Earlier today, CNET published an interview with Marc Andreessen, in which the Netscape founder and influential VC outlines his personal vision for where tech is heading in the near future. His new tagline, from a piece he wrote for the New York Times, is “software is eating the world”, a blunt reference to how software increasingly appears out of nowhere to utterly consume a traditional practice or business model — be this in commerce, the social realm or just about everywhere.

Andreessen asserts that this affect will only accelerate in the future because of the explosion we are experiencing in mobile computing:

"Most of the people in the world still don’t have a personal computer, whereas in three to five years, most people in the world will have a smartphone…. If you’ve got a smartphone, then I can build a business in any domain or category and serve you as a customer no matter where you are in the world in just gigantic numbers — in terms of billions of people."

This new scale of mobile is something we’re only beginning to see but it is becoming clear that the change this will bring about is going to be profound. Mobile computing is very interesting to Layer 7 — watch our for some interesting new developments coming out of our labs early in the new year.

I discovered a similar indicator of mobile interest using Google’s Insights for Search. Pete Soderling and Chris Comerford from Stratus Security Technologies gave an excellent talk, back in 2010 at the RSA show, about REST security. They illustrated how the zeitgeist around distributed computer communications was changing over time, by comparing search volume for “SOAP Security” (blue line) and “REST Security” (red line):

Try this out for yourself here.

What struck me about this was not that REST came up so fast — you’d have to be living under a rock to have missed that one — but that the two approaches have been tracking roughly equivalent over the last year. This mirrors our own experience at Layer 7, where we support both SOAP and REST security equally. We see similar patterns of interest coming from our customers.

What is even more interesting is what happens when you add “Mobile Security” (yellow line) to the mix:

Try it here.

The future indeed, will be written from a hand-held device.

This week’s dip into the Layer 7 archive provides real-world advice on how providers of Cloud services can securely expose their APIs to third-party developers. Featuring input from eBay Chief Security Strategist Liam Lynch, Managing API Security in SaaS & Cloud will definitely be of interest to anyone who enjoyed our recent Webinar with Best Buy and Amazon Web Services.

For Cloud providers, API publishing has become critical to enabling integration with enterprise systems, sharing information across affiliate Web sites and providing mobile access to services. Of course, Cloud computing and API publishing create all sorts of new security concerns, which is where secure integration providers like Layer 7 come in.

This webinar was co-presented with our friends at the Cloud Security Alliance but it’s about more than just security. A truly safe and secure API publishing programming will have to tackle the full range of API management concerns. Specifically, Cloud API publishers need ways to address versioning and to meter consumption without burdening either developers or consumers.

To find out more, you can read about the webinar on the Layer 7 Web site or simply watch the recording in the player below.

Next week, Layer 7 will be exhibiting at a couple of events, both of which have a strong Cloud security focus. Between November 13 and 16, we’ll be in Las Vegas for CA World, where we’ll be setting up shop in the Cloud Section and the Security Section. On November 16 and 17, we’ll be at the Cloud Security Alliance Congress in Orlando.

With these Cloud security-focused events just around the corner, it seems like a good time to mention our archived webinar Extending Enterprise Security into the Cloud. Presented with The 451 Group, this webinar explored ways for enterprises to extend existing security investments into the Cloud without incurring significant costs or creating additional IT complexity.

Presentations from Layer 7 CTO Scott Morrison and 451 Group Security Analyst Steve Coplan, delved into how enterprises can leverage the identity, privacy and threat-protection technologies they already own to facilitate the secure adoption of SaaS, IaaS and other Cloud-based technologies.

You can read more about the webinar in our Resource Library or simply watch the recording in the player below, courtesy of the Layer 7 YouTube Channel.

And if you happen to be attending either CA World or the CSA Congress, stop by and say “hi”. CA World attendees can find us at Partner Pedestal 261A in the Cloud Section and Partner Pedestal 338B in the Security Section. For the CSA conference we’ll be at table 10. Hope to see you there!

Yesterday, we looked at how an enterprise can enable a more mobile, iPad-equipped workforce through secure, scalable API management from Layer 7. Today, it’s time to show something similar for the iPad’s little bro. Our very latest case study focuses on one of the first airlines to roll out an iPhone app.

When the folks at Alaska Airlines decided to stay one step ahead of the competition by replacing their initial iPhone release with a next-generation app combining internal data with information from external sources, they knew they needed an enterprise-level API management solution that could support API composition, caching and advanced security functionality.

And so they came to Layer 7. Find out why…
Read the case study >>

Yesterday, Layer 7 held what turned out to be the company’s number one most popular webinar ever: A Practical Guide to API Security & OAuth for the Enterprise. The remarkably large number of sign-ups we had for this event stands as evidence of the hunger for expert insight into issues around Web API generally and OAuth in particular. In this case, the expert insight was provided by Eve Maler, Principal Analyst at Forrester Research, Inc.,  as well as by Layer 7’s own Scott Morrison. Judging from the feedback we received during and after the session, quite a few people found this webinar to be particularly insightful and thought-provoking.

Input from Forrester Research, Inc. is always valuable and Eve Maler’s presentation – OAuth as a Serious API Security Tool for Enterprises: A Practical Overview – certainly didn’t disappoint. She began by positioning OAuth as “a powerhouse of API security and SSO solutions” and went on to advise that enterprises should “Leverage OAuth’s ascendance while minding its weaknesses”. The key point here was that OAuth may be simple but that doesn’t mean it has to be a low-security option. If an enterprise uses and insists on OAuth best practices, OAuth can indeed be a serious API security tool and can work in environments that require “zero trust”. Eve went on to give some great, practical advice for security and risk professionals and developers looking to leverage OAuth

Next, Scott provided a practical demonstration of how Layer 7′s OAuth Toolkit can be used to ensure the consistent application of these best practices. The OAuth Toolkit provides enterprises with a centralized way to create and implement OAuth for all their protected services and APIs. Layer 7’s OAuth capabilities support a variety of standards, including OAuth 1.0a, OAuth 2.0, SAML 1.1, SAML 2.0, WS-Trust, REST and JSON, among others.

For those of you who missed the event, we now have the full one-hour recording online. Click here to find out more about the webinar and download a copy. Alternatively, you can simply stream the complete recording in the player below, courtesy of the Layer 7 YouTube channel.