HP has adopted an Alcatel-Lucent web services security appliance, to help corporate developers build web services applications that comply with regulations such as Sarbanes-Oxley.

Service oriented architectures (SOA) use web services to link applications in corporations - but their ability to get information flowing more freely has created barriers, since it can conflict with regulations that require all information to be secured and tracked.

HP will be selling Alcatel-Lucent's OmniAccess 8550, a hardware appliance launched in December 2007 that acts as a web services gateway, securing access to content and monitoring for unauthorised transmission of XML-based traffic.

"With the 8550, SOA systems aren't just secure - they are regulation-grade," said Cliff Grossner, product manager in the Alcatel-Lucent Enterprise Security Group.

The 8550 has been integrated with HP's Systinet SOA management tool, and can defend networks based on the definition given by Systinet - which acts as a registry and depository for SOA applications. "The 8550 can download from Systinet the details of where the software is located and how it should be used," said Grossner. "Systinet is the depository for the rules, but the 8550 can now be the gateway that enforces them."

The 8550 supports SOA governance, and enforces policies set by software architects. Comparable products have been implemented in software, but the 8550 goes faster, and covers more features than hardware-based XML appliances, such as IBM's WebSphere DataPower appliances (bought in 2005). According to Grossner, the 8550 handles stateful policy inspection on thousands of transactions per second, said Grossner: "Other products can't handle runtime compliance."

Other partnerships will very likely follow, said Grossner, mentioning discussions with Accenture and Microsoft. "Scalable compliant business process automation has become a reality," he said.