February 7th, 2012

API Management – Infrastructure Versus SaaS

API Management - Infrastructure Versus SaaS

The Enterprise is buzzing with API initiatives these days. APIs not only serve mobile applications, they are increasingly redefining how the enterprise does B2B and integration in general. API management as a category follows different models. On one hand, certain technology vendors offer specialized infrastructure to handle the many aspects of API management. On the other, an increasing number of SaaS vendors offer a service which you subscribe to, providing a pre-installed, hosted, basic API management system. Hybrid models are emerging but that’s a topic for a future post.

Before opting for a pure SaaS-based API management solution, think about these key considerations:

The Cloud Advantage
One can realize the benefits of Cloud computing from an API management solution without losing the ability to control its underlying infrastructure. For example, IaaS solutions let you host your own API management infrastructure. Private Clouds are also ideal for hosting API management infrastructure and provide the added benefit of running "closer" to key enterprise IT assets. Through any of these SaaS alternatives, an API management infrastructure optimizes computing resource utilization. IaaS and private Cloud-based API management infrastructure also provide elasticity and can scale on demand. Look for an API management solution that offers a virtual appliance form factor to maximize the benefits of Cloud.

Return on Investment
The advantage of a lower initial investment from SaaS-delivered API management solutions quickly becomes irrelevant when the ongoing cost of a per-hit billing structure increases exponentially. With your own API management infrastructure in place, you can leverage an initial investment over as many APIs as you want to deliver, no matter how popular the APIs become. Many early adopters, which originally opted for the SaaS model, are currently making the switch to the infrastructure model in order to remedy a monthly cost that has grown to unmanageable levels. Unfortunately, such transitions are sometimes costing more than any initial costs savings.

Agility, Integration
SaaS solutions provide easy-to-use systems isolated in their own silos. This isolation from the rest of your enterprise IT assets creates a challenge when you attempt to integrate the API management solution with other key systems. Do you have an existing Web portal? How about existing identity, business intelligence or billing systems? If your API management solution is infrastructure-based, you have access to all the low-level controls and tooling that are required to integrate these systems together. Integrating your API management with existing identity infrastructure can be important to achieving runtime access control. Integrating with billing systems is crucial to monetizing your APIs. Feeding metrics from an API management infrastructure into an existing BI infrastructure provides better visibility.

Security
Depending on the audience for your APIs, various regulations and security standards may apply. Sensitive information traveling through a SaaS-based system is outside your control. Are any of your APIs potentially dealing with cardholder information? Does PCI-DSS certification matter? If so, a SaaS-based API management solution is likely to be problematic. In addition to the off-premise security issue, SaaS-based API management solutions offer limited security and access control options. For example, the ability to decide which versions of OAuth you choose to implement matters if you need to cater to a specific breed of developers.

Performance
Detours increase latency. By routing API traffic through a hosted system before it gets to the source of the data, you introduce detours. By contrast, if you architect an API management infrastructure in such a way that runtime controls happen in the direct path of transaction, you minimize latencies. For example, using the infrastructure approach, you can deploy everything in a DMZ. Also, by owning the infrastructure, you have complete control over the computing resources allocated to it.

I'll be touching upon some of these issues when I give a presentation called Enterprise Access Control Patterns for REST & Web APIs on March 2, at the RSA Conference in San Francisco.

February 6th, 2012

Bring Your Own Device? Bring It On!

iPad at Work With the popularity of iPads, iPhones and Android devices in the consumer world, employees are not waiting for IT departments to let them use their own mobile devices for work: they are using them en masse. A recent study showed that 67% of North American iPad owners are using their iPads at work and the numbers are similarly high around the globe. This “bring your own device” (BYOD) movement is forcing IT leaders to rethink their technology introduction processes, according to this recent InfoWorld article.

There is more at stake for these IT leaders than just making their colleagues happy. There are big opportunities to reduce cost and improve productivity for companies that embrace BYOD. As Nathan Clevenger describes in his fantastic book, iPad in the Enterprise, companies can gain these benefits rapidly by creating a mobile-friendly enterprise service layer to integrate with mobile apps. Still, there are obstacles.  The biggest concern in allowing personal devices on the enterprise network is, of course, security. In the managed desktop paradigm, workstations could be locked down and managed centrally by the IT organization but this corporate ownership model won’t work for BYOD environments, as users will not be willing to live with the risk of having Angry Birds deleted without their consent.

