February 3rd, 2012

Security in the Clouds: The IPT Swiss IT Challenge

Scott Morrison in GstaadProbably the best part of my job as CTO of Layer 7 Technologies is having the opportunity to spend time with our customers. They challenge my assumptions, push me for commitments and take me to task for any issues -  but they also flatter the whole Layer 7 team for the many things we do right as a company. And for every good idea I think I have, I probably get two or three great ones out of each and every meeting with the people who use SecureSpan to solve real problems on a daily basis.

All of that is good but I’ve learned that if you add skiing into the mix, it becomes even better. Layer 7 is fortunate to have an excellent partnership with IPT, a very successful IT services company out of Zug, Switzerland. Each year, IPT holds a customer meeting up in Gstaad, which I think surely gives them an unfair advantage over their competitors in countries less naturally blessed. I finally managed to draw the long straw in our company and was able to join my colleagues from IPT at their annual event this January.

Growing up in Vancouver, with Whistler practically looming in my backyard, I learned to ski early and ski well. Or so I thought, until I had to try to keep up with a crew of Swiss who surely were born with skis on their feet. But being challenged is always good and I can say the same for what I learned from my Swiss friends about technology and its impact on the local market.

The Swiss IT market is much more diverse than people from outside of it may think. Yes, there are the famous banks but it is also an interesting microcosm of the greater European market — albeit run with a natural attention to detail and extraordinary efficiency. It’s the different local challenges that shape technology needs and lead to different emphasis.

SOA and Web services are very mature and indeed are pushed to their limits but the API market is still in its very early stages. The informal, wild west character of RESTful services doesn’t seem to resonate in the corridors of power in Zurich. Cloud appears in patches but it is hampered by very real privacy concerns and this, of course, represents a great opportunity. Secure private Clouds are made for this place.

I always find Switzerland very compelling and difficult to leave. Perhaps it’s the miniscule drop of Swiss ancestry I can claim. But more likely it’s just that I think the Swiss have got this life thing all worked out.

Looking forward to going back.

December 22nd, 2011

The Future is a Story About Mobile Computing

Written by
 
Marc Andreessen

Earlier today, CNET published an interview with Marc Andreessen, in which the Netscape founder and influential VC outlines his personal vision for where tech is heading in the near future. His new tagline, from a piece he wrote for the New York Times, is “software is eating the world”, a blunt reference to how software increasingly appears out of nowhere to utterly consume a traditional practice or business model — be this in commerce, the social realm or just about everywhere.

Andreessen asserts that this affect will only accelerate in the future because of the explosion we are experiencing in mobile computing:

"Most of the people in the world still don’t have a personal computer, whereas in three to five years, most people in the world will have a smartphone…. If you’ve got a smartphone, then I can build a business in any domain or category and serve you as a customer no matter where you are in the world in just gigantic numbers — in terms of billions of people."

This new scale of mobile is something we’re only beginning to see but it is becoming clear that the change this will bring about is going to be profound. Mobile computing is very interesting to Layer 7 — watch our for some interesting new developments coming out of our labs early in the new year.

I discovered a similar indicator of mobile interest using Google’s Insights for Search. Pete Soderling and Chris Comerford from Stratus Security Technologies gave an excellent talk, back in 2010 at the RSA show, about REST security. They illustrated how the zeitgeist around distributed computer communications was changing over time, by comparing search volume for “SOAP Security” (blue line) and “REST Security” (red line):

Try this out for yourself here.

What struck me about this was not that REST came up so fast — you’d have to be living under a rock to have missed that one — but that the two approaches have been tracking roughly equivalent over the last year. This mirrors our own experience at Layer 7, where we support both SOAP and REST security equally. We see similar patterns of interest coming from our customers.

What is even more interesting is what happens when you add “Mobile Security” (yellow line) to the mix:

Try it here.

The future indeed, will be written from a hand-held device.

December 16th, 2011

FROM THE VAULT: Webinar – Security, Governance & Integration in a Cloud-Connected World presented with Red Hat

Red Hat webinarEnterprise IT is becoming more complex. Companies are investing in systems that promise great benefits in terms of connectivity and cost-effectiveness but, to really make the most of these investments, they need control over and visibility into how systems connect across departments, environments and locations. Introduce the Cloud and things can get really complicated.

This summer, we presented a webinar that addressed these specific issues. Created in association with Red Hat, Security, Governance & Integration in a Cloud-Connected World provided deep insight into how enterprises can address integration, management and security challenges arising from technologies like SOA and Cloud.

With input from Pierre Fricke, Director of SOA Products at Red Hat, as well as Jaime Ryan, our Partner Solutions Architect, this webinar proposed combining an enterprise service bus with a SOA Gateway to create a secure, standards-based system for governing integrations that cross organizational boundaries. You can stream the full recording in the player below.

[youtube]http://www.youtube.com/watch?v=ol8YO9F3O7k&feature=channel_video_title[/youtube]

December 2nd, 2011

FROM THE VAULT: Webinar – Managing API Security in SaaS & Cloud presented with the Cloud Security Alliance

Managing API SecurityThis week’s dip into the Layer 7 archive provides real-world advice on how providers of Cloud services can securely expose their APIs to third-party developers. Featuring input from eBay Chief Security Strategist Liam Lynch, Managing API Security in SaaS & Cloud will definitely be of interest to anyone who enjoyed our recent Webinar with Best Buy and Amazon Web Services.

For Cloud providers, API publishing has become critical to enabling integration with enterprise systems, sharing information across affiliate Web sites and providing mobile access to services. Of course, Cloud computing and API publishing create all sorts of new security concerns, which is where secure integration providers like Layer 7 come in.

This webinar was co-presented with our friends at the Cloud Security Alliance but it’s about more than just security. A truly safe and secure API publishing programming will have to tackle the full range of API management concerns. Specifically, Cloud API publishers need ways to address versioning and to meter consumption without burdening either developers or consumers.

To find out more, you can read about the webinar on the Layer 7 Web site or simply watch the recording in the player below.

November 11th, 2011

FROM THE VAULT: Webinar – Extending Enterprise Security into the Cloud presented with The 451 Group

CA World - CSA CongressNext week, Layer 7 will be exhibiting at a couple of events, both of which have a strong Cloud security focus. Between November 13 and 16, we’ll be in Las Vegas for CA World, where we’ll be setting up shop in the Cloud Section and the Security Section. On November 16 and 17, we’ll be at the Cloud Security Alliance Congress in Orlando.

With these Cloud security-focused events just around the corner, it seems like a good time to mention our archived webinar Extending Enterprise Security into the Cloud. Presented with The 451 Group, this webinar explored ways for enterprises to extend existing security investments into the Cloud without incurring significant costs or creating additional IT complexity.

Presentations from Layer 7 CTO Scott Morrison and 451 Group Security Analyst Steve Coplan, delved into how enterprises can leverage the identity, privacy and threat-protection technologies they already own to facilitate the secure adoption of SaaS, IaaS and other Cloud-based technologies.

You can read more about the webinar in our Resource Library or simply watch the recording in the player below, courtesy of the Layer 7 YouTube Channel.

And if you happen to be attending either CA World or the CSA Congress, stop by and say “hi”. CA World attendees can find us at Partner Pedestal 261A in the Cloud Section and Partner Pedestal 338B in the Security Section. For the CSA conference we’ll be at table 10. Hope to see you there!