Welcome!

Blog Feed Post

New eBook: Five Simple Strategies For Securing Your APIs

Recently I wrote about the excitement I feel working within CA. This company is full of talented people, and when you draw on their capabilities, amazing stuff happens. Here in R&D we have some innovative solutions underway that are a tangible result of CA and Layer 7 working well together. I can’t reveal these yet, but you can see the same 1+1=3 equation at work in other groups throughout the organization.

Here is a good example. It’s an eBook we’ve assembled to help managers and developers build more secure APIs. The material started with a presentation I first delivered at a recent RSA show. We updated this with best practices developed by real customers facing real challenges. The content is solid, but what I love is the final product. It’s accessible, easy to digest, and the layout is fantastic. Half the battle is delivering the message so that it’s clear, approachable and actionable. This is just what we delivered. And best of all, it’s free.

The last year has been a difficult one in security. The Snowden affair made people talk about security; this, at least, is good and the dialog continues today. But if 2013 was a year of difficult revelation, 2014 is going to be about back-to-basics security.

APIs offer tremendous business value to enterprise computing. But they also represent a potential threat. You can manage this risk with a solid foundation and good basic practices, but you need to know where to start. This is the theme of our new eBook. It offers simple guidelines, not tied to a particular technology. You should apply these whenever you deploy APIs.

I hope you find this eBook useful. As always, I’d love to hear your feedback.

Download: Five Simple Strategies For Securing Your APIs.


Read the original blog entry...

More Stories By Scott Morrison

K. Scott Morrison is the Chief Technology Officer and Chief Architect at Layer 7 Technologies, where he is leading a team developing the next generation of security infrastructure for cloud computing and SOA. An architect and developer of highly scalable, enterprise systems for over 20 years, Scott has extensive experience across industry sectors as diverse as health, travel and transportation, and financial services. He has been a Director of Architecture and Technology at Infowave Software, a leading maker of wireless security and acceleration software for mobile devices, and was a senior architect at IBM. Before shifting to the private sector, Scott was with the world-renowned medical research program of the University of British Columbia, studying neurodegenerative disorders using medical imaging technology.

Scott is a dynamic, entertaining and highly sought-after speaker. His quotes appear regularly in the media, from the New York Times, to the Huffington Post and the Register. Scott has published over 50 book chapters, magazine articles, and papers in medical, physics, and engineering journals. His work has been acknowledged in the New England Journal of Medicine, and he has published in journals as diverse as the IEEE Transactions on Nuclear Science, the Journal of Cerebral Blood Flow, and Neurology. He is the co-author of the graduate text Cloud Computing, Principles, Systems and Applications published by Springer, and is on the editorial board of Springer’s new Journal of Cloud Computing Advances, Systems and Applications (JoCCASA). He co-authored both Java Web Services Unleashed and Professional JMS. Scott is an editor of the WS-I Basic Security Profile (BSP), and is co-author of the original WS-Federation specification. He is a recent co-author of the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing, and an author of that organization’s Top Threats to Cloud Computing research. Scott was recently a featured speaker for the Privacy Commission of Canada’s public consultation into the privacy implications of cloud computing. He has even lent his expertise to the film and television industry, consulting on a number of features including the X-Files. Scott’s current interests are in cloud computing, Web services security, enterprise architecture and secure mobile computing—and of course, his wife and two great kids.

Layer 7 Technologies: http://www.layer7tech.com
Scott's linkedIn profile.
Twitter: @KScottMorrison
Syscon blog: http://scottmorrison.sys-con.com

