The Future Is A Story About Mobile Computing

Posted on December 22, 2011 | 1 Comment

Earlier today CNET published an interview with Marc Andreessen, in which the Netscape founder and influential VC outlines his personal vision for where tech is heading in the near future. His new tagline, from a piece he wrote for the New York Times, is “software is eating the world”, a blunt reference to how software increasingly appears out of nowhere to utterly consume a traditional practice or business model—be this in commerce, the social realm, or just about everywhere.

Andreessen asserts that this affect will only accelerate in the future because of the explosion we are experiencing in mobile computing:

Most of the people in the world still don’t have a personal computer, whereas in three to five years, most people in the world will have a smartphone…. If you’ve got a smartphone, then I can build a business in any domain or category and serve you as a customer no matter where you are in the world in just gigantic numbers–in terms of billions of people.

This new scale of mobile is something we’re only beginning to see, but it is becoming clear that the change this brings about is going to be profound. Mobile computing is very interesting to Layer 7; watch our for some interesting new developments coming out of our labs early in the new year.

I discovered a similar indicator of mobile interest using Google’s Insights for search. Pete Soderling and Chris Comerford, from Stratus Security Technologies, gave an excellent talk back in 2010 at the RSA show about REST security. They illustrated how the zeitgeist around distributed computer communications was changing over time by comparing search volume for “SOAP Security” (blue line) and “REST Security” (red line):

Try this out for yourself here.

What struck me about this was not that REST came up so fast—you’d have to be living under a rock to have missed that one—but that the two approaches have been tracking roughly equivalent over the last year. This mirrors our own experience at Layer 7, where we support both SOAP and REST security equally. We see similar patterns of interest coming from our customers.

What is even more interesting is what happens when you add “Mobile Security” (yellow line) to the mix:

Try it here.

The future indeed, will be written from a hand held device.

→ 1 Comment

Posted in Layer 7 Technologies

Tagged ,

Gartner AADI 2011 Presentation Video: API Management, Governance & OAuth

Posted on December 5, 2011 | 1 Comment

I delivered a talk all about API governance at last week’s Gartner Application Architecture, Development and Integration (AADI) summit in Las Vegas. I was the lunch time entertainment on Wednesday. The session was packed—in fact, a large number of people were turned away because we ran out of place settings. Fortunately, a video of the session is now available, so if you were not able to attend, you can now watch it online.

In this talk I explore how governance is changing in the API world. I even do a live OAuth demonstration using people, instead of computers. Unlike the classic “swim lane” diagrams that only show how OAuth works, this one also teaches you why the protocol operates as it does. (If you want to skip directly to the OAuth component, it begins at around 22 minutes. )

→ 1 Comment

Posted in Layer 7 Technologies

Tagged , , ,

Nothing Succeeds Like Success: Analysts Place Layer 7 On Top Once Again

Posted on November 24, 2011 | Leave a comment

We’ve had a good Fall here at Layer 7. Last month, Gartner declared that Layer 7 is a leader in its 2011 Magic Quadrant (MQ) for SOA Governance Technologies. To be placed by Gartner in the Leaders Quadrant is a formal recognition of a company’s excellence in its vision and its ability to execute. We’ve achieved this honour with Gartner before (it was the last time they evaluated the SOA Governance space, back in 2009); but this year the firm raised the bar considerably by emphasizing the greater scope of SOA governance, including the overall life cycle of policy and services. We’ve worked hard to develop a complete SOA governance solution—something that Gartner clearly recognized, as are the only SOA gateway vendor to be included in this year’s leaders quadrant. This is an achievement our whole team is very proud of.

But the honours didn’t stop there. Last week, Forrester published The Forrester Wave™: SOA Application Gateways, Q4 2011. I am very pleased to announce that Forrester has also recognized Layer 7 as a leader. Forrester evaluates vendors based on 45 criterion that cover current offering, strategy, and market presence. Layer 7 achieved the highest scores in both the current offering and strategy categories.

As with the Gartner MQ, the actual placement of Layer 7 on the Forrester Wave is dramatic—and it is very flattering. I can’t reproduce either graphic here, but I would encourage you to use your Gartner and Forrester subscriptions to see the reports for yourself. Both studies offer comprehensive information about the state of SOA governance and technology in 2011.

Finally, Layer 7 was ranked as number 71 in Deloitte’s 2011 Technology Fast 500™. The Fast 500 recognizes the 500 fastest growing North American companies in technology, media, telecommunications, life sciences and clean technology. Deliotte ranks organizations based on their percentage of revenue growth over the five-year period between 2006 and 2011. Being named to the Fast 500 brings us full circle: from vision, to execution, to concrete revenue growth.

I’m looking forward to 2012.

