May 18th, 2012

From the Vault: The Tech Talk Tuesday Archive

Layer 7 Tech Talk Tuesday ArchiveA few months back, Layer 7 launched Tech Talk Tuesday, a series of interactive developer meet-ups focusing on all things API, broadcast through the company’s Facebook and Livestream pages. We know it’s not always easy to catch a live event like Tech Talk Tuesday, so we’ve also been making recordings of the sessions available in the Videos section of our Resource Library.

We have some pretty exciting things planned for upcoming Tech Talks. The next regular Tech Talk will be a discussion of “Swagger, WADL & API ‘Scriptions” on May 29. You can click here to add it to your calendar. We’re also planning to stream a very special Tech Talk from the upcoming Glue Conference. Watch this space for more details.

For all the latest Tech Talk news – as well as quick-and-easy access to archived broadcasts – you can visit the Tech Talk Tuesday page on our Web site.

May 15th, 2012

APIs, Cloud & Identity Tour 2012: Three Cities, Two Talks, Two Panels & a Catalyst

Scott Morrison on Tour 2012On May 15-16 2012, I will be at the Privacy Identity Innovation (pii2012) conference held at the Bell Harbour International Conference Center in Seattle. I will be participating in a panel moderated by Eve Maler from Forrester Research, Inc., titled Privacy, Zero Trust & the API Economy. It will take place at 2:55pm on Tuesday May 15:

“The Facebook Connect model is real, it’s powerful and now it’s everywhere. Large volumes of accurate information about individuals can now flow easily through user-authorized API calls. Zero Trust requires initial perfect distrust between disparate networked systems but are we encouraging users to add back too much trust, too readily? What are the ways this new model can be used for ‘good’ and ‘evil’ and how can we mitigate the risks?”

On Thursday May 17 at 9am PDT, I will be delivering a webinar on API identity technologies, once again with Eve Maler from Forrester. We are going to talk about the idea of zero trust with APIs, an important stance to adopt as we approach what Eve often calls “the coming identity singularity” – that is, the time when identity technologies and standards will finally line up with real and immediate need in the industry. Here is the abstract for this webinar:

Identity, Access & Privacy in the New Hybrid Enterprise: Making Sense of OAuth, OpenID Connect & UMA
In the new hybrid enterprise, organizations need to manage business functions that flow across their domain boundaries in all directions: partners accessing internal applications; employees using mobile devices; internal developers mashing up Cloud services; internal business owners working with third-party app developers.

Integration increasingly happens via APIs and native apps, not browsers. Zero trust is the new starting point for security and access control and it demands Internet scale and technical simplicity – requirements the go-to Web services solutions of the past decade, like SAML and WS-Trust, struggle to solve.

This webinar from Layer 7 Technologies, featuring special guest Eve Maler of Forrester Research, Inc., will:

  • Discuss emerging trends for access control inside the enterprise
  • Provide a blueprint for understanding adoption considerations

You will learn:

  • Why access control is evolving to support mobile, Cloud and API-based interactions
  • How the new standards (OAuth, OpenID Connect and UMA) compare to technologies like SAML
  • How to implement OAuth and OpenID Connect, based on case study examples”

You can sign up for this webinar at the Layer 7 Technologies Web site.

Next week, I’m off to Dublin to participate in TMForum Management World 2012. I wrote earlier about the defense catalyst Layer 7 is participating in that explores the problem of how to manage Clouds in the face of developing physical threats. If you are at the show, you must drop by the Forumville section on the show floor and have a look. The project results are very encouraging.

I’m also doing a presentation and participating in a panel. The presentation title is API Management: What Defense & Service Providers Need to Know. Here is the abstract:

“APIs promise to revolutionize the integration of mobile devices, on-premise computing and the Cloud. They are the secret sauce that allows developers to bring any systems together quickly and efficiently. Within a few years, every service provider will need a dedicated API group responsible for management, promotion and even monetization of this important new channel to market. And in the defense arena, where agile integration is an absolute necessity, APIs cannot be overlooked.

In this talk, you will learn:

  • Why APIs are revolutionizing Internet communications
  • Why this is an important opportunity for you
  • How you can successfully manage an API program
  • Why developer outreach matters
  • What tools and technologies you must put in place”

This talk will take place at the Dublin Conference Centre on Wednesday May 23 at 11:30am.

The panel, organized by my friend Nava Levy from Cvidya, is titled Cloud Adoption – Resolving the Trust vs. Uptake paradox: Understanding & Addressing Customers’ Security & Data Portability Concerns to Drive Uptake.

