API Security

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

By | Date posted: September 14, 2015
IoT

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red flag with all developers, then the events of the past few months should. Not only are such incidents more common, they are becoming more disruptive.

Read more

OPM Breach Proves Einstein Cybersecurity Not Enough

By | Date posted: June 8, 2015
Security-Breach

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics and analytics without the capability to enforce what the systems in the network are actually meant to do, and what information they are meant to receive and send. Read more

Keeping the “Internet of Things” Simple

By | Date posted: April 7, 2015
IoT

I once received a lengthy letter from a friend of mine that quoted the old adage, “I would have written a shorter letter, but I didn’t have the time.”

We often find in our lives that there is too little time to deal with so much stuff and information that we are barraged with each day, let alone managing it effectively. The so-called Internet of Things has the potential of crippling enterprise organizations who do not take the time to simplify now. However, by simplifying in two areas, they can save headaches caused by complexity in the future. Read more

Why Security Certifications Matter

By | Date posted: November 18, 2014
API-100

We recently announced that Forum Sentry is the first and only API gateway to attain compliance with the internationally recognized Network Device Protection Profile (NDPP) certification. We are also the only FIPS- and DoD-certified cloud integration technology in the industry. Now PP Compliant, Forum Sentry is the industry’s only API Gateway to achieve these certifications for technology that enables secure connectivity between users, applications and the cloud. 
Read more

Three Federated API Requirements for Enterprise Cloud Computing

By | Date posted: May 15, 2014
API-100

Successful enterprise API implementations are built on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownership defines an API domain. Deciding what services are core to a business owner and should be implemented within the owner’s API domain versus consumed from a third-party API domain becomes a critical part of building a Federated API.

Read more

How Java™ Could Have Prevented Heartbleed

By | Date posted: April 29, 2014
Heartbleed

OpenSSL continues to cast a shadow over the IT industry’s poor choice of programming languages for developing secure software. Neils Ferguson and Bruce Schneier’s mantra, that using a programming language without protection against buffer overflows is tantamount to criminal negligence, is a continuous reminder of memory related security bugs that plague our industry. Read more

OpenSSL Security Vulnerabilities and other C-based Risks

By | Date posted: April 11, 2014
sentry-100

One of the most significant OpenSSL security vulnerabilities is the latest Heartbleed OpenSSL security flaw (CVE-2014-0160). This OpenSSL security vulnerability is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. You can be certain that IT security folks out there felt that they were making the right architectural decisions to secure the enterprise. The problem isn’t the intent, the problem is the premise. Applications, wrapped in security band-aids , is not a sound enterprise risk mitigation strategy. Sure, Apache and OpenSSL are widely available and have been around for a long time, but look where it has led us.

Read more