Implementing Identity and Access Control? Don’t Forget the Data!

By | Date posted: May 19, 2016

Last weeks European Identity and Cloud conference (EIC) hosted by KuppingerCole in Munich, Germany, proved to be the start of a week full of conversations focusing on the questions and challenges surrounding identity. Conversations around terms and phrase such as “Centralized Identity”, “Hybrid-Cloud” and the latest hot topic of “Blockchain” filled the hall and exhibition center but the one conversation binding them all was “Security”, more specifically how to secure the actual data that identities are communicating without complicating the business process.
Read more

GCN Industry Insight: How to secure the API-enabled enterprise

By | Date posted: March 24, 2016

In this article, Jason Macy – CTO of Forum Systems, highlights how classic cyber security falls short when agencies and corporations deploy APIs. Classic cyber security deployments are blind to API traffic content and patterns and require a comprehensive API security management strategy that this article helps define.

Application programming interfaces are at the forefront of today’s technology innovations. They allow mobile applications, cloud computing and legacy systems to abstract infrastructure applications and services from the integration points that they serve. API architectures deliver the rapid innovation and agile development that have transformed both corporate and government IT architectures. But despite APIs’ ubiquity and unquestioned business value, from a security standpoint they are often overlooked and under-protected.

Read the full article


Content-Based Access Control: Three Areas of Consideration

By | Date posted: November 16, 2015

In an API economy, content-based access control (CBAC) grants or denies a customers request based on the content that is sent. In most cases content-based access control is used along with identity processing, but it can be used on it’s own for granting or denying API requests by identifying threats, verifying signatures or validating structure of the content and messages being sent.

Read more

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

By | Date posted: September 14, 2015

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red flag with all developers, then the events of the past few months should. Not only are such incidents more common, they are becoming more disruptive.

Read more

SOAP-to-REST Conversion Does Not Have to be Complex and Time-Consuming

By | Date posted: July 23, 2015

SOAP-to-REST conversion is a critical aspect of secure Agile API development. Time is not a luxury that B2B application developers can enjoy. Demand is high, turnaround times are short, and the ever-increasing adoption of powerful mobile devices creates a parallel demand for providing mobile apps access to internal business APIs which may have been originally built for legacy B2B applications. Read more

OPM Breach Proves Einstein Cybersecurity Not Enough

By | Date posted: June 8, 2015

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics and analytics without the capability to enforce what the systems in the network are actually meant to do, and what information they are meant to receive and send. Read more

Keeping the “Internet of Things” Simple

By | Date posted: April 7, 2015

I once received a lengthy letter from a friend of mine that quoted the old adage, “I would have written a shorter letter, but I didn’t have the time.”

We often find in our lives that there is too little time to deal with so much stuff and information that we are barraged with each day, let alone managing it effectively. The so-called Internet of Things has the potential of crippling enterprise organizations who do not take the time to simplify now. However, by simplifying in two areas, they can save headaches caused by complexity in the future. Read more