Here is the panel abstract:

“As Cloud services continue to grow five times faster vs. traditional IT, it seems that concerns re security and data portability are also on the rise. In this session, we will explain the roots of this paradox and the opportunities that arise from resolving these trust issues. By examining the different approaches other Cloud providers utilize to address these issues, we will see how service providers, by properly understanding and addressing these concerns, can use trust concerns as a competitive advantage against many Cloud providers who don’t have the carrier-grade trust as one of their core competencies. We will see that, by addressing fraud, security, data portability and governance risks heads on, not only will the uptake of Cloud services rise to include mainstream customers and conservative verticals but also the type of data and processes that will migrate to the Cloud will become more critical to the customers.”

The panel is on Thursday May 24 at 9:50am.

May 15th, 2012

API-Aware Traffic Management

Cloud ExpoAs I mentioned in my last blog post, the promise of cost reduction is compelling many enterprises to move their workloads into the Cloud but many IT leaders are reluctant to do so, for fear of compromising the security and availability of their services. These concerns are well-founded but the benefits of Cloud are too great to ignore. To obtain these benefits, companies must adopt techniques that protect against the attendant risks, without compromise.

Many people are familiar with Layer 7’s industry-leading security functionality, so it’s no surprise that I’d recommend using our Gateway technology to protect connections from on-premise infrastructure to off-premise Cloud services. The flexibility of deployment options we offer makes it possible to create a network of secure on- and off-premise endpoints to meet the most stringent requirements. This covers security but what about availability?

People seem to be less familiar with Layer 7’s routing capabilities. Our Gateway technology is optimized to perform flexible, content-based routing with negligible impact on overall transaction times. In the context of the Cloud, this means that traffic proxied by a Layer 7 Gateway can be re-directed using intelligent algorithms and even dynamic, state-based awareness. This routing capability, which I call “API-aware traffic management”, brings huge benefits in ensuring availability when connecting to multiple API instances – on-premise, off-premise, in multiple Clouds… anywhere on the hybrid network.

I’ll be discussing this topic in detail at the upcoming Cloud Expo 2012, June 11-14 in New York City. This promises to be a great event, so I hope you can make it and attend my discussion!

May 11th, 2012

Tech Talk Tuesday: API Monetization

Written by
Category API, Tech Talks
 

Layer 7 Elastic Path Tech TalkIt’s almost time for another Layer 7 Technologies Tech Talk. This coming Tuesday, Layer 7’s own Matt McLarty will be joined by guest David Chiu from leading ecommerce vendor Elastic Path Software to discuss API monetization. We’re excited to have our friends from Elastic Path involved and this seems set to be a great Tech Talk – so get your questions ready!

API monetization comes in the form of two very distinct opportunities. First, companies like Elastic Path are creating new revenue opportunities for themselves by opening up their information assets via APIs. Second, some companies are charging third-parties for the use of particularly valuable APIs, creating even more revenue opportunities.

To learn more and throw some questions at our API monetization experts, just visit the Layer 7 Facebook page at noon EDT on May 15 and click the Livestream icon. If you don’t have Facebook, simply click here to watch directly through Livestream. You can submit questions on Facebook or through Twitter, using the hashtag #layer7live.

May 10th, 2012

Talking Mobile Strategy at the Forrester Forums

Forrester ForumsLast week Layer 7 sponsored Forrester’s CIO and Enterprise Architecture forums in Las Vegas. These were great conferences with various tracks covering such lofty concepts as “business strategy” and “innovation”. But the track that was getting everyone talking – and driving attendance at the Layer 7 booth – was about mobile strategy.

CIOs have started to recognize that – with BYOD gaining strength – mobile is coming to business, like it or not. The many CIOs who came by our booth all seemed determined to address the issue head-on. For some, this will mean developing apps in-house; for others, enabling third-party app developers. In either case, the key to success will be publishing secure, robust APIs.

Publishing mobile APIs raises various questions for CIOs. Some of the questions we heard in Vegas are external corollaries of challenges we’ve been solving for years (“How do I expose a REST API when my data is delivered via SOAP services?”) Others are completely new (“What happens when someone with our app on their personal smartphone leaves the company?”)

These issues also arose during an interesting session called “Navigating the Mobile Shift.” At this session, after some input from Forrester analysts, everyone split into groups for brainstorming on problems (and solutions) in specific categories. When each group presented its findings, security and governance questions were at the top of every list.

These forum participants aren’t from mom-and-pop startups – they’re with large enterprises that have serious security, governance, performance and scalability concerns. Helping enterprises address these concerns for API-based integrations is Layer 7’s core business, so we’ll be eagerly following future developments in enterprise mobile enablement and BYOD.