We know that in the software business, experience is everything. 83% US consumers said that having a positive customer experience with a brand is more important than the actual product. And we all know that making customers happy today can be tricky. They’re very sophisticated, with high expectations, and they want to make an emotional […]
API Security
A Microservices Primer
The technical definition is….microservices are design patterns to turn complex applications into simple, fine-grained, reusable, and interoperable processes that can be modified and deployed independently of each other. Ok, a bit heavy…so let’s translate that, using some mental visuals. Imagine you’re 30 years in the future and you have a great family home, Jetson’s style […]
Implementing Microservices
I recently wrote about what microservices were, and why they are becoming so important. In this discussion, we’ll talk about implementing microservices, as well as touch on APIs and API Management – turns out they are crucial to a microservice architecture. Just a quick note – while you may see microservice and microservice architecture used […]
Five Simple Strategies for Securing Your APIs, Revisited
I’ve been updating assets recently, and had scheduled a refresh of Scott Morrison’s eBook, Five Simple Strategies for Securing APIs. As I read through it, I found myself nodding my head over and over – Scott was just spot on. Each of his strategy points have been proven to be sound – and as importantly, […]
Security vs Time to Market – What’s More Important?
If you’re involved with launching new apps, you’ve likely heard of “API Security” – the need to provide a security model that protects the APIs (and corporate and customer data within them) you expose to developers for mobile/cloud/IoT integration. And yet, some of you will likely point out that applying security to your APIs can […]
The Internet of Things and Security – Redux
The recent debacle of the Nissan Leaf triggered memories. Twenty three months ago, I wrote a blog entitled The Internet of Things – Today. In that posting, I mused about the rapidly emerging IoT, and some of the cool new things that were beginning to appear, such as Anki Drive and Nest solutions. I also […]
API Management 301: OAuth-Based Access Control
Learn how OAuth provides standard patterns upon which you can deliver API access control In API Management Lesson 201: API Security, we examine typical areas of API vulnerability and share best practices for addressing these vulnerabilities – including the use of OAuth as an access control mechanism. In this lesson, we describe how OAuth provides standard […]
API Management 201: API Security
Identify typical areas of API vulnerability and learn best practices for securing APIs In Lesson 103: Choosing a Solution, we discuss the importance of considering functional and operational security characteristics when choosing an API Management solution. Regardless of the solution, understanding the risk profile of APIs is vital to protecting an API against attack. In this […]
API Strategy 201: Private APIs vs. Open APIs
One of the key considerations that should guide both your API business strategy and your interface architecture is the distinction between open and private APIs. An interface is defined as open or private depending on whether it targets external or in-house developers. In this lesson, we explain the distinction in detail and explore ways it […]
Of Monsters and Man and Machines
In my last post, I talked about IoT and its nascent emergence into our everyday lives, with products like Anki Drive and the Nest Thermostat beginning to get a foothold. I also talked about the need for security, as IoT becomes more present in our day-to-day lives. Today, let’s talk about a few real-world examples […]