Security comparison: WebSphere, Tomcat, JBoss, WebLogic


Authors: Walt Noffsinger (IBM) and Bill O’Donnell (IBM)

Remember “back in the day” when securing your data meant locking the data center door? Ongoing, high profile data breaches are a continuing reminder that those days are long gone and that ensuring security for sensitive data is an increasing challenge. In fact, a May 2015 Ponemon Institute study, shows that the costs of a data breach are quite staggering. According to the study, the average (remember this is the average) cost of a data breach is $3.79 million and this has increased 23% in just the last two years. Threats come from everywhere (including within organizations) and your role typically drives your perspective on how to prepare.

Developers love the freedom of grabbing open source projects and cobbling together awesome new user experiences. They are often not as concerned about who might try and how that app might get hacked. IT Managers love a locked down infrastructure that has demonstrated rock-solid performance. Such a locked down world can seriously hurt innovation and creativity. The CxO is focused on innovating and beating competition, but knows one overlooked detail could cost the company millions ins losses not to mention the PR damage that can be inflicted in minutes when word of a data breach goes viral.

So, what is the optimum strategy? How do you deal with the challenges of continuous application delivery when hackers are constantly improving their skills? Well – – one way is to look closely at the infrastructure supporting your applications. What infrastructure provides the most security and reliability? What is the best approach for freedom of choice, structure when needed and assurance of the least risk and greatest longevity?

The fact is that IBM WebSphere Application Server has been the industry leader for security capabilities over the last 17 years and continues that tradition. Our unique differentiation is constant assurance that our app server evolves to meet changing vulnerabilities. The WebSphere team has accumulated over 17 years (100’s of thousands of developer hours) of experience implementing security at multiple layers and has led the way in delivering support for government and other security protocols. And we continue to lead in implementing the latest accreditations (including O-TTPS and FIPS). This has led to significantly more built in security elements than any open source alternative available today and in fact, it would take $50-100m in investment for some of the open source app server competitors to implement anywhere near the level of security components already built into WAS. We’ve also architected a new approach with WAS Liberty that allows easy integration of just the security elements you need. What this boils down to is the fact that WAS and WAS Liberty allow developers to focus on application innovation instead of worrying about security vulnerabilities.

Let’s demonstrate our leadership in two specific areas (OpenID Connect and O-TTPS) that other app servers haven’t delivered yet and why these are critical for your applications.

OpenID Connect is a new emerging security standard design specifically to connect cloud and mobile centric applications into existing enterprise infrastructure in a secure manner. WAS Security Container can either be configured to participate in an OpenID Connect ecosystem or via a dedicated instance (WAS Liberty) that can be configured to extend security services to cloud or Mobile centric applications running on or off the WAS Container.

O-TTPS (Open Trusted Technology Provider Standard) is a new Secure Engineering best practices standard focused on certifying that a specific vendor software solution is following proper secure coding and processes. The standard focuses on all phases of the product’s life cycle which include design, sourcing, building, fulfillment, distributions, and sustainment, thus enhancing the integrity of the product security.

We will continue writing over the coming weeks to clearly demonstrate why WebSphere Application Server leads the world in ensuring applications have the best chance at preventing security vulnerabilities.

security websphere liberty jboss tomcat

Categories: Technology

Tags: , , , , , , ,

2 replies


  1. WebSphere Liberty makes it easier to build OpenID Connect security services – IBM Advantage Blog
  2. The state of WebSphere Application Server business – IBM Advantage Blog

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: