Today’s lead article on Ars Technica talks about the importance of
protecting back-end resources in the context of mobile applications. The
article rightly stresses the importance of this security, talks about the
uptake in OAuth and cites API Gateway solutions as a popular option in this
However, the article clearly misstates the capabilities of an API Management
solution founded on an API Gateway. I am going to assume that the author only
had exposure to API Gateways second hand or through a competitor of Layer 7.
Here are the misconceptions propagated by the article, along with some
“These API gateway services can be prohibitively expensive for small-scale
applications… ‘You can replicate the API gateway by creating a set of
proxy services in their data center in an application container in their
Trying to create your own homegrown... (more)
It’s April in Vancouver, which got me thinking about clouds. Although the
IT buzz in 2012 has been dominated by mobile and big data, Cloud computing is
still a hot topic, especially since it is an enabler for both.
In the public Cloud space, Google just launched Drive in the same week that
Microsoft updated SkyDrive. In the private Cloud domain, IBM recently
announced its PureSystems platform, which falls along similar lines as the
Exa- line from Oracle.
It will be interesting to see whether or not big enterprises buy into this
“21st century mainframe” concept but what’s clear is... (more)
A recent study by researchers at North Carolina State University and the
University of Oregon describes a threat scenario that allows attackers to
exploit cloud-based resources for malicious purposes like cracking passwords
or launching denial-of-service attacks. The study has gotten a lot of
attention, including articles in reputable sources like Dark Reading, Ars
Technica and Network World.
In order to optimize the performance of mobile apps or browsers, some
computation-heavy functions have been offloaded to cloud-based resources,
which in turn access backend resources and We... (more)
I recently wrote an article for Wired, which discussed the importance of
thinking about security at every stage of your application lifecycle. This
is especially important as we enter the new era of open enterprise IT. The
explosive growth of mobile computing has shifted the enterprise perimeter and
traditional access control mechanisms are no longer sufficient. This is even
more relevant when thinking about the Internet of Things (IoT) and its
rapidly evolving ecosystem.
George Reese of Dell recently published an article that discusses the Tesla
Model S REST API. This API ena... (more)
There has been a lot of talk about data leaks and data privacy lately, not
naming any names. The articles and blog entries on this topic are filled with
outrage and spoken with dropped jaws. I have to admit that the only shock I
experience on this subject is at how shocked people are. As divisive as these
issues are, fundamental questions remain. How much privacy should be
expected? How many times a week are you prompted to accept a long block of
terms and conditions in order to access online services? How many times do
you read them? Isn’t that the scary part?
The mobile revol... (more)