I had a speaking opportunity at QCON in Big Apple last week. As usual Big Data and Mobility were the dominating topics in this conference. Surprisingly, there was a strong html5 presence as well. At least ten presentations (including mine) were … Read more >
Author Archives: Application Security
Proxy Workflows Tokenization can be a good strategy for staying out of the news. These are the headlines of our times: “Hospital warns patients of a data breach” – May 9, 2013. “Hospice informs 800 patients of health data breach” … Read more >
For the first time in my life, I was in Spain (Madrid) last week. What a lovely country and people. Great food too! It amazes me how people can speak multiple languages and entertain the clueless tourists like me by … Read more >
In the previous post we looked at some of the policy zones that an Enterprise API Management has in Mobile security, including: 1. External security policy: for the Mobile device -> API Management Layer message exchanges 2. Internal security policy: … Read more >
The post Enterprise API Management for Mobile Part 2 – Don’t Trust. And Verify appeared first on Application Security.
It’s apps that always get the glory don’t they? After reflecting on my talk at the Health Refactored conference in Mountain View last week, I saw a lot of focus on the consumer and client side of the healthcare API … Read more >
The post Where do secure, private and compliant APIs come from? appeared first on Application Security.
API Evangelist Kin Lane has just released a new paper that provides an overview of the Backend as a Service space. Kin’s research does a great job covering the breadth of tools and services that get lumped in under the … Read more >
The post Cloud Service Brokerage: Enabling MBaaS for the Enterprise appeared first on Application Security.
Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either … Read more >
The post Big Data, IoT, API …….Newer technologies protected by older security. appeared first on Application Security.
Kin Lane has started tracking what he calls API Brokers over at API Evangelist. This quote illustrates the promise of API brokerage: I envision other new API brokers emerging, in niche areas like images, video or messaging. Imagine if you could … Read more >
The post Be Your Own Broker: An Enterprise Perspective using API Management appeared first on Application Security.
I saw a conversation today on Twitter that asked why we don’t just embed proper security into Hadoop instead of suggesting the API gateway approach to Hadoop security that my colleague Blake proposed. The same could be asked about any number … Read more >
The post Hadoop Security: Internal or External? Why not both! appeared first on Application Security.
Join us Wednesday, May 22 at 10:00a Pacific / 1:00p Eastern for our next webinar with Capital One and Mashery: APIs are a hot topic in all sectors of IT – they have gone from being niche solutions provided by … Read more >
The post Our Next Webinar: Five Practical Steps to Building an Enterprise Class API Program appeared first on Application Security.
I just wanted to send a short note that I will be talking about API Management strategy & health care data at the Health Refactored conference next week in Mountain View. I’m hoping to learn a lot of and also … Read more >
Visionmobile released a new info-graphic earlier this week that puts some spotlight back on HTML5. While HTML5 is in third place compared to Android and iOS for development and deployment platforms, the most interesting aspect of the survey is the … Read more >
It’s springtime and there is a buzz in the air. The API Management market place is heating up. Businesses are seeing the value in exposing data. In the world of Healthcare IT, the drive to accelerate electronic health record adoption collides … Read more >
Last year the Open Data Center Alliance published an excellent whitepaper that defined the concept of “cloud-aware” applications. The ODCA paper sets forth the following recommendations: Everything is a Service Use RESTful APIs Separate Compute and Persistence Design for Failure … Read more >
The post Cloud-Aware Tokenization: Helping to Build PCI-Compliant Applications in the Cloud appeared first on Application Security.
The continuing transformation of the IT industry around the externalization of service components constitutes an exercise in abstraction. The transformation assumes that any IT application can be recursively decomposed into constituent services. An application that has been re-architected or engineered … Read more >
The post From ESBs to API Portals: an Evolutionary Journey Part 4 appeared first on Application Security.
Over the next several posts, I will explore some of the core patterns for Service Gateways that provide access to Enterprise Mobile Applications that need to leverage enterprise apps and data. Before I go there – a word about risk. … Read more >
The post Betwixt and Between – Service Gateway for Enterprise Mobile Applications appeared first on Application Security.
Tokenization is a major trend in application and data security and Gateways are an ideal location to deploy tokenization services. Tokenization replaces sensitive data with benign data. The classic example here is PCI DSS, and the business value of tokenization … Read more >
So, here are some questions that have been on my mind lately: How can Enterprises reduce cost drivers for mobile enablement? Can APIs and HTML5 provide the basis for a long term mobile strategy? Can Enterprises avoid lock-in with mobile … Read more >
A few weeks ago I blogged about different Mobile Middleware usage models for enterprise. Continuing that thread, this post will drill down into API security considerations for enterprise mobile apps. Mobile applications are typically intended for use outside of the … Read more >
The post Mobile Middleware for the Enterprise: API Security Considerations appeared first on Application Security.
In this article series we build the case for API portals, out of which the Intel® Expressway Service Gateway and the Intel® API Manager, powered by Mashery are representative examples, as the contemporary manifestations of the SOA movement that transformed IT in the … Read more >
The post From ESBs to API Portals: an Evolutionary Journey Part 3 appeared first on Application Security.