October 21st, 2011

FROM THE VAULT: White Paper – Steer Safely into the Clouds

Cloud GovernanceThis week, From the Vault – our weekly series highlighting classic resources from the Layer 7 Resource Library  – steps back into the Cloud. Our goal with the white paper Steer Safely into the Clouds was to outline a secure path for Cloud adoption. With a great many drivers pointing enterprises towards the Cloud, this is pretty vital information.

This white paper is also a vital document for us because it outlines the governance philosophy underpinning all our Cloud solutions. It’s increasingly true that everybody wants to be in the Cloud but a move to the Cloud introduces new security risks and may compromise traditional IT governance. That’s where our Cloud governance philosophy comes in.

The way we see it, Cloud governance is a logical evolution of existing SOA governance best practices. It offers a way to assert control over both internal and external applications and data. This white paper should be enough to convince you that, using Cloud governance, the widely reported challenges of Cloud computing can be met.

Download Steer Safely into the Clouds

October 12th, 2011

Event Follow-Up: Defining, Enforcing & Validating Web Services Policy on AWS

Amazon Web ServicesLast week, I was involved with a Layer 7 workshop in Tysons Corner, VA, just outside of Washington, DC. This workshop, called Defining, Enforcing & Validating Web Services Policy on AWS was presented in association with our friends at Amazon Web Services. The goal of the session was to teach attendees how build a secure bridge between the enterprise and the public Cloud.

You see, for organizations with variable application loads or the need to scale rapidly, Cloud services like AWS offer a truly elastic way to accommodate changing compute needs. But it’s rare for an enterprise to be able to run a workload in the public Cloud isolated from data or applications residing inside the enterprise. These organizations need ways to bridge the enterprise and the Cloud without compromising security or limiting scale-out.

Layer 7/AWS Event

The Layer 7/AWS workshop demonstrated a solution based on Layer 7′s industry-leading SecureSpan EC2 Appliance, which makes it simple for organizations in this situation to address the challenges of federation, integration and governance they are facing. Specifically, the event began with an overview of AWS before providing practical instructions on how the SecureSpan EC2 Appliance can be used to:

  • Ensure security and federate identities in Cloud/enterprise integrations
  • Implement fine-grained access and data security policies without coding
  • Secure and manage REST APIs for Cloud applications

We certainly got a great response from attendees. Also, during registration, we got quite a few requests for similar events in different cities. If you’d like us to hold a Layer 7/AWS workshop in your city, please don’t hesitate to contact us by calling 1-800-681-9377 or emailing sales@layer7.com. In the meantime, if you want to know more, the slides presented at the workshop are available here. Additionally, here’s a demo of Layer 7 federation features specific to AWS:

October 5th, 2011

Let’s Talk iPhone

Written by

iCloudWe all know what was rumored for several weeks, that the star of yesterday’s iPhone unveiling would not be the hardware. And it wasn’t. Sure it was upgraded: A5 versus A4, eight megapixels versus five etc. But the physical update ranked up there with Intel’s introduction of the 486 for emotional pull. For many loyal Apple customers, including myself, the news was disappointing on first impression.

Still, first impressions are not always the most accurate. The true star of yesterday’s event was the integration of the iPhone to the Cloud. From iCloud through Find My Friends, iTunes Match, Photo Stream, Backup and of course the Siri personal assistant, Apple has tethered its phone to a series of concentric Clouds that span the personal, familial and public.

Now, one can argue that every app on the iPhone has, in one way or another, always been a portal, in miniature, to some shared Web-like Cloud service. What makes yesterday’s series of Cloud announcements different is how intertwined these Cloud services have become with the core propositions of the iPhone. Apple has tried to tie Cloud to most of the primary functions of the iPhone: communication, music, photos, search, social networking, calendaring etc.

Clearly, Apple benefits from anchoring our devices to a Cloud of its own invention. Defecting to another phone platform will become more complicated and cumbersome because of the iPhone’s many Clouds. Despite this, there is no denying the benefit that accrues to me and every consumer of Apple products from the cocooning effect of the Cloud. Apple’s Cloud services simplify a range of tasks and make possible some like Siri, which would have been impossible otherwise.

Like all good innovators, Apple did not invent the idea of integrating the Cloud to a mobile device. Google has been experimenting with this for years. Even Amazon, with its new Kindle Fire, is leveraging its AWS Cloud to accelerate Web browsing. However, Apple has the mass market reach to truly make Cloud integration with mobile devices mainstream.

