Putting applications in the cloud can reduce overall IT costs and deliver greater scalability. Cost considerations are always a concern in IT infrastructures but scalability may be the most important benefit of hosting applications in the cloud. Leveraging the elasticity of Amazon’s cloud infrastructure can allow you to scale your APIs to match market demand. Amazon Web Services provides tooling that can help you be quicker to market with your APIs.

But do interfaces hosted on AWS and exposed to third-party developers contain significant vulnerabilities? Cloud services allow third-party access to applications and data through APIs. Failing to properly secure that access can put the data and applications at risk. So, how do you safely expose APIs in a cloud environment?

Understanding the cloud API model isn’t always easy. So, on January 29, we’re having a live discussion about publishing APIs in the AWS cloud, which may help answer questions surrounding exposing APIs in cloud environments. I’m excited to welcome Layer 7 Technologies Senior Software Developer Hirbod (Rod) Moshfeghi as our special guest for this API Tech Talk. This is a great opportunity to have your questions answered and to discuss the implications of publishing cloud-based APIs.

Here’s how to join the live discussion…

On the day of the event, click here to join:

• layer7.com/live

Submit your questions:

• Tweet using the tag #Layer7Live
• Email techtalk@layer7.com

These days, enterprises face an increasing array of Mobile Access challenges, from BYOD to mobile device management. We live in an increasingly mobile and app-based world. More and more enterprises have mobile-enabled workforces that need access to enterprise data from personal smartphones and tablets.

But how do enterprises balance access control with the individual’s right to choose the apps they want? How do enterprises grant access to sensitive on-premise data via mobile devices without compromising security?

Enterprises need secure ways to surface internal information assets in mobile ready formats that can be easily consumed by both mobile developers and the apps they create. They need simplified ways to manage how enterprise applications and systems get exposed to mobile developers and apps.

Layer 7′s new SecureSpan Mobile Access Gateway does just that by streamlining the process of adapting internal data, application and security infrastructure for mobile use. Delivered as a policy pack extension to our SecureSpan API Proxy/SOA Gateway, the Mobile Access Gateway provides a centralized way to control security and management policies for information assets exposed via APIs to mobile developers and apps.

Contest: Win a $250 Amazon Gift Card
To celebrate the general availability of the SecureSpan Mobile Access Gateway, we’re having a Twitter contest and giving away a $250 Amazon gift card.

Here’s how to enter:

1. Retweet the following:

Win a $250 Amazon gift card from @layer7  http://ow.ly/cFj9i #L7MAG RT to enter!

Tweet This for a Chance to Win

2. Don’t have twitter and still want to enter? Just leave a comment on this post, telling us your favorite mobile app.

The contest ends Aug 8 at noon. The winner will be drawn at random. If you win, we’ll send you a direct message on Twitter to let you know.

I delivered a talk all about API governance at last week’s Gartner Application Architecture, Development & Integration (AADI) summit in Las Vegas. I was the lunchtime entertainment on Wednesday. The session was packed—in fact, a large number of people were turned away because we ran out of place settings. Fortunately, a video of the session is now available, so if you were not able to attend, you can now watch it online.

In this talk, I explore how governance is changing in the API world. I even do a live OAuth demonstration using people, instead of computers. Unlike the classic “swim lane” diagrams that only show how OAuth works, this one also teaches you why the protocol operates as it does. (If you want to skip directly to the OAuth component, it begins at around 22 minutes

We know a lot of you get a great deal of value from our webinars, so we’re very pleased to announce that we’ve got a new one coming up on November 17th. Featuring input from Amazon Web Services, How to Secure & Govern Integrations Between the Enterprise & the Cloud will use the example of Best Buy’s API Developer Portal to demonstrate how an enterprise can securely integrate on-premise systems with Cloud applications.

The Best Buy API Developer portal is a superb example of how a large enterprise can leverage a hybrid on-premise/Cloud solution to scale API assets and accommodate peaks in demand, without compromising security or governance. The folks at Best Buy have been able to move into the Cloud while retaining full control of what information is shared with Cloud applications. At the same time, they’ve managed to insulate developers from the security, management and mediation challenges that often turn up with a hybrid Cloud solution.

How to Secure & Govern Integrations Between the Enterprise & the Cloud is happening on Thursday 17th November at 9am PST (which is noon EST and 5pm GMT). As with all our webinars, it will last about an hour and feature a Q&A session at the end. We had an absolutely phenomenal response to our last webinar, so we’re excited to be putting on this event with our friends at Amazon Web Services and Best Buy.

Register for the webinar >>

Last week, I was involved with a Layer 7 workshop in Tysons Corner, VA, just outside of Washington, DC. This workshop, called Defining, Enforcing & Validating Web Services Policy on AWS was presented in association with our friends at Amazon Web Services. The goal of the session was to teach attendees how build a secure bridge between the enterprise and the public Cloud.

You see, for organizations with variable application loads or the need to scale rapidly, Cloud services like AWS offer a truly elastic way to accommodate changing compute needs. But it’s rare for an enterprise to be able to run a workload in the public Cloud isolated from data or applications residing inside the enterprise. These organizations need ways to bridge the enterprise and the Cloud without compromising security or limiting scale-out.

The Layer 7/AWS workshop demonstrated a solution based on Layer 7′s industry-leading SecureSpan EC2 Appliance, which makes it simple for organizations in this situation to address the challenges of federation, integration and governance they are facing. Specifically, the event began with an overview of AWS before providing practical instructions on how the SecureSpan EC2 Appliance can be used to:

• Ensure security and federate identities in Cloud/enterprise integrations
• Implement fine-grained access and data security policies without coding
• Secure and manage REST APIs for Cloud applications

We certainly got a great response from attendees. Also, during registration, we got quite a few requests for similar events in different cities. If you’d like us to hold a Layer 7/AWS workshop in your city, please don’t hesitate to contact us by calling 1-800-681-9377 or emailing sales@layer7.com. In the meantime, if you want to know more, the slides presented at the workshop are available here. Additionally, here’s a demo of Layer 7 federation features specific to AWS: