Web services-based, service-oriented architecture (SOA) environment has opened up a whole new world of opportunities for enterprise security.
An identity-enabled SOA facilitates the establishment of a trust relationship among the three entities by providing a mechanism to resolve identities across organizational boundaries. It also supports comprehensive, end-to-end auditing of transactions not only between entities, but also among each of the entities like physical and IT security systems. Physical and IT security convergence is no longer a concept; it is a reality and a vital necessity not only for reducing systems integration and implementation costs, but also for improving overall enterprise security management.
There are many reasons for using a Web services-based SOA approach for supporting systems integration. Web services-based SOA utilizes platform-independent programming, languages and protocols like Extensible Markup Language (XML), Web Services Description Language (WSDL), and Hyper Text Transfer Protocol (HTTP). WSDL is the standard format for describing a Web service.
An increasing number of physical security systems like the video surveillance system are migrating to the enterprise network. However, there is still a wide range of physical and IT security systems that are based on non-interoperable software applications.
While IP network-centric convergence has brought voice, data and video together on the same network, the Web services-based SOA approach has brought about the convergence of physical and IT security systems by enabling systems integration at the application-level. The Web services-based SOA approach to physical and IT security systems integration provides a level of flexibility that was previously impossible and has many advantages over previous approaches. The key benefits of this approach, however, are code reusability, application-level interoperability, enablement of seamless information exchange and simpler systems integration.
The primary objective of the Web services-based SOA is to provide an interoperable framework for integrating loosely coupled software components associated with location-independent, back-end applications distributed over an enterprise network infrastructure. The Web services-based SOA approach reduces the dependency on proprietary components. It also reduces costs for implementing new systems and applications by facilitating the reuse of existing solution components.
Using the Web services-based SOA approach for integrating disparate, mission-critical systems and applications also significantly reduces monitoring, security event management and incident tracking costs. Physical security systems, such as IP network-based, digital video surveillance systems and intelligent video management systems are also beginning to use Web services to interface with other security systems, such as alarm management systems, smart sensor-based systems, such as perimeter security systems and gunshot detection system, explosives detection system, as well as, physical access control system. This integration enables the creation of an overall enterprise security solution that is responsive and fully capable of intercepting potential security threats and effectively tracking events that occur. A good example of the business benefit of such integration is monitoring the physical movements of personnel and environmental conditions within a data center.
The Web services-based SOA approach can be used for integrating smart sensor-based, data center environment monitoring system as well as digital video surveillance and intelligent video management systems with a mail server. This can help in sending e-mail and paging alerts regarding potential problems such as unusual movement of personnel, or problems discovered in temperature, air flow and other environmental conditions, over the enterprise network to key personnel who are responsible for managing physical and IT security. Since the messages are sent only when there is a potential threat, this can also help in reducing the monitoring and incident tracking costs.