May 15th, 2012

API-Aware Traffic Management

Cloud ExpoAs I mentioned in my last blog post, the promise of cost reduction is compelling many enterprises to move their workloads into the Cloud but many IT leaders are reluctant to do so, for fear of compromising the security and availability of their services. These concerns are well-founded but the benefits of Cloud are too great to ignore. To obtain these benefits, companies must adopt techniques that protect against the attendant risks, without compromise.

Many people are familiar with Layer 7’s industry-leading security functionality, so it’s no surprise that I’d recommend using our Gateway technology to protect connections from on-premise infrastructure to off-premise Cloud services. The flexibility of deployment options we offer makes it possible to create a network of secure on- and off-premise endpoints to meet the most stringent requirements. This covers security but what about availability?

People seem to be less familiar with Layer 7’s routing capabilities. Our Gateway technology is optimized to perform flexible, content-based routing with negligible impact on overall transaction times. In the context of the Cloud, this means that traffic proxied by a Layer 7 Gateway can be re-directed using intelligent algorithms and even dynamic, state-based awareness. This routing capability, which I call “API-aware traffic management”, brings huge benefits in ensuring availability when connecting to multiple API instances – on-premise, off-premise, in multiple Clouds… anywhere on the hybrid network.

I’ll be discussing this topic in detail at the upcoming Cloud Expo 2012, June 11-14 in New York City. This promises to be a great event, so I hope you can make it and attend my discussion!

April 30th, 2012

Cloud & Clear

Hybrid CloudIt’s April in Vancouver, which got me thinking about clouds.  Although the IT buzz in 2012 has been dominated by mobile and big data, Cloud computing is still a hot topic, especially since it is an enabler for both. In the public Cloud space, Google just launched Drive in the same week that Microsoft updated SkyDrive. In the private Cloud domain, IBM recently announced its PureSystems platform, which falls along similar lines as the Exa- line from Oracle.

It will be interesting to see whether or not big enterprises buy into this “21st century mainframe” concept but what’s clear is that enterprises now want to migrate critical workloads to the Cloud, en masse. To realize the true benefits of Cloud, many of these workloads will have to be running off-premise. But since many will remain on-premise, enterprises will be relying on hybrid Cloud infrastructure for their most significant IT services.

Security remains a major area of concern for organizations looking to leverage the Cloud. Increasingly, availability and reliability are also significant concerns, particularly since Amazon has had a few outages recently. In addition to addressing these concerns, enterprises are evaluating how they can optimize processing volumes to get maximum cost benefit from their Cloud deployments.

Please join me at the Cloud Expo, June 11-14 in New York, where I’ll be discussing solutions for each of these considerations. Hey, we should have blue skies by then!

April 10th, 2012

Faking the Cloud in API Management

API Management - Infrastructure Versus SaaSThe CEO of competitor API management provider Mashery recently mentioned a post I wrote discussing tradeoffs of infrastructure-based versus service-based solutions when it comes to API management. Unintentionally, my original post has apparently hit a nerve.

Oren suggests that a “true” Cloud solution can only be SaaS-based. While Amazon Web Services, among others, may take umbrage at that definition, I am also a little confused by Oren’s statement since, by most definitions Mashery, is not a SaaS. Typically, a SaaS provides self-enrollment and self-service aspects. Mashery may let you manage your APIs in the Cloud like Layer 7 or Apigee but it doesn’t do this without help from engagement consultants. In that way, they are more akin to IBM than Salesforce.

In the end, our customers don’t get too caught up in Cloud semantics. Some of our customers want to own a solution, others “rent”. Some want a solution in a data-center, others in a public Cloud. We understand that different deployment models are needed to accommodate different needs. If a Cloud deployment is what you are after, try several vendors, verify what you get and compare each solution’s strengths.

March 23rd, 2012

Layer 7 at the 2012 DoDIIS Worldwide Conference

2012 DoDIIS Worldwide ConferenceLayer 7 is proud to be exhibiting at the 2012 Department of Defense Intelligence Information Systems (DoDIIS) Worldwide Conference, which will be taking place in Denver this April 1-4. The show will be focusing on the Defense Intelligence Agency’s goal of unifying defense intelligence infrastructure and information sharing initiatives.

Never before has so much intelligence data been collected and never has the challenge of securely sharing these valuable assets been greater. As new intelligence systems come online, issues inevitably arise around the need to make data and security credentials interoperable between these new systems and existing capabilities.

As the leading provider of secure messaging and security Gateway solutions to the US Federal Intelligence Community, Layer 7 will be at the show, demonstrating its solutions for data and security interoperability within the enterprise and the Cloud. If you’re attending the DoDIIS conference, stop by Booth 917 to see first-hand how you can resolve interoperability and fine-grained access challenges with a Common Criteria EAL 4+ certified solution from Layer 7.

March 2nd, 2012

API Security for Mobile & Cloud – A Best Practices Workshop for Enterprises Hosted by Layer 7

We Secure APIsOn Monday February 27, 2012 Layer 7 hosted an exclusive workshop at RSA Conference in San Francisco at the trendy W Hotel. The audience was a group of IT professionals interested to learn more about API management as it relates to mobile and Cloud security.

There was an hour of networking before the presentations started, during which lunch was served. The room filled quickly. As this was an exclusive event, seating was limited. By the time the first presenter had started, it was standing room only.

Layer 7 CTO Scott Morrison hosted the event, which featured guest speakers Caleb Sima and Rag Ramanathan. The workshop provided insight into API security and management best practices for mobile and Cloud.

More and more enterprises are looking to API publishing as a way of exposing their data to partners and external developers building mobile apps and Cloud services. But this inevitably creates serious security concerns.

So the aim of the workshop was to address the issue of API security for mobile and Cloud, with three presentations. The slides from these presentations are embedded below.


Caleb Sima: Open APIs – Security for Mobile & the Cloud

A look at what’s driving new Internet-facing organizations to open up information through APIs, plus a discussion of the implications for application security.


Rag Ramanathan: Securing & Governing Cloud APIs

A look at why APIs matter in the Cloud and the unique security challenges Cloud APIs create.


Scott Morrison: API Security & Management Best Practices

A look at the high-level considerations for controlling, metering and monitoring APIs from test through to production.