Dimitri Sirota

Dimitri Sirota

Dimitri Sirota is an accomplished entrepreneur and a pioneer in the security field. Prior to co-founding Layer 7 Technologies, Dimitri co-created the award-winning Virtual Private Network provider eTunnels Inc. Dimitri spearheaded its early marketing and business development activities, establishing eTunnels as a leader in secure connectivity for the extended enterprise. He has also worked in senior product marketing and channel development roles at AT&T and Telus. Dimitri holds a Bachelor of Science degree in Physics from McGill University and a Master of Science in Engineering Physics from the University of British Columbia.

October 15th, 2013

Three-Peat! Layer 7 Named a Gartner MQ Leader

Gartner/Layer 7Here at CA Layer 7, we’re thrilled to once again be recognized as a Gartner Magic Quadrant Leader. The recently-published Gartner Magic Quadrant for Application Services Governance, August 2013 report takes into account capabilities in both SOA Governance and API Management. As such, it represents Gartner’s acknowledgement of the sea change APIs have created in enterprise architecture.

The document provides a valuable market survey, which covers Layer 7 along with many of the other vendors in this area. We believe Layer 7’s third straight Leader’s recognition reflects a longstanding commitment to both innovation and customer success.

We believe this report provides further evidence that there is a growing awareness of the central role APIs are now playing in enterprise architecture, while also highlighting the importance of supporting SOA Governance for large organizations. We are providing complimentary access to the Magic Quadrant here. Enjoy!

Gartner, Magic Quadrant for Application Services Governance, Paolo Malinverno et al, August 8, 2013

  • Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
October 2nd, 2013

How APIs Grease the Data Wheels

Data MonetizationThis week, I’ve been attending and speaking at Data 2.0 in San Francisco, which is part of the API World Conference & Expo. Plainly, there is a connection between data and APIs.

As an API vendor, I would dearly like to believe the universe is embracing the API; giving it the proverbial uplifted thumb. And there’s no reason to think data doesn’t similarly “like” the API. APIs unlock value by making information available to both developers and applications – and there is plenty of value in data. Unlocking the value of data benefits everyone, especially the new data barons who own, aggregate or analyze the data. If data is the new oil, APIs are the pipelines and tankers (I guess making Hadoop the refiner).

But exposing data via APIs is not the full extent of the connection between data and APIs. The data landscape is getting reshaped by new found capabilities to store, mash, analyze and consume data. APIs provide the pathways for moving the data. But that leaves open the question of who regulates the pathways and the flow of data.

API delivery and management platforms like Layer 7′s represent one option for regulating the pathways and – if I may be so bold – perhaps the right way when data spans the Internet. If data sources, processors and destinations are distributed across the far-flung clouds, devices and apps that make-up the Internet, APIs provide the best way to interconnect the various data stores and actors. But then API delivery and management platforms are needed to govern that data flow.

API delivery and management platforms can simplify the ingestion of data from diverse stores spread out across the Internet. They can scrub, normalize and sanitize the data sets. They can simplify routing and federation across analysis and visualization tools. They can make data more consumable for developers, mobile apps, cloud services and even devices. And in the case of products like Layer 7, they can do this in a way that preserves privacy, integrity and general security.

Enterprises want to unlock value from their data oil. APIs provide the channels for getting the oil to the place where it can make the most difference. API delivery and management platforms ensure that the flow of data is both secure and managed – and always the right fit. As I described in my Data 2.0 talk earlier today, API delivery and management platforms can make the difference between being a data wildcatter and data baron.

September 19th, 2013

Did Apple Just Kill the Password?

Written by
 

Password KillerOn the surface, Apple’s recent iPhone 5S announcement seemed just that: all surface, no substance. But as many reviewers have pointed out, the true star of the new model may not be its shimmering gold sheen but instead the finger sensor built into its home button.

Using a fingerprint to prove you are who you claim to be is not new. But building it into a phone is. And as your mobile phone becomes your carrier of content (like photos), currency (like digital wallet) and identity (like keychain) as well as your route to all manner of digital services, proving who you are will become essential for mobile everything.

Before mobile, Web security rooted itself in the username/password paradigm. Your username and password defined the identity you used to authenticate yourself to PayPal, Amazon, Google, Facebook and everything in between. There are stronger ways to secure access to Web sites but written passwords predominate because they are personal and easy to type on a PC, where all Web pursuits took place – until the arrival of the smartphone, that is.

The smartphone and its similarly keyboard-deprived cousin, the tablet, increasingly represent the jumping off point for the Internet. Sometimes, it may start with a browser. Many times it begins with an app. In either case, passwords are no fun when you move to a mobile device. They are cumbersome to type and annoying when you have to type them repeatedly across multiple sites, services and apps. So, anything that diminishes the burden of typing passwords on a mobile device is a good thing.

