Gartner AADI scoop

Every year there seems to be a new buzz at the Gartner AADI conference. Last year it was Mobility. While Mobility still seems to be a hot topic, this year everyone seemed to be buzzing about API Management and Big Data. I think it is an appropriate time for Intel to release the composite API Manager given the buzz I saw here alone (and I will tell you what we are doing in Big Data soon enough. Something big is coming soon).  For the naysayers who suggest that Intel does dinosaur technology, I want you to check this out. The sessions hosted by Intel at the Gartner AADI conference were well attended with keen interest by Enterprise Architects, Security Architects and Developers alike. The following sessions were presented by Intel, at the Intel booth, which had the heaviest traffic I have seen of any vendors that had a presence there.

Kin Lane – Master of API himself presented two “API Building Blocks” sessions. (I am doing a keynote session with Kin for ISACA in a few days. Check it out if you have time. It will be worth it, I promise – Link).

Appcelerator did two sessions on Building Mobile Apps in 15 mins and how to use Intel Manager as a run time Mobile enabler.

Virtustream presented Trusted API access to MBaaS using Intel API Manager.

Yours truly presented 2 sessions on Mobile middleware.

Not only that, we have seen the heaviest traffic in our booth since we started going to the Gartner AADI event. Finally people seem to realize that Intel does software (Read my blog on that here).

Thanks to all those who stopped by our booth. Congratulations to the Virtual Keyboard winners. Seems like a very cool gadget. I wish I had one 🙂

I will try to post some pictures from the Gartner AADI event soon.

Get the Straight Facts…Intel® API Manager Revealed

We announced an Intel API management solution recently. If you missed our announcement, please read up to see the goodies we have for you in our composite API platform.

Just creating outstanding APIs is not enough. Intel realized that you need to have a mechanism to communicate, explain, onboard, collaborate, and manage developers. Our API manager provides a composite solution that provides On-Premise and Cloud deployed API portals, and a mechanism to manage your APIs and help with developer on-boarding, registration, portal administration, content management system, community tools and developer enablement tools.

Initially I was going to write a blog about what we do best and how we are different. However, I was amazed just looking at the amount of features we released in this version. So I am going to save the story and give you the straight facts below:

Read more of this post

Another classic case of Data Loss that could have been easily prevented

I was catching up on my reading from my security forums and this caught my attention. In a hack of the SC state tax department there were about 3.6 million tax returns stolen. The stolen information included SS#, CC numbers, names, addresses, etc. But the one that caught my attention the most was this:

The hacked personal income tax returns included Social Security numbers and about 387,000 credit and debit card numbers, 16,000 of which were not encrypted.

Why would anyone choose to encrypt partial data? It looks like there is a policy and/or workflow flaw. I hope they didn’t do this based on identities. Were red customers encrypted and not the blue? Check out my blog on context/ identity aware data protection to implement this the right way (link here). There is a reason why I am not paying my taxes using a Credit Card. Atleast not until they use Intel ETB (Token Broker) to protect that data :). If they had used our solution this wouldn’t have happened to begin with. We could have encrypted the sensitive data (PII), while preserving the format, and tokenized the credit card (PCI) information.

http://chronicle.augusta.com/news/metro/2012-11-02/hacked-data-often-sold-expert-says

Part 2: Context aware Data Privacy

If you missed my Part 1 of this article, shame on you :). You can read it here when you get a chance (link).

As a continuation to part 1, where I discussed the issues with Data Protection, we will explore how to solve some of those issues in this article.

People tend to forget that the hackers are attacking your systems for one reason only: DATA. You can spin that any way you want, but at the end of the day, they are not attacking your systems to see how you have configured your workflow or how efficiently you processed your orders. They could care less. They are looking for the gold nuggets of information that either they can either resell or use to their own advantage to gain monetary benefits. This means your files, databases, data in transit, storage data, archived data, etc. are all vulnerable and will mean something to the hacker.

Gone are the old days when someone was sitting in mom’s basement and hacking into US military systems to boast their ability with small group of friends. Remember Wargames, an awesome movie? The modern day hackers are very sophisticated, well-funded, for profit organizations, backed by either big organized cyber gangs or by some entity of an organization.

So you need to protect your data at rest (regardless of how the old data is – as a matter of fact, the older the data, the chances are they are less protected), data in motion (going from somewhere to somewhere – whether it is between processes, services, between enterprises, or into/from the cloud or to storage), data in process/usage. You need to protect your data with your life.

Read more of this post

Content/ Context / Device aware Cloud Data Protection

In this two-part blog, I am going to talk about Intel Cloud Data protection solution that helps our customers utilize their data, in both context and content-aware manner.

This is the newer set of technologies that has hit the market in the last few years. In the past, we used to think just encrypting the transport layer (such as TLS/SSL) was good enough. Given the complex nature of services and API composition, we quickly realized that is not enough. Then we moved to protect the messages (most times the entire message), or field level to protect the specific sensitive fields. The problem with any of these situations is that it is somewhat static in nature; somewhere exists a definition of what “sensitive data” is, and it is strictly enforced. While this is good, when there is a real need to send sensitive data out, yet a need to protect that, making sure only the authenticated party can receive and/or use the message is very important.

(Click on the picture to enlarge the image)

Essentially “Content/ Context Aware” data protection is data protection on steroids. Remember yester years when we used the DLP technologies, identified data leakage/ data loss based on certain policies/ parameters and stopped the data loss but did nothing about it? The problem with DLP is it is passive in most cases. It identifies sensitive data based on some context/policy combination and then blocks the transaction. While this can work for rigid enterprise policy sets, this may not work for cloud environments where you need these policies to be flexible. Well, the issue with that is when someone really needs to have that data (who is authorized for it); it is annoying to have the transactions stopped. What if there is a way to do data protection which is identity aware, location aware, invocation aware and yet it is policy based, compliance based, and more importantly, very dynamic? In other words, what if you provide data protection based on content and context awareness? Gone are the days in which you get your systems compliant, and you are done. Read my blog on why getting compliant is not enough anymore. (link here). That is because your data is NOT staying within your compliant enterprise Ft. Knox anymore; it is moving around. Getting your systems compliant, risk averse and secure, is just not good enough as your data is moving through other eco-systems, not just yours.

Read more of this post