ADVISOR DETAILS

Andy Thurai

Andy Thurai

Andy Thurai is Chief Architect and Group CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Mobile, Big Data, Governance, Security, and Identity solutions for their major corporate customers. In his role, he is responsible for helping Intel/McAfee field sales, technical teams and customer executives. Prior to this role, he has held technology architecture leadership and executive positions with L-1 Identity Solutions, IBM (Datapower), BMC, CSC, and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance, and SaaS. He holds a degree in Electrical and Electronics engineering and has over 25+ years of IT experience.
He blogs regularly at www.thurai.net/securityblog. You can also find him on LinkedIn at http://www.linkedin.com/in/andythurai or on Twitter @AndyThurai
RECENT BLOG POSTS

How to effectively build a hybrid SaaS API management strategy

- By Andy Thurai (@AndyThurai) and Blake Dournaee (@Dournaee). This article was originally published on Gigaom Summary: Enterprises seeking agility are turning to the cloud while those concerned about security are holding tight to their legacy, on-premise hardware. But what … Read more >

The post How to effectively build a hybrid SaaS API management strategy appeared first on Application Security.

Read more >

ATOS API: A zero cash payment processing environment without boundaries

When ATOS, a big corporate conglomerate (EUR 8.8 billion and 77,100 employees in 52 countries), decided that they wanted to become the dominant Digital Service Provider (DSP) for payments, they had a clear mandate on what they wanted to do. … Read more >

The post ATOS API: A zero cash payment processing environment without boundaries appeared first on Application Security.

Read more >

Transform from being a SOA-saurus to participate in the new API economy

Do you want to learn what “API surfacing” is? Do you know how to create low-touch, completely automated APIs that can convert you from existing enterprise orientedness (or being a SOA-saurus) to a more agile, API enabled architecture? Learn how … Read more >

The post Transform from being a SOA-saurus to participate in the new API economy appeared first on Application Security.

Read more >

Big Data, IoT, API …….Newer technologies protected by older security.

Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either … Read more >

The post Big Data, IoT, API …….Newer technologies protected by older security. appeared first on Application Security.

Read more >

The Façade Proxy

KuppingerCole analyst Craig Burton (of Burton Group originally) wrote a recent article about Façade proxies. You can read the article here: http://blogs.kuppingercole.com/burton/2013/03/18/the-faade-proxy/

As Craig notes,

“A Façade is an object that provides simple access to complex – or external – functionality. It might be used to group together several methods into a single one, to abstract a very complex method into several simple calls or, more generically, to decouple two pieces of code where there’s a strong dependency of one over the other. By writing a Façade with the single responsibility of interacting with the external Web service, you can defend your code from external changes. Now, whenever the API changes, all you have to do is update your Façade. Your internal application code will remain untouched.”

I call this “Touchless Proxy”. We have been doing the touchless gateway for over a decade, and now using the same underlying concept, we provide touchless API gateway or a façade proxy.

While Intel is highlighted in a strong note in this analyst note by KuppingerCole, Craig raises the following point:

“When data leaves any school, healthcare provider, financial services or government office, the presence of sensitive data is always a concern.”

This is especially timely as the healthcare providers, financial institutions, and educational institutions rush to expose their data using APIs to their partners.

When we were designing our API management platform that is one of the things we had in mind – Providing a context aware data protection. I wrote an article a few months ago about this, which you can read here. Essentially, not only Intel API solution can detect the sensitive data flowing through the APIs, but it can take action based on the identity, location, invocation and context of the requesting party. This is essentially important as we connect all IoTs (Internet of Things) and have M2M take over the enterprise. You can sense the PCI, PII and other sensitive data, using our Token Broker (ETB) complimentary solution to Intel API Manager, and you can choose to either tokenize the data (the original data will be stored in a secure vault of your choice and location), encrypt the data, or provide a Format Preserving Encryption (FPE) that will allow you to encrypt the data yet maintain the original format of the data.

Check out cloudsecurity.intel.com for more details.

The post The Façade Proxy appeared first on Application Security.

Read more >

PCI / Cloud Data Privacy webinar – Wednesday Mar/20 @ 12:25 pm

I am speaking at the SC World eConference this Wednesday (12:25 PM – 01:05 PM) with our customer WestJet on PCI Compliance/ Cloud Data Privacy issues. You can register at the link below. It is free. Plus you earn CPE credits! Attend the session to hear the WestJet use case on how they used Intel solution to get PCI compliant quickly without a long drawn IT engagement.

You can register here: http://tiny.cc/5p15tw

The post PCI / Cloud Data Privacy webinar – Wednesday Mar/20 @ 12:25 pm appeared first on Application Security.

Read more >

Chief API Officer

Hackathons help you explain APIs to developers. But, do you know who you should be really selling the value of your APIs to? It goes way beyond the developers and IT operational folks. Who do you think it is ……CIO, CTO, CSO or someone else? You will be surprised. Read my article on ProgrammableWeb for more details.

http://blog.programmableweb.com/2013/03/11/is-the-cmo-now-the-chief-api-officer/

Watch out for my API strategy article series soon to be published.  For more information, check out our API management solutions.

The post Chief API Officer appeared first on Application Security.

Read more >