Here at Layer 7 we get asked a lot about our support for REST.
We actually have a lot to offer to secure, monitor and manage REST-style
The truth is, although we really like SOAP and XML here at Layer 7, we also
really like REST and alternative data encapsulations like JSON.
We use both REST and JSON all the time in our own development.
Suppose you have a REST-based service that you would like to publish to the
world, but you are concerned about access control, confidentiality,
integrity, and the risk from incoming threats.
We have an answer for this: SecureSpan Gateway clusters, deployed in the DMZ,
give you the ability to implement run time governance across all of your
Pictures are nice, but this scenario is best understood using a concrete
example. For the services, Yahoo’s REST-based search API offers us
everything we need–it even retur... (more)
Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, application... (more)
SOA in the Cloud Expo
I’ll be delivering a Webinar next week about Layer 7’s Enterprise Service
Manager (ESM) product. ESM offers the global view of clusters of SecureSpan
Gateways and the services under their management.
It’s functions fall into three main areas:
Centrally manage and monitor all Gateways and associated services across the
extended enterprise and into the cloud
Automated Policy Migration
Centrally approve and then push policy to any Gateway across the enterprise,
automatically resolving environmental discrepancies
Cloud is now mature enough that we can begin to identify anti-patterns
associated with using these services.
Keith Shaw from Network World and I spoke about worst practices in the cloud
last week, and our conversation is now available as a podcast.
Come and learn how to avoid making critical mistakes as you move into the
I’m not sure who is more excited about the cloud these days: hackers or
venture capitalists. But certainly both groups smell opportunity. An
interesting article published by CNET a little while back nicely illustrates
the growing interest the former have with cloud computing. Fortify Software
sponsored a survey of 100 hackers at last month’s Defcon. They discovered
that 96% of the respondents think that the cloud creates new opportunities
for hacking, and 86% believe that “cloud vendors aren’t doing enough to
address cyber-security issues.”
I don’t consider myself a hacker (exce... (more)