API Security

Cloud(ed) Judgment: OneLogin’s Breach Continues to Fuel the Security Debate

When it comes to the next big data breach, it’s never a matter of if, but a discussion of when. This time, the target was identity and access management firm OneLogin, which recently shut down its U.S. data center due … Read MoreRead More

The President’s New EO Gets the Gist of NIST

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the … Read MoreRead More

PSD2: An Open Concept in Banking Mandating the Use of APIs

A revolution is occurring in European banking and APIs are leading the way. Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services … Read MoreRead More

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red … Read MoreRead More

OPM Breach Proves Einstein Cybersecurity Not Enough

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics … Read MoreRead More

Keeping the “Internet of Things” Simple

I once received a lengthy letter from a friend of mine that quoted the old adage, “I would have written a shorter letter, but I didn’t have the time.” We often find in our lives that there is too little … Read MoreRead More

Multiple Layers of Wallpaper and API Access

In one episode of the television show This Old House, a homeowner needed to install a new electrical outlet. As he began to peel back the existing wallpaper it revealed another layer of wallpaper. Underneath the newfound layer of wallpaper … Read MoreRead More

Why Security Certifications Matter

We recently announced that Forum Sentry is the first and only API gateway to attain compliance with the internationally recognized Network Device Protection Profile (NDPP) certification. We are also the only FIPS- and DoD-certified cloud integration technology in the industry. … Read MoreRead More

EAL Certification is Dead

In October of 2009, the National Information Assurance Partnership (NIAP), transitioned away from Evaluation Assurance Levels (EAL) and moved to Protection Profiles (PP). NIAP made the move to PPs because EAL requirements gave a false level of security. … Read More

Three Federated API Requirements for Enterprise Cloud Computing

Successful enterprise API implementations are built on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownership defines an API domain. Deciding what services are core to a business owner and should … Read MoreRead More