Recent news stories about the rise in hacker attacks on businesses and government institutions have signaled alarms throughout the cyberworld that current security measures do not go far enough in protecting critical business processes that utilize web technology from attacks where security constructs are underwhelming or absent- the business process interconnectivity applications that act as the glue that connect and move data from one web application to another. In fact, the recent news has come as no surprise to Evans Resource Group (ERG) as we have found that over 90% of the testing we have performed on this critical part of any e-commerce organization has failed to achieve basic security levels.

At ERG, we specialize in BPIC (Business Process Interconnectivity Security which is also referred to as SOA or Service-Oriented Architecture), Enterprise Service Bus (ESB) and gateway technology security with a focused expertise in IBM® WebSphere® environments. We have created an end-to-end BPIC security solution, in conjunction with IBM, that will help you identify risk and vulnerabilities across your critical BPIC infrastructures and provide you with clear, insightful, actionable optimizations to safeguard and protect your critical business assets.

Our complete portfolio of consulting offerings and software solutions span the full information technology lifecycle for SOA and BPIC and provide data security testing and optimization for IT governance of the Payment Card Industry Data Security Standard (PCI-DSS), European Union Data Directive 95/46/EC, Health Insurance Portability and Accountability Act (HIPAA), Sarbanes–Oxley Act, Basel II Accord, Federal Information Security Management Act (FISMA) and Gramm-Leach-Bliley Act (GLBA). We are the experts in data security compliance by industry guidelines and country regulations providing unequivocal insight into best practices for business process interconnectivity security.

IBM Infrastructure Security Services - Express Penetration Testing Services

Evans Resource Group’s WebSphere Interconnectivity Software Oriented Architecture (SOA) Penetration Tests evaluate the security of an organization’s WebSphere MQ and ESB that use WebSphere MQ and ESB for their software oriented architectures against security best practice criteria. By simulating real-world, application–level attacks, the tests provide insight into the ability of an organization’s application to resist attacks from unauthorized users and to help prevent misuse by valid users.

Interconnectivity is the technology utilized to move, transform and deliver the data to their intended destinations within the network, what we refer to as atomic components of the network. Interconnectivity vulnerabilities are critical to remediate due to the nature of what the application does, moving, connecting and transforming data between systems and business partners. Enterprise interconnectivity is used in every industry across business to business (B2B) and gateways that act as a hub for business applications and databases to communicate both externally and internally, sending strings of transactions, data and other critical business information across and through networks. Cyber risk becomes cyber liability when it is not secured properly by a business partner.

New ERG Whitepaper on Achieving PCI DSS, SOX and HIPAA SOA Compliance Now Available