Has it really been one whole year since my last post? I suspected I was near
that milestone, but it’s still surprising to discover it has been so long.
Blogs have a natural ebb and flow, governed by the irregular rhythms of the
day job. But this was a pretty big ebb—maybe more accurately described as a
Naturally, my absence was not lost on the spammers. That curious breed who
prey on dormant blogs left me with a mountain of weirdly unctuous commentary
that I needed to shovel out of the way just to get to the front door. But now
that I’ve finally worked my way inside, it’s time to turn up the heat,
blow out the cobwebs, and get back to work.
The story of the last year, of course, is the acquisition of Layer 7 by CA
Technologies. This explains my extended absence from writing. I’m no less
busy than in the past, and indeed often quite a bit more, ... (more)
Despite all our advances in communications—from social networking, to
blogs, to actual functional video meetings—the trade conference is still a
necessity. Maybe not as much for the content, which makes the rounds pretty
fast regardless of whether you attend the show or not, but for the
serendipitous meetings and social networking (in the pre-Facebook sense).
I find something comforting in the rhythm and structure a handful of annual
conferences bring to my life. The best ones stay rooted in one location,
occurring at the same time, year after year. They are as much defined by tim... (more)
True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, application... (more)
Here at Layer 7 we get asked a lot about our support for REST.
We actually have a lot to offer to secure, monitor and manage REST-style
The truth is, although we really like SOAP and XML here at Layer 7, we also
really like REST and alternative data encapsulations like JSON.
We use both REST and JSON all the time in our own development.
Suppose you have a REST-based service that you would like to publish to the
world, but you are concerned about access control, confidentiality,
integrity, and the risk from incoming threats.
We have an answer for this: SecureSpan Gate... (more)