With the advent of mashups, innovative developers all over the enterprise are seeking new ways to leverage the value of corporate information through the use of external Web applications, APIs, or services. Although the thought of this adventure has sent many corporate security specialists running behind their firewalls, mashups are here to stay. Indeed, they have strategic value for many enterprises, so you'd better figure out how to live with them.
The risks, however, are real. When multiple data sources and services live inside and outside the firewall, mashed into Web apps, vulnerabilities may emerge. So, what are those potential holes and how should you plug them? First you need to understand how the various types of mashups work and then create a strategy to apply appropriate security for creating and maintaining mashups.
Here's how to deal with the risks around mashups -- and how your enterprise can have its cake and eat it too.
Mashups seen and unseen
Although enterprise mashups (and the problems they inherently create) are new, solution patterns are already emerging. Broadly speaking, there are two types of mashups: presentation-centric and data-centric. Each has a different set of security issues.
The Google Maps variety of mashup typifies the presentation-centric type. In many instances they are dashboards, portals, or reduced-size data displays for mobile devices. The formula is simple: Take two or more different resources and create something that is more useful than the sum of its parts. It's easy to see the value because it's right there on the screen in front of you.
Presentation-centric mashups are already infiltrating the enterprise with or without the knowledge of IT. A typical example: customer information mashed together with Google Maps in support of a delivery schedule application that maps customer addresses, creates routes, and even examines traffic to expedite deliveries.
While clearly a valuable application, important customer information is in play. Steps can be taken to make sure the information remains behind the firewall. But in many instances, the information has to be transmitted to the Web application over the Internet, and therein lies the problem.
Data-centric mashups, on the other hand, combine two or more services to create an integration point that serves a true business process. They may operate behind the scenes and never appear on screen, at least not directly, but they are mashups nonetheless. This is actually lightweight XML integration and may involve all manner of vital information, depending on what's exposed or available. Data-centric mashups present the greatest security challenges because they have the potential to do the most harm. Indeed, megabytes of valuable customer or financial data could be compromised in just a few seconds if a rogue data-centric mashup is created.
Transmitting private information outside the firewall without encryption or other security measures invites disaster. For instance, leveraging an Internet-based service to calculate the risk of a financial trade is certainly a valuable thing to mashup with existing trade information on the corporate mainframe. But flowing that trade information through that Internet-hosted service opens a big, fat vulnerability.
Five mashup security strategies
To get the most from an enterprise mashup, you need to strike a balance between the value of the mashup and the need for security. There are several security approaches to take: policy level, data access level, service access level, screen access level, and identity management.
Policy level security refers to design-time policies and procedures. The policy-level approach typically doesn't deal with the underlying technology, nor security tools and technology, but addresses security threats through rules, governance, procedures, and education. There are legal issues here as well: Sarbanes-Oxley compliance, for example, or the use of published polices that could protect corporate assets and provide a means to fire employees who violate those policies.