Big Data, IoT, API … Newer technologies protected by older security

Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either have current projects that are actively using these technologies, or they are in the planning stages and are about to embark on the mission soon.

Though the underlying need and purpose served are unique to each of these technologies, they all have one thing common. They all necessitate newer security models and security tools to serve any organization well. I will explain that in a bit, but let us see what is the value added by these technologies to any organization:

Read more on PW blog site

 

ZDnet observation about Chief API Officer

Joe McKendrick of ZDnet wrote a blog commenting on my article Chief API officer. You can read it here.

He makes a couple of valid observations which deserves some clarification.

“CMOs may also help reinvent the business as a cloud provider in its own right — even if the business is something other than technology.” – I agree. This is due to the fact that IT is already crunched for capital and struggling to come up with money to spend on new platforms.  CMO not only has more money but can just shift the spending habits from spending on other marketing and revenue generating channels to this newer channel which has more potential.

“And CEOs and CFOs may like this new direction, since the CMO’s job is all about creating new business.” – I agree. I have seen this time and again. There are customers, Aetna is a prime example, who run (or endorse) the API programs out of the CEO office. Watch out for my follow up article where I discuss this in more detail.

“Is this a good thing? Enterprise technology has become incredibly complex, and it takes very technically proficient individuals to understand and guide the business to invest wisely and avoid costly security errors. Plus, many of the consumerish services being adopted by marketing departments are relatively simple compared to the programming and administration that goes into enterprise IT systems.” – This is debatable. First of all, we are not trying to create a new trend, just trying to embrace the trend. That is IT spending being supported by other organizations that are cash rich as opposed to cash strapped IT operations. Plus, when you invest just purely on the opex model, as opposed to capex model, their expenses are relatively cheaper (on a yearly/ usage model basis, not on a TCO basis which is another big debate). Ultimately, what I am suggesting is that while embracing this trend, provide the other organizations with a more mature, robust, and secure solution that will have an oversight and governance of a mature corporate IT unit even though it is owned, operated, measured and managed by people outside corporate IT.

 

The Façade Proxy

KuppingerCole analyst Craig Burton (of Burton Group originally) wrote a recent article about Façade proxies. You can read the article here: http://blogs.kuppingercole.com/burton/2013/03/18/the-faade-proxy/

As Craig notes,

“A Façade is an object that provides simple access to complex – or external – functionality. It might be used to group together several methods into a single one, to abstract a very complex method into several simple calls or, more generically, to decouple two pieces of code where there’s a strong dependency of one over the other. By writing a Façade with the single responsibility of interacting with the external Web service, you can defend your code from external changes. Now, whenever the API changes, all you have to do is update your Façade. Your internal application code will remain untouched.”

I call this “Touchless Proxy”. We have been doing the touchless gateway for over a decade, and now using the same underlying concept, we provide touchless API gateway or a façade proxy.

While Intel is highlighted as a strong solution in this analyst note by KuppingerCole, Craig raises the following point:

“When data leaves any school, healthcare provider, financial services or government office, the presence of sensitive data is always a concern.”

This is especially timely as the healthcare providers, financial institutions, and educational institutions rush to expose their data using APIs to their partners.

Read more of this post

PCI / Cloud Data Privacy webinar – Wednesday Mar/20 @ 12:25 pm

Replay link here for those who missed it. PCI/ PII webinar replay link.

———————————————————————————————————————————-

I am speaking at the SC World eConference this Wednesday (12:25 PM – 01:05 PM) with our customer WestJet on PCI Compliance/ Cloud Data Privacy issues. You can register at the link below. It is free. Plus you earn CPE credits! Attend the session to hear the WestJet use case on how they used Intel solution to get PCI compliant quickly without a long drawn IT engagement.

You can register here: http://tiny.cc/5p15tw

Chief API Officer

Hackathons help you explain APIs to developers. But, do you know who you should be really selling the value of your APIs to? It goes way beyond the developers and IT operational folks. Who do you think it is ……CIO, CTO, CSO or someone else? You will be surprised. Read my article on ProgrammableWeb for more details.

http://blog.programmableweb.com/2013/03/11/is-the-cmo-now-the-chief-api-officer/

Watch out for my API strategy article series soon to be published.

API strategy & practice conference in NYC – Are you going?

Alright, I am sure you have heard this again and again but it’s worth saying it one more time. The first ever API strategy & practice conference is going be in NYC on Feb 21, 22 (http://www.apistrategyconference.com/). If you are just finding this out, it might be way too late for you to get in (But I will tweet anything interesting happening from inside ).  There are 72 companies that are confirmed to participate and sending their API whiz kids, gurus, learners, teachers, procrastinators there to make a difference. Intel is proud to be a Gold sponsor to this event.

Yes, Intel. Not only does Intel do software, but they do it really well too. We have an outstanding API Manager that we released recently which will be showcased there. If you happen to attend this, please stop by my 2 speaking sessions/ panels.

Day 1: 2:20-3:30 – Track 3: API Security and Scalability

As APIs gain adoption they become ever more critical gateways to a company’s core business – ensuring access is secure and scalable are mission critical for your business. Presentations include:

1. Paul Madsen (@PingIdentity) of  Ping Identity
2. Mark O’Neil (@TheMarkONeill) of Vordel
3. Travis Reeder (@treeder) of Iron.io
4. Andy Thurai (@AndyThurai) of Intel
5. Discussion panel on the challenges and solutions for API Security and Scalability

  Read more of this post

State of CA – Split Personality Syndrome?

It’s interesting to see that the state of CA has a split personality disorder! I wrote in a blog about a year ago how the state of CA is being a model citizen by forcing companies to protect consumer sensitive data by protecting the PII information (such as zipcodes and other sensitive information by classifying them as PII) and imposing penalties on companies that don’t comply. (Link here) But now, they sided with Apple stating that for on-line transactions the vendors can collect additional PII information that is not necessary for brick-and-mortar vendors. This means if you are an online retailer and collect such PII data, you need to have a mechanism to protect all this information you are collecting from your consumers, not just the PCI data but the PII data as well. In order to comply with this dual personality, you will need a solution that can encrypt and tokenize the sensitive information as necessary and as seamlessly as possible.

http://news.cnet.com/8301-13579_3-57567526-37/apple-wins-california-credit-card-privacy-case/