Apple is not alone in identifying that end users want ways to eliminate passwords on mobile. Our company, CA Technologies, has a sizeable franchise in Single Sign-On (SSO) and strong authentication technologies, which – when applied to mobile – can significantly reduce the burden of recalling multiple passwords across different sites, apps and services. In fact, CA Layer 7 hosted a webinar on this very topic this morning. But what Apple has achieved is significant because it substitutes a highly-personalized biometric for a password. This has the power to streamline mobile commerce, mobile payments and every other kind of mobile-centered interaction or transaction.

Many commentators have rightfully pointed out that biometrics do not offer a panacea. If your fingerprint gets hacked, for instance, it’s hacked permanently. But there are easy ways of augmenting biometrics to make them stronger. Biometrics can be combined with over-the-air tokens like one-time password or supplemented with context-aware server-side challenges that increase their requirements based on risk. But it’s what they achieve when compared with the alternative that makes fingerprint readers so powerful.

The 5S simplifies authentication for the average user, which encourages security use and acceptance. It also eliminates bad mobile habits like using short, easily memorable, easy-to-type passwords that scream insecurity. Apple is not the first vendor to realize consumers don’t like passwords on mobile devices. But by bringing an alternative to the mass market, it is helping to draw attention to the need and the opportunity: killing the password may open mobile to a whole host of novel security-dependent Internet services.

August 2nd, 2013

Getting Mobile Mojo Through App Innovation: The Enterprise View

Mobile MojoAPIs first found their footing among consumer Web sites wanting to transform into platforms. APIs let Web sites foster developer communities that could build apps anchored to their services. Innovative apps would attract new users to the Web site, help keep existing users engaged and –with a little bit of luck – make some money.

APIs Engage Developers, Developers Build Apps, Apps Enable Innovation
This virtuous cycle of APIs and innovation does not have to be limited to consumer Web sites. Enterprises have countless data and application resources distributed across their datacenters. All of these could be opened to internal developers via APIs. Done right, this could drive development innovation. Internal programmers with access to diverse internal information resources could build more compelling mobile and cloud apps, in less time.

Centralize API Discovery Through a Directory
Enablement is the starting point for getting developers building better apps, faster. Apps need data and APIs provide the windows into data, both inside the enterprise and out in cloud. Finding the APIs that front the data sources which enrich mobile apps is no easy task. Back in the days of SOA, service directories emerged as the vehicle for helping developers find software service elements that could be reused and composed into diverse business processes.

An API portal can assume a similar role in providing a centralized point of API discovery and reuse in mobile. An API portal provides the core directory, developer management and developer collaboration features that aid mobile innovation. It presents information on what data resources are available and how these resources can be accessed, along with documentation, code samples and so on, all in a simple Web-based format.

Inside vs. Outside Developers
For some time, vendors have been making API portals available from the cloud, with an eye to aiding the external long-tail developer. But that same technology brought inside the datacenter can also be used by internal developers. While external developers can provide a forum for experimentation and education, the real ROI for most enterprises will occur inside the DMZ. Making internal developers building mobile apps productive and agile will help organizations deliver effective consumer and employee-facing apps faster.
But to do this, the API portal will need to be brought inside the firewall where the enterprise will be able manage internal developers securely. This will increase productivity, which will result in more and richer apps, in less time.

Powering the Internal Developer
Having seen the potential service directories had for organizing internal development efforts, Layer 7 has effectively bridged the lessons of SOA to mobile. The Layer 7 API Portal is unique in that it can support classic SOAP services along with newer REST interfaces and can be deployed 100% inside the datacenter. This enables enterprises to use API portals strategically – not just for powering external developer communities. By placing itself at the center of an internal app-building ecosystem, the Layer 7 API Portal can spur innovation across mobile development teams.

August 1st, 2013

Who Won’t Have an API?

Written by
 

API InfographicThat’s what we struggled to find out in our recent survey of enterprises. While we failed to canvass the North Koreans, it would seem the vast majority of enterprises in the developed world plan to implement an API program in one form or another. This probably helps – at least in part – to explain the surfeit of acquisition and funding-related news coverage the API Management sector has recently experienced

But what was perhaps most revelatory about Layer 7’s API survey and its accompanying infographic was that that it did not reveal any one leading driver for API publishing programs or any one implementation preference for API Management solutions.

Enterprises are using APIs for mobility, cloud, integration and developer programs. They are also deploying APIs from their datacenters, from the cloud and from hybrid environments. What that tells me is that flexibility should be the critical consideration for anyone evaluating the API Management alternatives.

(Full disclosure: Layer 7 offers the most flexible API delivery, management and security solution in the marketplace.)