Latest Stories
​Blockchain, also known as Distributed Ledger Technology (DLT), can be used for more than just crypto currencies. This presentation discusses how blockchain and the Internet of Things (IOT) can be used for several supply chain management and logistics use cases. Real world examples that utilize the open source project Hyperledger will be discussed.
Gym Solutions is a software as a service (SaaS) solution purpose-built to service the fitness industry, with over 1000 clients servicing over 2 million gym members across 40 countries making Perfect Gym Solutions one of the largest and fastest growing SaaS applications in the fitness industry. Their platform is a comprehensive package of modern modular products for the management of fitness clubs, sports facilities and gyms an end- to end solution, revolutionising the way that gyms are managed. ...
Enterprises are universally struggling to understand where the new tools and methodologies of DevOps fit into their organizations, and are universally making the same mistakes. These mistakes are not unavoidable, and in fact, avoiding them gifts an organization with sustained competitive advantage, just like it did for Japanese Manufacturing Post WWII.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo...
There's no doubt that blockchain technology is a powerful tool for the enterprise, but bringing it mainstream has not been without challenges. As VP of Technology at 8base, Andrei is working to make developing a blockchain application accessible to anyone. With better tools, entrepreneurs and developers can work together to quickly and effectively launch applications that integrate smart contracts and blockchain technology. This will ultimately accelerate blockchain adoption on a global scale.
As the fourth industrial revolution continues to march forward, key questions remain related to the protection of software, cloud, AI, and automation intellectual property. Recent developments in Supreme Court and lower court case law will be reviewed to explain the intricacies of what inventions are eligible for patent protection, how copyright law may be used to protect application programming interfaces (APIs), and the extent to which trademark and trade secret law may have expanded relev...
The Blockchain Benchmark asks and answers the questions many people want to know about the state of Blockchain: What are the biggest barriers? What was your motivation to get involved? When will it mainstream? Who are the true influencers? What are its top use cases? Who will win over the next 5 years? How will the future unfold? And 20+ other valuable questions.
Ivo Lukas is the Founder/CEO for 24Notion. 24Notion is the first integrated marketing/digital PR & lifestyle agency with special emphasis on giving back to the global communities. With a broad understanding the art of non- traditional marketing, new media, communications and social influence. 24Notion ranked #12 in Corporate Philanthropy nominated by Portland Business Journal Book of List.
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world’s first provider of an Enterprise Linux distribution. Today, thousands of businesses worldwide rely on SUSE for their mission-critical computing and IT management needs.
Provide an overview of the capabilities of Azure Stack allowing you or your customers to adopt truly consistent Hybrid Cloud capabilities to deliver greater productivity in your cloud world. Ultan Kinahan is on a member of the Global Black Belt team at Microsoft with a focus on Azure Stack Hybrid Cloud. Ultan has been in the Azure team since the beginning, Has held roles in Engineering, Sales and now consults with both small to medium size business and the worlds largest organizations on how to ...
SAP is the world leader in enterprise applications in terms of software and software-related service revenue. Based on market capitalization, we are the world's third largest independent software manufacturer. Harness the power of your data and accelerate trusted outcome-driven innovation by developing intelligent and live solutions for real-time decisions and actions on a single data copy. Support next-generation transactional and analytical processing with a broad set of advanced analytics - r...
Mid-sized companies will be pleased with StorageCraft's low cost for this solution compared to others in the market. There are no startup fees, our solution has a predictable monthly cost, highly competitive pricing and offers ongoing value for our partners month after month. By enabling pooling and StorageCraft's 30-days of free virtualization the company removes several concerns surrounding machine size management and disaster recovery testing costs that add to the complexity of implementing a...
Blockchain is a new buzzword that promises to revolutionize the way we manage data. If the data is stored in a blockchain there is no need for a middleman - the distributed database is stored on multiple and there is no need to have a centralized server that will ensure that the transactions can be trusted. The best way to understand how a blockchain works is to build one. During this presentation, we'll start with covering the basics (hash, nounce, block, smart contracts) and then we'll create ...
In addition to 22 Keynotes and General Sessions, attend all FinTechEXPO Blockchain "education sessions" plus 40 in two tracks: (1) Enterprise Cloud (2) Digital Transformation. PRICE EXPIRES AUGUST 31, 2018. Ticket prices: ($295-Aug 31) ($395-Oct 31) ($495-Nov 12) ($995-Walk-in) Does NOT include lunch.
DevOpsSUMMIT at CloudEXPO will expand the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike. Recent research has shown that DevOps dramatically reduces development time, the amount of enterprise IT professionals put out fires, and support time generally. Time spent on infrastructure development is significantly increased, and DevOps practitioners report more software releases and higher quality. Sponsors of DevOpsSUMMIT at CloudEXPO will b...