SAML SSO 5 Security Check Points

By | Date posted: August 1, 2016

Security Assertion Markup Language, or SAML, provides numerous benefits to enterprises, organizations and governments. One of its greatest assets is Single Sign-On (SSO), the ability to enable users to securely access multiple applications with a single set of credentials, entered once. With SAML, users and organizations can conduct business faster and more efficiently by seamlessly accessing multiple applications on the same domain or on multiple domains.


Read more

Establishing Identity Federation: Combining Identity With Data Security

By | Date posted: July 7, 2016

Identity Federation – Internal and External Services, Internal and External Users

Establishing an identity and trust solution among computing systems in a network ecosystem is not new to information technology, what is new is the multiple factors enterprises must consider when implementing and finding a seamless solution to leverage access to not only existing identity repositories, legacy systems and more and more services moving to the cloud.
Read more

Implementing Identity and Access Control? Don’t Forget the Data!

By | Date posted: May 19, 2016

Last weeks European Identity and Cloud conference (EIC) hosted by KuppingerCole in Munich, Germany, proved to be the start of a week full of conversations focusing on the questions and challenges surrounding identity. Conversations around terms and phrase such as “Centralized Identity”, “Hybrid-Cloud” and the latest hot topic of “Blockchain” filled the hall and exhibition center but the one conversation binding them all was “Security”, more specifically how to secure the actual data that identities are communicating without complicating the business process.
Read more

GCN Industry Insight: How to secure the API-enabled enterprise

By | Date posted: March 24, 2016

In this article, Jason Macy – CTO of Forum Systems, highlights how classic cyber security falls short when agencies and corporations deploy APIs. Classic cyber security deployments are blind to API traffic content and patterns and require a comprehensive API security management strategy that this article helps define.

Application programming interfaces are at the forefront of today’s technology innovations. They allow mobile applications, cloud computing and legacy systems to abstract infrastructure applications and services from the integration points that they serve. API architectures deliver the rapid innovation and agile development that have transformed both corporate and government IT architectures. But despite APIs’ ubiquity and unquestioned business value, from a security standpoint they are often overlooked and under-protected.

Read the full article


Content-Based Access Control: Three Areas of Consideration

By | Date posted: November 16, 2015

In an API economy, content-based access control (CBAC) grants or denies a customers request based on the content that is sent. In most cases content-based access control is used along with identity processing, but it can be used on it’s own for granting or denying API requests by identifying threats, verifying signatures or validating structure of the content and messages being sent.

Read more

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

By | Date posted: September 14, 2015

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red flag with all developers, then the events of the past few months should. Not only are such incidents more common, they are becoming more disruptive.

Read more

SOAP-to-REST Conversion Does Not Have to be Complex and Time-Consuming

By | Date posted: July 23, 2015

SOAP-to-REST conversion is a critical aspect of secure Agile API development. Time is not a luxury that B2B application developers can enjoy. Demand is high, turnaround times are short, and the ever-increasing adoption of powerful mobile devices creates a parallel demand for providing mobile apps access to internal business APIs which may have been originally built for legacy B2B applications. Read more

OPM Breach Proves Einstein Cybersecurity Not Enough

By | Date posted: June 8, 2015

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics and analytics without the capability to enforce what the systems in the network are actually meant to do, and what information they are meant to receive and send. Read more