May 15th, 2012

APIs, Cloud & Identity Tour 2012: Three Cities, Two Talks, Two Panels & a Catalyst

Scott Morrison on Tour 2012On May 15-16 2012, I will be at the Privacy Identity Innovation (pii2012) conference held at the Bell Harbour International Conference Center in Seattle. I will be participating in a panel moderated by Eve Maler from Forrester Research, Inc., titled Privacy, Zero Trust & the API Economy. It will take place at 2:55pm on Tuesday May 15:

“The Facebook Connect model is real, it’s powerful and now it’s everywhere. Large volumes of accurate information about individuals can now flow easily through user-authorized API calls. Zero Trust requires initial perfect distrust between disparate networked systems but are we encouraging users to add back too much trust, too readily? What are the ways this new model can be used for ‘good’ and ‘evil’ and how can we mitigate the risks?”

On Thursday May 17 at 9am PDT, I will be delivering a webinar on API identity technologies, once again with Eve Maler from Forrester. We are going to talk about the idea of zero trust with APIs, an important stance to adopt as we approach what Eve often calls “the coming identity singularity” – that is, the time when identity technologies and standards will finally line up with real and immediate need in the industry. Here is the abstract for this webinar:

Identity, Access & Privacy in the New Hybrid Enterprise: Making Sense of OAuth, OpenID Connect & UMA
In the new hybrid enterprise, organizations need to manage business functions that flow across their domain boundaries in all directions: partners accessing internal applications; employees using mobile devices; internal developers mashing up Cloud services; internal business owners working with third-party app developers.

Integration increasingly happens via APIs and native apps, not browsers. Zero trust is the new starting point for security and access control and it demands Internet scale and technical simplicity – requirements the go-to Web services solutions of the past decade, like SAML and WS-Trust, struggle to solve.

This webinar from Layer 7 Technologies, featuring special guest Eve Maler of Forrester Research, Inc., will:

  • Discuss emerging trends for access control inside the enterprise
  • Provide a blueprint for understanding adoption considerations

You will learn:

  • Why access control is evolving to support mobile, Cloud and API-based interactions
  • How the new standards (OAuth, OpenID Connect and UMA) compare to technologies like SAML
  • How to implement OAuth and OpenID Connect, based on case study examples”

You can sign up for this webinar at the Layer 7 Technologies Web site.

Next week, I’m off to Dublin to participate in TMForum Management World 2012. I wrote earlier about the defense catalyst Layer 7 is participating in that explores the problem of how to manage Clouds in the face of developing physical threats. If you are at the show, you must drop by the Forumville section on the show floor and have a look. The project results are very encouraging.

I’m also doing a presentation and participating in a panel. The presentation title is API Management: What Defense & Service Providers Need to Know. Here is the abstract:

“APIs promise to revolutionize the integration of mobile devices, on-premise computing and the Cloud. They are the secret sauce that allows developers to bring any systems together quickly and efficiently. Within a few years, every service provider will need a dedicated API group responsible for management, promotion and even monetization of this important new channel to market. And in the defense arena, where agile integration is an absolute necessity, APIs cannot be overlooked.

In this talk, you will learn:

  • Why APIs are revolutionizing Internet communications
  • Why this is an important opportunity for you
  • How you can successfully manage an API program
  • Why developer outreach matters
  • What tools and technologies you must put in place”

This talk will take place at the Dublin Conference Centre on Wednesday May 23 at 11:30am.

The panel, organized by my friend Nava Levy from Cvidya, is titled Cloud Adoption – Resolving the Trust vs. Uptake paradox: Understanding & Addressing Customers’ Security & Data Portability Concerns to Drive Uptake.

Here is the panel abstract:

“As Cloud services continue to grow five times faster vs. traditional IT, it seems that concerns re security and data portability are also on the rise. In this session, we will explain the roots of this paradox and the opportunities that arise from resolving these trust issues. By examining the different approaches other Cloud providers utilize to address these issues, we will see how service providers, by properly understanding and addressing these concerns, can use trust concerns as a competitive advantage against many Cloud providers who don’t have the carrier-grade trust as one of their core competencies. We will see that, by addressing fraud, security, data portability and governance risks heads on, not only will the uptake of Cloud services rise to include mainstream customers and conservative verticals but also the type of data and processes that will migrate to the Cloud will become more critical to the customers.”

The panel is on Thursday May 24 at 9:50am.

May 10th, 2012

Talking Mobile Strategy at the Forrester Forums

Forrester ForumsLast week Layer 7 sponsored Forrester’s CIO and Enterprise Architecture forums in Las Vegas. These were great conferences with various tracks covering such lofty concepts as “business strategy” and “innovation”. But the track that was getting everyone talking – and driving attendance at the Layer 7 booth – was about mobile strategy.

CIOs have started to recognize that – with BYOD gaining strength – mobile is coming to business, like it or not. The many CIOs who came by our booth all seemed determined to address the issue head-on. For some, this will mean developing apps in-house; for others, enabling third-party app developers. In either case, the key to success will be publishing secure, robust APIs.

