Layer 7 Blogs

Join our community of thought leaders as they discuss SOA governance, Cloud security, and all things related. 

K. Scott Morrison

Scott is the Chief Technology Officer and Chief Architect at Layer 7 Technologies, providing the visionary innovation and technical direction for the company. A much sought-after author and speaker, he has published over 50 book chapters, magazine articles, and papers in medical, physics, and engineering journals and is co-author of the upcoming university textbook "Cloud Computing: Principles, Systems and Applications".

• REST Security Does Exist—You Just Need To Apply It
  On the eve of the RSA conference this year, Chris Comerford and Pete Soderling published a provocative article in Computerworld titled Why REST security doesn’t exist. It’s a prelude to a talk the author’s are delivering at the conference. Their...
• The Seven Deadly Sins: The Cloud Security Alliance Identifies Top Cloud Security Threats
  Today marks the beginning of RSA conference in San Francisco, and the Cloud Security Alliance (CSA) has been quick out of the gate with the release of its Top Threats to Cloud Computing Report. This peer-reviewed paper characterizes the top...
• You Can Help the Cloud Security Alliance Classify the Top Threats in the Cloud
  The Cloud Security Alliance (CSA) needs your help to better understand the risk associated with cloud threats. Earlier this year, the CSA convened a working group with the mandate to identify the top threats in the cloud. This group brought...
• The Revolution Will Not Be Televised
  Technology loves a good fad. Agile development, Web 2.0, patterns, Web services, XML, SOA, and now the cloud—I’ve lived through so many of these I’m beginning to lose track. And truth be told, I’ve jumped on my fair share of...
• My Thoughts on Cloud Security in SearchCloudComputing.com
  I had a good talk the other day with Carl Brooks, the technology writer for SearchCloudComputing.com. We spoke about why security is different in the cloud, and what you can learn from approaches like SOA about how to secure cloud-based...

Adam Vincent

Adam is the Chief Technology Officer – Public Sector for Layer 7 Technology and considered a trusted subject matter expert to the Department of Defense (DoD) and Intelligence Community (IC) in their goal of secure net-centric enablement and provided guidance in the government’s goal of sharing information more seamlessly.

Recent Posts

• CNCI Partially Unclassified.

  In the wake of CNN's airing of the two-hour special, We Were Warned: Cyber Shockwave, which stunned much of the public, and this governments administration, Mr. Howard Schmidt, the Executive Branch Cybersecurity Coordinator, or Cyber Czar, gave a keynote...

• Identity and Access Management in Cloud Computing: Part 2

  Cloud Computing Implementation Options and Challenges

  Like any traditional IT project, a project leveraging cloud computing must first look to its requirements. Most IT projects have some requirement for identity whether it be that all...

• Iranian Cyber Army Strikes Again

  At the end of my post in December titled "Iranian Cyber Army Hacks Twitter", I asked "what's next for the Iranian Cyber Army". I appears that although trumped...

• Cyber Attack on Google and Others

  On Tuesday, Google reported in their official blog that in mid-December they detected a "highly sophisticated and targeted" attack on their corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. Additionally, Google stated in...

• Identity and Access Management in Cloud Computing #1
  The new United States Federal Chief Information Officer (CIO) Vivek Kundra is serious about embracing cloud computing as a vehicle for rationalizing government IT assets, costs, and budgets. Aneesh Chopra, the Federal CTO follows suite, and has gone on the...

Francois Lascelles

As the Technical Director, Europe for Layer 7 Technologies, Francois Lascelles advises global corporations and governments in designing and implementing secure SOA and cloud based solutions. Francois joined Layer 7 in its first days back in 2002 and has been contributing ever since to the evolution of the SecureSpan SOA infrastructure product line. Francois is co-author of Prentice Hall¹s upcoming SOA Security book.

Recent Posts

• Connecting the enterprise to the cloud marketplace
  With Google launching its new cloud-based enterprise apps marketplace these days, many people are paying closer attention to a maturing overall cloud offering. One of its components which caught my attention today is ironically something that you are meant to...
• RESTful SAML?
  Existing brokered authentication standards such as SAML Web Browser SSO or OpenID accommodate RESTful web services for browser driven use cases. However, what about RESTful service composition patterns where identities need to be propagated across nested service invocations, or any...
• JSON Schema validation for RESTful Web services
  In The importance of threat protection for restful web services, I presented a number of content-based threats for XML. When protecting an endpoint from XML based attacks, not only are payloads scanned for code injections, malicious entity declarations and parser...
• The importance of threat protection for RESTful web services
  Although certain RESTful web services are of a ‘public’ nature and do not have specific security requirements such as authentication and authorization, any service that has an entry point from an untrusted network is subject to attack and proper threat...
• Standardize HMAC, OAuth RESTful authentication schemes
  As the enterprise is increasingly taking notice of WOA (Web Oriented Architecture) these days, the need for security guidelines and standards for RESTful Web services is becoming more pressing. Sure, RESTful Web services are meant to borrow existing security mechanisms...