February 24th, 2012

Upcoming XACML Training Workshops

XACML IntegrationWith the advent of APIs in the enterprise comes the need for a new security model. An effective runtime security strategy for the type of open integration environment created by APIs requires the deployment of three intertwined elements – a policy enforcement point, a policy decision point and an attribute service.

Layer 7’s SecureSpan API Proxy fits into this strategy as the policy enforcement point. The API Proxy verifies/authenticates any incoming message before assembling a standard XACML request, which is then sent to the policy decision point. Layer 7 offers easy integration with leading policy decision point technologies from Axiomatics and Radiant Logic.

To help enterprise architects understand how XACML is used for this kind of integration, we’ve been organizing a series of workshops in collaboration with our friends at Axiomatics, Radiant Logic and SailPoint. Coming up, we’ve got events at the Mikrotek Training Facilities in San Francisco, Chicago and New York. Here are the details:

February 7th, 2012

API Management – Infrastructure Versus SaaS

API Management - Infrastructure Versus SaaS

The Enterprise is buzzing with API initiatives these days. APIs not only serve mobile applications, they are increasingly redefining how the enterprise does B2B and integration in general. API management as a category follows different models. On one hand, certain technology vendors offer specialized infrastructure to handle the many aspects of API management. On the other, an increasing number of SaaS vendors offer a service which you subscribe to, providing a pre-installed, hosted, basic API management system. Hybrid models are emerging but that’s a topic for a future post.

Before opting for a pure SaaS-based API management solution, think about these key considerations:

The Cloud Advantage
One can realize the benefits of Cloud computing from an API management solution without losing the ability to control its underlying infrastructure. For example, IaaS solutions let you host your own API management infrastructure. Private Clouds are also ideal for hosting API management infrastructure and provide the added benefit of running "closer" to key enterprise IT assets. Through any of these SaaS alternatives, an API management infrastructure optimizes computing resource utilization. IaaS and private Cloud-based API management infrastructure also provide elasticity and can scale on demand. Look for an API management solution that offers a virtual appliance form factor to maximize the benefits of Cloud.

Return on Investment
The advantage of a lower initial investment from SaaS-delivered API management solutions quickly becomes irrelevant when the ongoing cost of a per-hit billing structure increases exponentially. With your own API management infrastructure in place, you can leverage an initial investment over as many APIs as you want to deliver, no matter how popular the APIs become. Many early adopters, which originally opted for the SaaS model, are currently making the switch to the infrastructure model in order to remedy a monthly cost that has grown to unmanageable levels. Unfortunately, such transitions are sometimes costing more than any initial costs savings.

Agility, Integration
SaaS solutions provide easy-to-use systems isolated in their own silos. This isolation from the rest of your enterprise IT assets creates a challenge when you attempt to integrate the API management solution with other key systems. Do you have an existing Web portal? How about existing identity, business intelligence or billing systems? If your API management solution is infrastructure-based, you have access to all the low-level controls and tooling that are required to integrate these systems together. Integrating your API management with existing identity infrastructure can be important to achieving runtime access control. Integrating with billing systems is crucial to monetizing your APIs. Feeding metrics from an API management infrastructure into an existing BI infrastructure provides better visibility.

Security
Depending on the audience for your APIs, various regulations and security standards may apply. Sensitive information traveling through a SaaS-based system is outside your control. Are any of your APIs potentially dealing with cardholder information? Does PCI-DSS certification matter? If so, a SaaS-based API management solution is likely to be problematic. In addition to the off-premise security issue, SaaS-based API management solutions offer limited security and access control options. For example, the ability to decide which versions of OAuth you choose to implement matters if you need to cater to a specific breed of developers.

Performance
Detours increase latency. By routing API traffic through a hosted system before it gets to the source of the data, you introduce detours. By contrast, if you architect an API management infrastructure in such a way that runtime controls happen in the direct path of transaction, you minimize latencies. For example, using the infrastructure approach, you can deploy everything in a DMZ. Also, by owning the infrastructure, you have complete control over the computing resources allocated to it.

I'll be touching upon some of these issues when I give a presentation called Enterprise Access Control Patterns for REST & Web APIs on March 2, at the RSA Conference in San Francisco.

December 16th, 2011

FROM THE VAULT: Webinar – Security, Governance & Integration in a Cloud-Connected World presented with Red Hat

Red Hat webinarEnterprise IT is becoming more complex. Companies are investing in systems that promise great benefits in terms of connectivity and cost-effectiveness but, to really make the most of these investments, they need control over and visibility into how systems connect across departments, environments and locations. Introduce the Cloud and things can get really complicated.

This summer, we presented a webinar that addressed these specific issues. Created in association with Red Hat, Security, Governance & Integration in a Cloud-Connected World provided deep insight into how enterprises can address integration, management and security challenges arising from technologies like SOA and Cloud.

With input from Pierre Fricke, Director of SOA Products at Red Hat, as well as Jaime Ryan, our Partner Solutions Architect, this webinar proposed combining an enterprise service bus with a SOA Gateway to create a secure, standards-based system for governing integrations that cross organizational boundaries. You can stream the full recording in the player below.

[youtube]http://www.youtube.com/watch?v=ol8YO9F3O7k&feature=channel_video_title[/youtube]

November 1st, 2011

Upcoming Webinar: How to Secure & Govern Integrations Between the Enterprise & the Cloud – A Best Buy Case Study featuring Amazon Web Services

Best Buy - Amazon Web ServicesWe know a lot of you get a great deal of value from our webinars, so we’re very pleased to announce that we’ve got a new one coming up on November 17th. Featuring input from Amazon Web Services, How to Secure & Govern Integrations Between the Enterprise & the Cloud will use the example of Best Buy’s API Developer Portal to demonstrate how an enterprise can securely integrate on-premise systems with Cloud applications.

The Best Buy API Developer portal is a superb example of how a large enterprise can leverage a hybrid on-premise/Cloud solution to scale API assets and accommodate peaks in demand, without compromising security or governance. The folks at Best Buy have been able to move into the Cloud while retaining full control of what information is shared with Cloud applications. At the same time, they’ve managed to insulate developers from the security, management and mediation challenges that often turn up with a hybrid Cloud solution.

How to Secure & Govern Integrations Between the Enterprise & the Cloud is happening on Thursday 17th November at 9am PST (which is noon EST and 5pm GMT). As with all our webinars, it will last about an hour and feature a Q&A session at the end. We had an absolutely phenomenal response to our last webinar, so we’re excited to be putting on this event with our friends at Amazon Web Services and Best Buy.

Register for the webinar >>