Archives Jason Macy

SSO and OKTA PEP – Case Study by AssetMark

By | Date posted: April 27, 2020

AssetMark’s versatile eWealthManager advisor and investor platform is a one-stop portal that combines both client management and account administration functions. Secure single sign-on (SSO), seamless federation with technology partners, and secure multi-factor authentication (MFA) are all critical aspects of the portal to ensure high customer satisfaction while enforcing modern security requirements.  A significant challenge for AssetMark was centralizing various internal and cloud-based identity and access control technologies with an on-premise, high performant, cyber-secure Policy Enforcement Point (PEP).  To complicate matters, the eWealthManager portal services multiple types of users whose experience accessing, and then within, the portal may vary greatly depending on who they are.

To meet these challenges, AssetMark deployed Forum Sentry as an in-line gateway/cyber-secure PEP to provide dynamic data security for the bi-directional traffic (data coming in and data going out).   Forum Sentry combines data security with identity policy enforcement to provide a seamless user experience and agentless PEP to unify SSO across multiple identity repositories and SaaS providers such as OKTA.  

By adopting Forum Sentry as its portal gateway and cyber-secure policy enforcement point, AssetMark has been able to achieve high customer satisfaction while delivering a fast, modern, and secure SSO experience for their varying user groups.

Read the full case study here


Aite Group – Rise of API Security Gateways

By | Date posted: March 31, 2020

Rise of the New API Security Gateway Market

“Out of all the ASGs, Forum was the most remarkable solution we reviewed”

The rise in API data breaches means traditional API gateways with security as a feature and legacy web application firewalls have offered enough empirical data that these technologies are no longer sufficient to protect organizations and their data.

This report proposes a new product category of API security gateways (ASGs) designed to secure organizational externally facing and internally facing APIs in order to highlight the failure of using API gateway solutions to secure APIs. It also emphasizes a need to decouple ASGs from the API gateways product category and explains why attempting to secure APIs against cyberattacks with API gateways and web application firewalls is ineffectual.

Download the Aite Group Report on API Security Gateways to learn why Aite Group recognizes Forum Systems as a leader in API Security and Zero Trust.

KuppingerCole 2020 Leadership Compass

By | Date posted: February 7, 2020

KuppingerCole 2020 Leadership Compass – API Management and Security

Forum Systems named Overall Leader, Product Leader, and Innovation Leader in KuppingerCole 2020 API Management and Security Leadership for it’s flagship product Forum Sentry.

“Forum Systems, which had the distinction of being the product Leader in our previous, more security-focused Leadership Compass, is still being recognized for its continued ‘security first’ approach in their product design, as well as ongoing innovations in areas like DevOps and API analytics.” — Alexei Balaganski, KuppingerCole.

Download the KuppingerCole 2020 API Management and Security Leadership Compass to learn why the leading German analyst firm has named Forum Systems a leader in API Management and Security.


The importance of APIs in public cloud security

By | Date posted: October 11, 2018


“The importance of APIs in public cloud security: How secure do you think yours are? Jason Macy, CTO at Forum Systems explains why cloud security is not the only form of security required for systems and applications running in the cloud.

Most cloud services use their own rendition of API gateways to serve as the single-entry point into the application or service and to provide access control. Because APIs are exposed via API gateways, the gateway product itself has become the target of attack and compromise. Any hacker who can compromise the API gateway will have the ability to turn any “no” into a “yes”. The primary issue is that API gateway technologies were designed for integration, not for security. API security best practices instead use cyber-secure technology for API enablement, which performs the roles of an API gateway, but includes the IAM and cyber security technologies together within the gateway itself. This product technology is known as an API Security Gateway…

Read full article in Cloud Tech News


Broadcom Buys CA: What the Deal Means for CA API Gateway Users

By | Date posted: July 19, 2018

Last week, Broadcom announced its intent to acquire CA Technologies for nearly $19 billion. The news left Wall Street watchers incredulous and bewildered. Some analysts wondered about the two companies’ “business synergies,” while others questioned the “strategic logic” driving the deal.

As for us, what we’re most concerned about is the very thing that continues to drive our business: you, the end user.

Read more

API security: A modern day gold rush? – SC Media UK

By | Date posted: June 19, 2018

API security: A modern-day gold rush? Read what our CTO Jason Macy has to say about it in SC Magazine UK.

The problem with a bolt-on approach to API security is that these API frameworks and toolkits are inherently insecure by definition and were never designed with security in mind, but rather designed for integration.

APIs (Application Programming Interfaces) exist to allow enterprises to make their key resources available to developers, mobile apps, consumers and other companies. They are one of the main ways that technology companies integrate with each other and act as the gateways to all types of functionality. Think of them as being like the plug that goes into an electric wall socket – they provide a standardised way to access the power of an application.

Continue reading article

Risk is Reality: Our Take on the Recent Auth0 Vulnerability

By | Date posted: May 23, 2018

Last month, another major identity management vendor revealed a significant vulnerability. This time it was Auth0.

While conducting its own research, Cinta Infinita discovered the vulnerability in Auth0’s Legacy Lock API. The security firm noted it “was able to bypass password authentication when logging into Auth0’s Management Dashboard by forging an authentication token.”
Read more

Money Mule(Soft): Salesforce Acquires API Integration Company for $6.5 Billion

By | Date posted: March 28, 2018

Well, it has happened again.

Another tech behemoth has made a massive acquisition to bolster its cloud presence – this time in the most expensive cloud software deal in history.

Last fall, it was Google gobbling up Apigee; this week, it’s Salesforce subsuming MuleSoft.

Alliteration aside, what’s the significance of this latest deal, both for the broader industry and for Forum Systems’ customers and partners?
Read more