Next week (June 11-14), Layer 7 will be exhibiting at the Gartner Security & Risk Management Summit near Washington, DC (in National Harbor, MD). Speakers will run the gamut from Michael Dell to the Cybersecurity Coordinator for the White House, because enterprises and governmental organizations share a serious interest in securing data and applications.

The combination of security and risk management is particularly interesting these days, as rapid migration to Cloud and Mobile has introduced a new set of risks. These new platforms raise issues around compliance, information security and identity management, which can only be addressed with a comprehensive approach to security, using proven technology.

If you’re at the show, stop by and visit Layer 7 at Booth 92. We’d love to demonstrate how our SOA Governance and API Management solutions can counteract the risks involved with adopting these new technologies. Our solutions – flexibly deployed on-premise or in the Cloud – provide control over data and applications being exposed to partners, Cloud and Mobile.

And our industry-leading technology has been certified at the highest levels for use in both corporate and governmental organizations – PCI-DSS compliance for retail, STIG vulnerability testing for the DoD, FIPS 140-2 for cryptographic functionality and Common Criteria certification for overall security.

Don’t let the risk outweigh the reward – come talk to us!

Cloud Expo 2012 is almost here. This promises to be an incredible event, with thousands of attendees and over 100 speakers. As previously mentioned, I’m privileged to be presenting on Making Hybrid Cloud Safe & Reliable. I’m particularly excited that I’ll be introducing attendees to the new concept of API-Aware Traffic Management. It will also be great to be back in New York City!

I recently read Daniel Kahneman’s book Thinking Fast & Slow, a fascinating study of how the human mind works. With the new capabilities offered by big data and Cloud computing — the dual themes for next week’s event — and the increasing personalization of technology through Mobile devices, I think we have an opportunity to make our digital systems more human in their processing. What does that mean?  Well, more intuitive in user experience, more lateral through caching of unstructured data and more adaptive to changing conditions. API-Aware Traffic Management certainly reflects this potential.

If you are going to be (or hope to be) at the event, add a response in the comments box or tweet to @MattMcLartyBC. Hope to see you there!

Glue Conference, aka Gluecon, is such a refreshing event – filled with API and application developers, not a single suit in sight, demo pods, hackathons, spheros etc.

APIs are popping up everywhere and creating amazing integration possibilities. One of the coolest demos I saw at Gluecon was Ducksboard’s dashboard service, which lets you create your own monitoring dashboard using a library of widgets for existing social and Cloud providers. You can even create your own widget and have your own data pushed to it via an API endpoint created just for you, on the fly – so sexy!

Thanks to everybody who came to my presentation Making Sense of API Access Control. I hope this shed some light on how to leverage OAuth for controlling access to REST-based APIs. A lot of the new APIs I discovered this week could certainly use some help in that regard. API key authentication in HTTP basic without password has its limitations. The slides from Making Sense of API Access Control are embedded below.

On May 15-16 2012, I will be at the Privacy Identity Innovation (pii2012) conference held at the Bell Harbour International Conference Center in Seattle. I will be participating in a panel moderated by Eve Maler from Forrester Research, Inc., titled Privacy, Zero Trust & the API Economy. It will take place at 2:55pm on Tuesday May 15:

“The Facebook Connect model is real, it’s powerful and now it’s everywhere. Large volumes of accurate information about individuals can now flow easily through user-authorized API calls. Zero Trust requires initial perfect distrust between disparate networked systems but are we encouraging users to add back too much trust, too readily? What are the ways this new model can be used for ‘good’ and ‘evil’ and how can we mitigate the risks?”

On Thursday May 17 at 9am PDT, I will be delivering a webinar on API identity technologies, once again with Eve Maler from Forrester. We are going to talk about the idea of zero trust with APIs, an important stance to adopt as we approach what Eve often calls “the coming identity singularity” – that is, the time when identity technologies and standards will finally line up with real and immediate need in the industry. Here is the abstract for this webinar:

“Identity, Access & Privacy in the New Hybrid Enterprise: Making Sense of OAuth, OpenID Connect & UMA
In the new hybrid enterprise, organizations need to manage business functions that flow across their domain boundaries in all directions: partners accessing internal applications; employees using mobile devices; internal developers mashing up Cloud services; internal business owners working with third-party app developers.

Integration increasingly happens via APIs and native apps, not browsers. Zero trust is the new starting point for security and access control and it demands Internet scale and technical simplicity – requirements the go-to Web services solutions of the past decade, like SAML and WS-Trust, struggle to solve.

This webinar from Layer 7 Technologies, featuring special guest Eve Maler of Forrester Research, Inc., will:

Layer 7 is proud to be exhibiting at the 2012 Department of Defense Intelligence Information Systems (DoDIIS) Worldwide Conference, which will be taking place in Denver this April 1-4. The show will be focusing on the Defense Intelligence Agency’s goal of unifying defense intelligence infrastructure and information sharing initiatives.

Never before has so much intelligence data been collected and never has the challenge of securely sharing these valuable assets been greater. As new intelligence systems come online, issues inevitably arise around the need to make data and security credentials interoperable between these new systems and existing capabilities.

As the leading provider of secure messaging and security Gateway solutions to the US Federal Intelligence Community, Layer 7 will be at the show, demonstrating its solutions for data and security interoperability within the enterprise and the Cloud. If you’re attending the DoDIIS conference, stop by Booth 917 to see first-hand how you can resolve interoperability and fine-grained access challenges with a Common Criteria EAL 4+ certified solution from Layer 7.