affect your environment within the next three years, enabling you to make better decisions.

Topics include:

  • A Systematic Approach to Application Security
    • Bringing information security staff, architects, and developers together to enhance application security
    • How to determine application security risks, policies, practices, and requirements
    • How tools and governance policies can enable secure applications, from design through deployment and run-time
  • Security in an SOA World
    • How to build security into SOAs
    • Web services security standards update and status of adoption and interoperability
    • How existing application frameworks support security standards and services

TOP

Cross-Cutting Concern Sessions

Building the Virtual Enterprise: Secure Networks, Secure Applications

In the virtual world of the networked enterprise, the complex issues facing IT managers transcend organizational, product, and architectural boundaries. Crucial infrastructure technologies like security and identity management constitute "cross-cutting concerns," impacting multiple aspects of both IT architecture and the business. To help IT architects deal with that reality, the third day of Catalyst Conference will be devoted to Cross-Cutting Concerns - which brings together the technologies we cover in the APS, IdPS, NTS, and SRMS tracks. We'll re-orient our discussions by looking not only at how these technologies relate to each other, but at how enterprises can take an integrated approach to solving tough problems that transcend organizational and architectural boundaries.

Cross-Cutting Sessions will take place simultaneously on the last day of the conference. These sessions will focus on a holistic view of two of the biggest issues facing enterprise IT architects: application and network security. Practitioners from different enterprise IT departments will come together to discuss requirements, solutions, and future directions for the essential infrastructure technologies covered in the first two days of the conference. These sessions present a unique opportunity to communicate and build consensus across IT departments, and establish common goals and taxonomies. By focusing on these Cross-Cutting Concerns, Catalyst Conference will also enable a common context for discussing and understanding issues that enterprises must address to ensure that their networks meet business objectives without exposing the organization to undue risk.

Burton Group analysts, customer cases studies, and select vendor presentations will demonstrate how enterprises can effectively use identity and security infrastructure technologies to solve real-world enterprise problems. You'll come away from this session with actionable advice that your organization can factor into its plans.

TOP

Network Security: Aligning Security Policy and Network Operations

Traditional approaches to network security leverage identity and application-level information to make better security decisions. Location-aware perimeters are supplementing internal gateways and switches that require a combination of device and user identity information when making decisions to grant access to protected network services and applications. But as organizations divide responsibility for security and network management, conflicts between these two functions become a common problem.

In addition to these internal management issues, external problems are growing exponentially, in terms of not only the threats they pose, but the effort necessary to combat them. Mobile devices that access services from both within and outside the perimeter present new challenges to network and security architects, for example. Further compounding the problem, spam represents a substantial drain on network resources and is a common method for propagating viruses, worms, phishing, and other attacks. To limit the damage that can result when a virus or worm compromises an endpoint system, enterprises are beginning to deploy systems that monitor endpoints for compliance with mandated security practices, and enforce remediation for non-compliant systems.

The Network Security session will bring together top analysts and consultants from Burton Group's network, identity, and security services that focuses on how enterprises can leverage identity management and other security technologies to build secure enterprise networks. The sessions will discuss network security requirements, and how identity management and security architecture will meet those requirements, now and in the future. Network architects, security architects, and identity management specialists will collaborate, discussing how their respective pieces of the puzzle can combine to create more effective enterprise network architectures. A combination of Burton Group analyst, customer, and vendor experts will explore network security challenges, technologies, and architecture strategies that work to improve the security of enterprise networks.

Topics include:

  • Governance
    • How risk and audit relate to network security
    • Strategies for reducing friction between network and security organizations
    • Overlap between security architecture and network architecture
  • Identity-Based Networking
    • 802.1X
    • User and role-based network security
    • Identity-based monitoring and enforcement
  • Security and Network Perspectives on Spam
    • Challenges, threats, and technical approaches
  • Mobile Security
    • Device security
    • Technologies to protect data at rest and in transit
  • Location-Based Security
    • Using physical location as a third access credential
    • Location as a dynamic provisioning element

TOP

< Back to Catalyst Conference North America 2005 Archive

 

 
Register by February 28, 2006 for best Early Bird pricing

CLICK HERE for details
 
Home | Terms of Use | Privacy Policy | Contact Us   ® 2006 Burton Group, All rights reserved