Jaime Ryan

Jaime Ryan

Jaime Ryan is the Partner Solutions Architect at Layer 7 Technologies. Jaime has been building secure integration architectures as a developer, architect, consultant and author for the last 15 years. He lives in San Diego with his wife and two daughters.

August 8th, 2012

Solving Enterprise Mobile Access Challenges

Written by
 

In a recent blog post, I talked about how geofencing could be used in an enterprise setting to ensure compliance with local regulations or restrict an application’s functionality when a user is away from the office. Geofencing is a great piece of functionality, especially when dealing with mobile enablement/BYOD scenarios but no one feature can make a solution.

A true solution does more than just check boxes on a list of functional requirements. It addresses a real-world issue and provides the platform, the context – and yes, the features – necessary not just to solve a problem but also to give the enterprise additional value.  At Layer 7 Technologies, our customers count on us for solutions to their toughest challenges around security, identity, integration and governance of applications exposing data to partners, mobile devices, the cloud and the Web. That’s why I’m pleased to introduce our new solution brief for Mobile Access.

Many of our customers cater to consumers and have mobile initiatives (and public apps) geared toward the general population. But secure mobile enablement of an internal employee population is often even more important, as those employees need to interact with (and modify) corporate data that isn’t open to the public. Whether mobile devices are provided by the enterprise or are of the bring-your-own variety, the exposed apps and data need to be managed effectively.

Layer 7’s Mobile Access solutions focus on exposure of APIs to developers – public, partner or private – using the Layer 7 API Portal, and runtime enforcement of policies defined upon those APIs using the SecureSpan Mobile Access Gateway. While the products can certainly check a lot of those functional boxes – developer onboarding, API analytics, OAuth, geofencing, WebSockets support, caching, throttling and many more – the complete solution is what makes our customers successful.

This solution brief focuses on three customers – an airline, a health insurer and a telecom company – that use Layer 7 solutions to solve real problems. In each case, the business was able to see real value from the apps and APIs exposed to partners and employees. Take a look and see how these solutions can provide value to your enterprise.

Read the Layer 7 for Mobile Access solution brief

June 26th, 2012

QCon New York 2012

QCon BannerLast week, Layer 7 was a sponsor at QCon New York, an exciting conference held in Brooklyn. This event dealt with the latest software development trends in several categories including mobile, cloud, big data, architecture and security. As noted in this article from the show, there was quite a bit of focus on the seismic shift in development from server-heavy applications to more agile development using client-focused technologies like HTML5 and JavaScript. These are better suited for mobile and Web use cases, allowing client-side manipulation of data.

However, these technologies are only half the story. The other half is the API that provides a method of interaction with the server. To provide a rich, functional interface, this API must be user-friendly for people and machines. It should be easy to develop against, with or without extensive documentation. And it should be able to represent both the current application state and the operations available to the client. These API design principles were discussed by Layer 7’s Principal API Architect, Mike Amundsen, in his fascinating talk on Wednesday.

QCon was yet another in a long line of analyst, enterprise and developer conferences to draw the same conclusions about the future of enterprise IT. It’s time to look at software development in a new way – and Layer 7 is helping enterprises get on board with these new technologies. Our recently-announced SecureSpan Mobile Access Gateway provides the middleware necessary to adapt internal information assets into secure, optimized APIs consumable by mobile devices for enterprise mobile enablement or BYOD.

June 14th, 2012

Geofencing & Mobile Access Gateways

Written by
Category API, BYOD, Mobile Access
 

GeofencingOne of the cooler features offered by Siri on the iPhone is its integration with the internal GPS for geofencing. For instance, you can tell her (yes, I just anthropomorphized a disembodied mobile phone app) to “remind me to pick up some milk when I leave the house”. While this geofencing application is very consumer-centric and a nice-to-have, geolocation (and geofencing) is often a must-have for enterprise mobile apps.

At Layer 7, our enterprise customers are sometimes constrained by industry regulations regarding data privacy. These restrictions, especially in the healthcare and financial services industries, often prohibit medical or financial data from traveling across international (or even state) borders, to ensure compliance with local regulations. Some may require additional forms of authentication when connecting from a new physical location.

Many enterprises are also rolling out BYOD initiatives based on the employee’s proximity to company offices – they can use their own phones to access company data while in the office but that access is restricted when they head for home. More complex GIS integration is sometimes necessary for mobile employees and field technicians.