Fortunately, there is a new class of solution — Enterprise API Management — that allows secure BYOD mobile access to existing enterprise services. Please join my webinar this week where we will explore this topic in more detail.

February 3rd, 2012

Security in the Clouds: The IPT Swiss IT Challenge

Scott Morrison in GstaadProbably the best part of my job as CTO of Layer 7 Technologies is having the opportunity to spend time with our customers. They challenge my assumptions, push me for commitments and take me to task for any issues -  but they also flatter the whole Layer 7 team for the many things we do right as a company. And for every good idea I think I have, I probably get two or three great ones out of each and every meeting with the people who use SecureSpan to solve real problems on a daily basis.

All of that is good but I’ve learned that if you add skiing into the mix, it becomes even better. Layer 7 is fortunate to have an excellent partnership with IPT, a very successful IT services company out of Zug, Switzerland. Each year, IPT holds a customer meeting up in Gstaad, which I think surely gives them an unfair advantage over their competitors in countries less naturally blessed. I finally managed to draw the long straw in our company and was able to join my colleagues from IPT at their annual event this January.

Growing up in Vancouver, with Whistler practically looming in my backyard, I learned to ski early and ski well. Or so I thought, until I had to try to keep up with a crew of Swiss who surely were born with skis on their feet. But being challenged is always good and I can say the same for what I learned from my Swiss friends about technology and its impact on the local market.

The Swiss IT market is much more diverse than people from outside of it may think. Yes, there are the famous banks but it is also an interesting microcosm of the greater European market — albeit run with a natural attention to detail and extraordinary efficiency. It’s the different local challenges that shape technology needs and lead to different emphasis.

SOA and Web services are very mature and indeed are pushed to their limits but the API market is still in its very early stages. The informal, wild west character of RESTful services doesn’t seem to resonate in the corridors of power in Zurich. Cloud appears in patches but it is hampered by very real privacy concerns and this, of course, represents a great opportunity. Secure private Clouds are made for this place.

I always find Switzerland very compelling and difficult to leave. Perhaps it’s the miniscule drop of Swiss ancestry I can claim. But more likely it’s just that I think the Swiss have got this life thing all worked out.

Looking forward to going back.

February 3rd, 2012

New White Paper: Federated Identity & Single Sign-On Using Layer 7

Written by
 

Identity Federation White PaperIncreasingly, enterprise IT is characterized by SaaS, Cloud, SOA and all sorts of other technologies that bridge organizational boundaries and – consequently – identity domains. When users from various domains have diverse collections of credentials for systems spanning the extended enterprise and Cloud, management and security concerns inevitably arise.

Identity federation is the key to addressing these concerns. A lot of people assume identity federation is the same thing as Single Sign-On (SSO), where a single identity is used to authenticate a user across multiple services, applications and platforms. In fact, SSO is just one piece of the identity federation puzzle, albeit an important one.

Our new white paper, Federated Identity & Single Sign-On Using Layer 7, examines all the key pieces of this puzzle. It takes a detailed overview of the technologies that can be used to merge separate “identity silos” into a centralized, authoritative identity store (SAML, STS, OAuth etc.) It also explains how our products can be used to implement these technologies.

For more information, read Federated Identity & Single Sign-On Using Layer 7

February 1st, 2012

Layer 7 Technologies 2011: The Year in Review

Written by
 

Layer 7 TechnologiesThese are exciting times to be working with technologies like mobile and Cloud. In fact, here at Layer 7, 2011 was absolutely the most exciting year ever. Since this time last year, we’ve expanded our product range, been awarded groundbreaking security specifications, gained recognition from leading analyst firms and significantly expanded our customer base.

Specifically, some of the highlights of the year were:

As we expanded our product range to meet demand for API management, Cloud integration and mobile security, our customer base grew more than 40%, with notable new customers including Adobe, Best Buy, General Motors and MasterCard. At the same time, our staff grew by more than 70 percent – and we’re all looking forward to finding out what 2012 has in store!

For more information, read the press release:
Layer 7 Technologies Announces Record Revenue Growth in 2011