Category Archives: PCI & PII Compliance

Big Data, IoT, API …….Newer technologies protected by older security.

By Andy Thurai on May 18, 2013

Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either … Read more >

Health 2.0 and API Management

By Blake Dournaee on May 10, 2013

I just wanted to send a short note that I will be talking about API Management strategy & health care data at the Health Refactored conference next week in Mountain View. I’m hoping to learn a lot of and also … Read more >

Cloud-Aware Tokenization: Helping to Build PCI-Compliant Applications in the Cloud

By Travis Broughton on April 30, 2013

Last year the Open Data Center Alliance published an excellent whitepaper that defined the concept of “cloud-aware” applications. The ODCA paper sets forth the following recommendations: Everything is a Service Use RESTful APIs Separate Compute and Persistence Design for Failure … Read more >

Complexity Management with Tokenization

By Gunnar Peterson on April 8, 2013

Tokenization is a major trend in application and data security and Gateways are an ideal location to deploy tokenization services. Tokenization replaces sensitive data with benign data. The classic example here is PCI DSS, and the business value of tokenization … Read more >

The Façade Proxy

By Andy Thurai on March 20, 2013

KuppingerCole analyst Craig Burton (of Burton Group originally) wrote a recent article about Façade proxies. You can read the article here: http://blogs.kuppingercole.com/burton/2013/03/18/the-faade-proxy/ As Craig notes, “A Façade is an object that provides simple access to complex – or external – … Read more >

Chief API Officer

By Andy Thurai on March 11, 2013

Hackathons help you explain APIs to developers. But, do you know who you should be really selling the value of your APIs to? It goes way beyond the developers and IT operational folks. Who do you think it is ……CIO, … Read more >

Touchless Security for Hadoop – combining API Security and Hadoop

By Blake Dournaee on February 28, 2013

It sounds like a parlor trick, but one of the benefits of API centric de-facto standards such as REST and JSON is they allow relatively seamless communication between software systems. This makes it possible to combine technologies to instantly bring … Read more >

New PCI DSS Cloud Computing Guidelines – Are you compliant?

By Travis Broughton on February 26, 2013

This month the Cloud SIG of the PCI Security Standards Council released supplemental guidelines covering cloud computing. We’re happy to see APIs included as a recognized attack surface. As this document makes clear, responsibility for compliance for cloud-hosted data and … Read more >

Cost Effective PCI DSS Tokenization for Retail (Part I)

By Thomas Burns on October 5, 2012

With PCI-DSS 2.0 compliance newly mandated and recent guidance on PCI DSS tokenization[i] this is an excellent time for merchants to review their compliance and PCI scope reduction strategies. One of the more common approaches to reducing PCI DSS Scope … Read more >

Application Security