Publishing mobile APIs raises various questions for CIOs. Some of the questions we heard in Vegas are external corollaries of challenges we’ve been solving for years (“How do I expose a REST API when my data is delivered via SOAP services?”) Others are completely new (“What happens when someone with our app on their personal smartphone leaves the company?”)

These issues also arose during an interesting session called “Navigating the Mobile Shift.” At this session, after some input from Forrester analysts, everyone split into groups for brainstorming on problems (and solutions) in specific categories. When each group presented its findings, security and governance questions were at the top of every list.

These forum participants aren’t from mom-and-pop startups – they’re with large enterprises that have serious security, governance, performance and scalability concerns. Helping enterprises address these concerns for API-based integrations is Layer 7’s core business, so we’ll be eagerly following future developments in enterprise mobile enablement and BYOD.

November 18th, 2011

Forrester Wave for SOA Application Gateways 2011 – Layer 7 Positioned as a Leader

Written by
 

Forrester Wave for SOA Application GatewaysAt the end of last month, we announced that Layer 7 had been named a Deloitte Technology Fast 500 growth company and had been positioned as a leader in Gartner’s 2011 Magic Quadrant for SOA Governance Technologies. Today, we’re very proud to announce that Forrester Research, Inc. has named Layer 7 a Leader in a new report, The Forrester Wave™: SOA Application Gateways, Q4 2011.

The report groups its criteria into three high-level categories: Current Offering, Strategy and Market Presence. Layer 7’s “SecureSpan SOA Gateway scored well in all of the major functional categories.” In fact, we actually had the highest score in the Current Offering category and the Strategy category. As a Leader, we were recognized for our broad and deep support for messaging styles, attack protection, trust enablement and content transformation.

Top vendors were evaluated, so we feel it’s a great honor to be positioned as a Leader in this SOA Application Gateways Wave. For more information on the report, read our press release.

October 13th, 2011

Recorded Webinar: A Practical Guide to API Security & OAuth for the Enterprise featuring Forrester Research, Inc.

Forrester - Eve MalerYesterday, Layer 7 held what turned out to be the company’s number one most popular webinar ever: A Practical Guide to API Security & OAuth for the Enterprise. The remarkably large number of sign-ups we had for this event stands as evidence of the hunger for expert insight into issues around Web API generally and OAuth in particular. In this case, the expert insight was provided by Eve Maler, Principal Analyst at Forrester Research, Inc.,  as well as by Layer 7’s own Scott Morrison. Judging from the feedback we received during and after the session, quite a few people found this webinar to be particularly insightful and thought-provoking.

Input from Forrester Research, Inc. is always valuable and Eve Maler’s presentation – OAuth as a Serious API Security Tool for Enterprises: A Practical Overview – certainly didn’t disappoint. She began by positioning OAuth as “a powerhouse of API security and SSO solutions” and went on to advise that enterprises should “Leverage OAuth’s ascendance while minding its weaknesses”. The key point here was that OAuth may be simple but that doesn’t mean it has to be a low-security option. If an enterprise uses and insists on OAuth best practices, OAuth can indeed be a serious API security tool and can work in environments that require “zero trust”. Eve went on to give some great, practical advice for security and risk professionals and developers looking to leverage OAuth

Next, Scott provided a practical demonstration of how Layer 7′s OAuth Toolkit can be used to ensure the consistent application of these best practices. The OAuth Toolkit provides enterprises with a centralized way to create and implement OAuth for all their protected services and APIs. Layer 7’s OAuth capabilities support a variety of standards, including OAuth 1.0a, OAuth 2.0, SAML 1.1, SAML 2.0, WS-Trust, REST and JSON, among others.

For those of you who missed the event, we now have the full one-hour recording online. Click here to find out more about the webinar and download a copy. Alternatively, you can simply stream the complete recording in the player below, courtesy of the Layer 7 YouTube channel.

September 20th, 2011

Upcoming Webinar: A Practical Guide to API Security & OAuth for the Enterprise

Recently, anything to do with Web APIs has been a hot topic. Right now, no API-related topic is hotter than OAuth. Enterprises moving into API publishing want to know what OAuth can do for them and how to implement it. Layer 7 will be providing some answers to these questions in the upcoming webinar A Practical Guide to API Security & OAuth for the Enterprise.

This one-hour webinar, featuring research from Forrester Research, Inc., will take place on Wednesday, October 12 at 9am Pacific (which is noon Eastern and 5pm if you’re in the UK). We’re accepting registrations now – so, if you want to learn all about how to securely publish APIs and how to implement OAuth, click here to register.


Eve Maler, Principal Analyst, Forrester Research, Inc.

The webinar will be led by Layer 7 CTO/Chief Architect Scott Morrison and will feature input from Forrester Principal Analyst Eve Maler. Topics covered will include:

  • Different approaches to exposing information through APIs
  • Security considerations for protecting APIs
  • API management best practices
  • When to use OAuth and how best to implement it

If your organization is launching an API publishing program or if you’d simply like to find out what OAuth is all about, you won’t want to miss this webinar.

Register now for A Practical Guide to API Security & OAuth for the Enterprise