Between Cloud, Mobility and the Enterprise is the API Middle Ground

Scott Morrison

Subscribe to Scott Morrison: eMailAlertsEmail Alerts
Get Scott Morrison: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Scott Morrison

Is SOA ready to move from the whiteboards and into production IT? As you might have guessed, the answer remains a disappointing sort of. The issue comes down to tools and infrastructure, and the fact that only some SOA components are mature and easy to source. The application server market is largely commoditized and the world is awash with IDEs that automatically generate and deploy SOA components from new or legacy code. Given these two pieces, you can begin deploying services tomorrow. This is fine until you need to scale, then the missing pieces in the puzzle will become apparent. Security, in particular, remains such an elusive piece. Secure SOA demands that there be a binding between identity and transactions. Thus, identity follows each transaction on its flow through a SOA network. This identity can be validated and authorized anywhere work is required, but ... (more)

Cloud Security Alliance Guidance v2 Released

Security at Cloud Expo Last week, the Cloud Security Alliance (CSA) released its Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. This is a follow-on to first guidance document released only last April, which, gives you a sense of the speed at which cloud technology and techniques are moving. I was one of the contributors to this project. The guidance explores the issues in cloud security from the perspective of 13 different domains: Cloud Architecture Domain 1: Cloud Computing Architectural Framework Governing in the Cloud Domain 2: Governance and Enterpri... (more)

Propagating Security Context Across a Distributed Web Services Environment

It's a problem as old as networked computing. Consider two applications. They negotiate a level of trust. How can that trust - or security context - be transferred to a third application, one that may exist in an entirely different security domain from the first? This problem has been solved before, but is limited by proprietary solutions that resist integration. The challenge now, which is a significant one, is to solve it again, but this time for Web services - a task complicated by the need to accommodate a broad range of established security procedures and legacy technologie... (more)

How to Secure REST and JSON

Here at Layer 7 we get asked a lot about our support for REST. We actually have a lot to offer to secure, monitor and manage REST-style transactions. The truth is, although we really like SOAP and XML here at Layer 7, we also really like REST and alternative data encapsulations like JSON. We use both REST and JSON all the time in our own development. Suppose you have a REST-based service that you would like to publish to the world, but you are concerned about access control, confidentiality, integrity, and the risk from incoming threats. We have an answer for this: SecureSpan Gate... (more)

Visualizing the Boundaries of Control in the Cloud

Cloud Security Journal on Ulitzer Two weeks ago, I delivered a webinar about new security models in the cloud with Anne Thomas Manes from Burton Group. Anne had one slide in particular, borrowed from her colleague Dan Blum, which I liked so much I actually re-structured my own material around it. Let me share it with you: This graphic does the finest job I have seen of clearly articulating where the boundaries of control lie under the different models of cloud computing. Cloud, after all, is really about surrendering control: we delegate management of infrastructure, application... (more)