Building strict geolocation rules into every mobile application is possible but time-consuming to develop and difficult to maintain. Managing these policies in a centralized Mobile Access Gateway allows flexibility of design and easy updates. Compliance auditing is simplified and policies are reusable and configuration-driven. If you want to tighten distance restrictions or change GIS providers, you only have to make the change once.

Layer 7′s SecureSpan Mobile Access Gateway is far more than just a simple API proxy. It provides mobile-specific features around identity, security, adaptation, optimization and integration. It is these integration features that allow powerful orchestration of third-party APIs (including geolocation), legacy applications and mobile notification services for a truly comprehensive Mobile Access solution.

June 8th, 2012

Layer 7 at Gartner Security & Risk Management Summit

Gartner Security and Risk ManagementNext week (June 11-14), Layer 7 will be exhibiting at the Gartner Security & Risk Management Summit near Washington, DC (in National Harbor, MD). Speakers will run the gamut from Michael Dell to the Cybersecurity Coordinator for the White House, because enterprises and governmental organizations share a serious interest in securing data and applications.

The combination of security and risk management is particularly interesting these days, as rapid migration to Cloud and Mobile has introduced a new set of risks. These new platforms raise issues around compliance, information security and identity management, which can only be addressed with a comprehensive approach to security, using proven technology.

If you’re at the show, stop by and visit Layer 7 at Booth 92. We’d love to demonstrate how our SOA Governance and API Management solutions can counteract the risks involved with adopting these new technologies. Our solutions – flexibly deployed on-premise or in the Cloud – provide control over data and applications being exposed to partners, Cloud and Mobile.

And our industry-leading technology has been certified at the highest levels for use in both corporate and governmental organizations – PCI-DSS compliance for retail, STIG vulnerability testing for the DoD, FIPS 140-2 for cryptographic functionality and Common Criteria certification for overall security.

Don’t let the risk outweigh the reward – come talk to us!

June 1st, 2012

The Oracle-Versus-Google Verdict Comes Down

Written by
 

Oracle-Google VerdictWhew! That loud sigh of relief you hear reverberating from Silicon Valley is a reaction to yesterday’s Oracle-Google ruling, which declared that APIs are not protected by copyright. While this case could be far from over – Oracle may appeal and force another $50 million round of litigation – a knowledgeable judge and a well-argued 41-page decision will likely make for a strong precedent.

In the few weeks, since I last discussed this case, I’ve gotten a lot of feedback. While some techies provided commentary supporting Google’s position, more responses came in the form of questions about APIs themselves. Are programming language APIs different from Web, Cloud or other APIs? Does Oracle deserve special consideration due to the time and effort invested? Can one API be “better” than another?

Language APIs certainly appear to be different from Web APIs. They are bound to language syntax and define local functions, which are then compiled or interpreted into bytecode and executed on a low-level platform. Web APIs, on the other hand, are generally language-independent and use basic networking protocols to execute remote services often hosted by an external party.

However, there is an important common bond defined in the acronym itself. Each API is defining an interface to some actual functionality or data. To use a travel metaphor, APIs are not a destination – they are the directions to that destination. Whether it’s a Java class definition, an Amazon S3 storage operation or a Netflix catalog request, an API describes how to do something, get something, calculate something etc.

Because an API is simply a method for accessing an application (the implementation of which is protected under the law), there are many ways to describe the interface, some “better” than others. And Sun Microsystems (later purchased by Oracle) did put time and effort into its creation of a highly-structured Java API.

But structure and complexity are not necessarily the hallmarks of a superior API, as we’ve seen with the move from SOAP Web services to REST-based APIs over the past few years. In fact, generic self-describing APIs simple enough to be navigated without documentation by man or machine are now considered the pinnacle of success, at least according to the Richardson Maturity Model.

When it comes to whether or not APIs can be copyrighted, I happen to be in favor of the ruling as it stands, if only to avert disaster in the IT industry. By taking a strong stand on the issue (even with caveats around extending this ruling to other case law), the judge has possibly prevented a whole new round of lawsuits that could have rivaled the still-ongoing Apple/Samsung/Google patent wars. The last thing the tech world needs is more distractions from all of the fantastic innovation taking place today.

So for now, we can continue to focus on how to secure and govern the applications and data being exposed via APIs. Access to that functionality is the true value of an API and needs to be protected by both technology and the law.

(See Groklaw’s review of the decision for more trial details.)