November 14th, 2011

New White Paper: A How-to Guide to OAuth & API Security

Written by

OAuth White PaperOAuth is becoming an increasingly important aspect of API security. For organizations that want to make their services available across the whole range of social media platforms and mobile devices, OAuth represents an essential tool for enabling user access and protecting user privacy. But it’s still an emerging technology that is, for the most part, quite poorly understood. What is more, actually implementing OAuth can be something of a challenge.

Our new white paper, A How-to Guide to OAuth & API Security, provides practical information and actionable advice on:

  • What OAuth is and how it fits into a complete API security solution
  • Why implementing OAuth can be a complex matter
  • How you can make OAuth implementation simple for your organization

There are two very important lessons you’ll take away from this white paper. First, OAuth is emerging as a cornerstone of secure API publishing and enterprises will need to get to grips with it if they’re serious about protecting customers’ private data.  Second, OAuth is not the be-all-and-end-all of API security. A complete, enterprise-grade API security solution will also have to deliver functionality for auditing, threat detection and so on.

To find out more, download A How-to Guide to OAuth & API Security.

November 11th, 2011

FROM THE VAULT: Webinar – Extending Enterprise Security into the Cloud presented with The 451 Group

CA World - CSA CongressNext week, Layer 7 will be exhibiting at a couple of events, both of which have a strong Cloud security focus. Between November 13 and 16, we’ll be in Las Vegas for CA World, where we’ll be setting up shop in the Cloud Section and the Security Section. On November 16 and 17, we’ll be at the Cloud Security Alliance Congress in Orlando.

With these Cloud security-focused events just around the corner, it seems like a good time to mention our archived webinar Extending Enterprise Security into the Cloud. Presented with The 451 Group, this webinar explored ways for enterprises to extend existing security investments into the Cloud without incurring significant costs or creating additional IT complexity.

Presentations from Layer 7 CTO Scott Morrison and 451 Group Security Analyst Steve Coplan, delved into how enterprises can leverage the identity, privacy and threat-protection technologies they already own to facilitate the secure adoption of SaaS, IaaS and other Cloud-based technologies.

You can read more about the webinar in our Resource Library or simply watch the recording in the player below, courtesy of the Layer 7 YouTube Channel.

And if you happen to be attending either CA World or the CSA Congress, stop by and say “hi”. CA World attendees can find us at Partner Pedestal 261A in the Cloud Section and Partner Pedestal 338B in the Security Section. For the CSA conference we’ll be at table 10. Hope to see you there!

November 9th, 2011

New API Resources: API Management for Content Publishers Solution Brief & API Gateways for vCloud White Paper

Layer API ResourcesRight now, the API is at the center of an incredible amount of technological innovation. Across the Web, through the Cloud and onto your mobile device, APIs power all manner of app-building, integration and virtualization initiatives. For individual users and large enterprises alike, APIs are helping us all make good use of an increasingly diverse range of technological options.

We’ve just added two new pieces of API-related content to our Resource Library: a solution brief called API Management for Content Providers and a white paper called Using Layer 7’s API Gateway for vCloud Architectures. The solution brief explores how content providers can utilize innovative distribution methods while keeping customer account data secure and controlling how content is shared. The white paper explains how vCloud APIs can be used to securely facilitate automation and management of application infrastructure in the Cloud.

The topics covered by these documents are, in many ways, quite different. There’s a common thread here, though. Today’s enterprises need ways to secure and manage their APIs, whether these APIs are used to deliver TV shows to mobile devices or to manage enterprise applications run in the Cloud. In either case, we’re here to help!

November 4th, 2011

FROM THE VAULT: White Paper – Identity Federation in Web Services

Identity FederationThis week’s pick from the Layer 7 Resource Library archive addresses two issues that are critical to our technologies: Web services and identity federation. One of Layer 7’s ongoing goals is to help companies realize the value Web services offer to the enterprise – and identity federation is one of the keys to Web services success.

Our white paper Identity Federation in Web Services explains exactly why federation is such an issue with Web services. It explores federation problems commonly associated with reusing application logic across diverse business processes that traverse multiple security domains with independent preferences, capabilities and requirements.

It also outlines the requirements for a solution that will simply, effectively and securely bridge application identities across security domains. Our experience with customers – along with the fact that this has consistently been one of our most downloaded resources – continues to reinforce our belief in the value this type of solution offers to today’s extended enterprise

Read the white paper: Identity Federation in Web Services >>

November 1st, 2011

Upcoming Webinar: How to Secure & Govern Integrations Between the Enterprise & the Cloud – A Best Buy Case Study featuring Amazon Web Services

Best Buy - Amazon Web ServicesWe know a lot of you get a great deal of value from our webinars, so we’re very pleased to announce that we’ve got a new one coming up on November 17th. Featuring input from Amazon Web Services, How to Secure & Govern Integrations Between the Enterprise & the Cloud will use the example of Best Buy’s API Developer Portal to demonstrate how an enterprise can securely integrate on-premise systems with Cloud applications.

The Best Buy API Developer portal is a superb example of how a large enterprise can leverage a hybrid on-premise/Cloud solution to scale API assets and accommodate peaks in demand, without compromising security or governance. The folks at Best Buy have been able to move into the Cloud while retaining full control of what information is shared with Cloud applications. At the same time, they’ve managed to insulate developers from the security, management and mediation challenges that often turn up with a hybrid Cloud solution.

How to Secure & Govern Integrations Between the Enterprise & the Cloud is happening on Thursday 17th November at 9am PST (which is noon EST and 5pm GMT). As with all our webinars, it will last about an hour and feature a Q&A session at the end. We had an absolutely phenomenal response to our last webinar, so we’re excited to be putting on this event with our friends at Amazon Web Services and Best Buy.

Register for the webinar >>