For enterprise software vendors like Oracle, IBM WebSphere and Layer 7 Technologies, which are marrying software with hardware to deliver integrated appliances, the lesson is obvious: software plus hardware may be incomplete. Perhaps a better mnemonic is: “Software. Hardware. Cloud. Complete.” This may explain why Larry Ellison chose to replace Mark Benioff’s Cloud keynote today at Oracle OpenWorld 2011 with his own.

September 23rd, 2011

Clouds Down Under

When I was young I was fascinated with the idea that the Coriolis effect—the concept in physics which explains why hurricanes rotate in opposing direction in the southern and northern hemispheres—could similarly be applied to common phenomenon like water disappearing down a bathtub drain. On my first trip to Cape Town many years ago I couldn’t wait to try this out, only to realize in my hotel bathroom that I had never actually got around to checking what direction water drains in the northern hemisphere before I left. So much for the considered rigor of science.

It turns out of course that the Coriolis effect, when applied on such a small scale, becomes negligible in the presence of more important factors such as the shape of your toilet bowl. And so, yet another one of popular culture’s most cherished myths is busted, and civilization advances ever so slightly.

Something that definitely does not run opposite south of the equator turns out to be cloud computing, though to my surprise conferences down under take a turn in the positive direction. I’ve just returned from a trip to Australia where I attended the 2nd Annual Future of Cloud Computing in the Financial Services, held last week, held in both Melbourne and Sydney. What impressed me is that most of the speakers were far beyond the blah-blah-blah-cloud rhetoric we still seem to hear so much, and focused instead on their real, day-to-day experiences with using cloud in the enterprise. It was as refreshing as a spring day in Sydney.

Greg Booker, CIO of ANZ Wealth, opened the conference with a provocative question. He simply asked who in the audience was in the finance or legal departments. Not a hand came up in the room. Now bear in mind this wasn’t Microsoft BUILD—most of the audience consisted of senior management types drawn from the banking and insurance community. But obviously cloud is still not front of mind for some very critical stakeholders that we need to engage.

Booker went on to illustrate why cross-department engagement is so vital to making the cloud a success in the enterprise. ANZ uses a commercial cloud provider to serve up most of its virtual desktops. Periodically, users would complain that their displays would appear rendered in foreign languages. Upon investigation they discovered that although the provider had deployed storage in-country, some desktop processing took place on a node in Japan, making this kind of a grey-area in terms of compliance with export restrictions on customer data. To complicate matters further, the provider would not be able to make any changes until the next maintenance window—an event which happened to be weeks away. IT cannot meet this kind of challenge alone. As Randy Fennel, General Manager, Engineering and Sustainability at Westpac put it succinctly, “(cloud) is a team sport.”

I was also struck by a number of insightful comments made by the participants concerning security. Rather than being shutdown by the challenges, they adopted a very pragmatic approach and got things done. Fennel remarked that Westpac’s two most popular APIs happen to be balance inquiry, followed by their ATM locator service. You would be hard pressed to think of a pair of services with more radically different security demands; this underscores the need for highly configurable API security and governance before these services go into production. He added that security must be a built-in attribute, one that must evolve with a constantly changing threat landscape or be left behind. This thought was echoed by Scott Watters, CIO of Zurich Financial Services, who added that we need to put more thought into moving security into applications. On all of these points I would agree, with the addition that security should be close to apps and loosely coupled in a configurable policy layer so that over time, you can easily address evolving risks and ever changing business requirements.

The entire day was probably best summed up by Fennel, who observed that “you can’t outsource responsibility and accountability.” Truer words have not been said in any conference, north or south.

September 22nd, 2011

Defining, Enforcing & Validating Web Services Policy on AWS

Written by

Layer 7 is now accepting registrations for an upcoming event near Washington, DC, which will provide practical instructions on how to secure a Cloud-based IT infrastructure built upon Amazon Web Services (AWS). Here are the full details:

Defining, Enforcing & Validating Web Services Policy on AWS
Thursday October 6, 6pm-8pm
Tysons Corner Marriott (Salons E and F, Grand Ballroom, Main Level), Tysons Corner, VA

Click here to register for the event

Amazon Web Services

This hands-on workshop will demonstrate how a Layer 7 SecureSpan EC2 Appliance can be configured to secure integrations to and from the AWS Cloud. The event will include an overview of AWS security as well as practical instructions on how to:

  • Ensure security and federate identities in Cloud/enterprise integrations
  • Implement fine-grained access and data security policies without coding
  • Secure and manage REST APIs for Cloud applications

To sweeten the deal even more, we’ll be providing a light dinner and giving all attendees a 90-day evaluation of the SecureSpan EC2 Appliance. If you’re interested in attending, don’t wait around too long before you register – our last event in this part of the word was a sell-out!

Register now for Defining, Enforcing & Validating Web Services Policy on AWS