→ Leave a comment

Posted in Layer 7 Technologies

Tagged , , , , ,

Clouds Down Under

Posted on September 23, 2011 | Leave a comment

When I was young I was fascinated with the idea that the Coriolis effect—the concept in physics which explains why hurricanes rotate in opposing direction in the southern and northern hemispheres—could similarly be applied to common phenomenon like water disappearing down a bathtub drain. On my first trip to Cape Town many years ago I couldn’t wait to try this out, only to realize in my hotel bathroom that I had never actually got around to checking what direction water drains in the northern hemisphere before I left. So much for the considered rigor of science.

It turns out of course that the Coriolis effect, when applied on such a small scale, becomes negligible in the presence of more important factors such as the shape of your toilet bowl. And so, yet another one of popular culture’s most cherished myths is busted, and civilization advances ever so slightly.

Something that definitely does not run opposite south of the equator turns out to be cloud computing, though to my surprise conferences down under take a turn in the positive direction. I’ve just returned from a trip to Australia where I attended the 2nd Annual Future of Cloud Computing in the Financial Services, held last week, held in both Melbourne and Sydney. What impressed me is that most of the speakers were far beyond the blah-blah-blah-cloud rhetoric we still seem to hear so much, and focused instead on their real, day-to-day experiences with using cloud in the enterprise. It was as refreshing as a spring day in Sydney.

Greg Booker, CIO of ANZ Wealth, opened the conference with a provocative question. He simply asked who in the audience was in the finance or legal departments. Not a hand came up in the room. Now bear in mind this wasn’t Microsoft BUILD—most of the audience consisted of senior management types drawn from the banking and insurance community. But obviously cloud is still not front of mind for some very critical stakeholders that we need to engage.

Booker went on to illustrate why cross-department engagement is so vital to making the cloud a success in the enterprise. ANZ uses a commercial cloud provider to serve up most of its virtual desktops. Periodically, users would complain that their displays would appear rendered in foreign languages. Upon investigation they discovered that although the provider had deployed storage in-country, some desktop processing took place on a node in Japan, making this kind of a grey-area in terms of compliance with export restrictions on customer data. To complicate matters further, the provider would not be able to make any changes until the next maintenance window—an event which happened to be weeks away. IT cannot meet this kind of challenge alone. As Randy Fennel, General Manager, Engineering and Sustainability at Westpac put it succinctly, “(cloud) is a team sport.”

I was also struck by a number of insightful comments made by the participants concerning security. Rather than being shutdown by the challenges, they adopted a very pragmatic approach and got things done. Fennel remarked that Westpac’s two most popular APIs happen to be balance inquiry, followed by their ATM locator service. You would be hard pressed to think of a pair of services with more radically different security demands; this underscores the need for highly configurable API security and governance before these services go into production. He added that security must be a built-in attribute, one that must evolve with a constantly changing threat landscape or be left behind. This thought was echoed by Scott Watters, CIO of Zurich Financial Services, who added that we need to put more thought into moving security into applications. On all of these points I would agree, with the addition that security should be close to apps and loosely coupled in a configurable policy layer so that over time, you can easily address evolving risks and ever changing business requirements.

The entire day was probably best summed up by Fennel, who observed that “you can’t outsource responsibility and accountability.” Truer words have not been said in any conference, north or south.

→ Leave a comment

Posted in Layer 7 Technologies

Tagged , , ,

Clouds On A Plane: VMware’s Micro Cloud Foundry Brings PaaS To My Laptop

Posted on August 31, 2011 | 3 Comments

On the eve of this week’s VMworld conference in Las Vegas, VMware announced that Micro Cloud Foundry is finally available for general distribution. This new offering is a completely self-contained instantiation of the company’s Cloud Foundry PaaS solution, which I wrote about earlier this spring. Micro Cloud Foundry comes packaged as a virtual machine, easily distributable on a USB key (as they proved at today’s session on this topic at VMworld), or as a quick download. The distribution is designed to run locally on your laptop without any external dependencies. This allows developers to code and test Cloud Foundry apps offline, and deploy these to the cloud with little more than some simple scripting. This may be the killer app PaaS needs to be taken seriously by the development community.

The reason Micro Cloud Foundry appeals to me is that it fits well with my own coding style (at least for the small amount of development I still find time to do). My work seems to divide into two different buckets consisting of those things I do locally, and the things I do in the cloud. More often than not, things find themselves in one bucket or the other because of how well the tooling supports my work style for the task at hand.

As a case in point, I always build presentations locally using PowerPoint. If you’ve ever seen one of my presentations, you hopefully remember a lot of pictures and illustrations, and not a lot of bullet points. I’m something of a frustrated graphic designer. I lack any formal training, but I suppose that I share some of the work style of a real designer—notably intense focus, iterative development, and lots of experimentation.

Developing a highly graphic presentation is the kind of work that relies as much on tool capability as it does on user expertise. But most of all, it demands a highly responsive experience. Nothing kills my design cycle like latency. I have never seen a cloud-based tool for presentations that meets all of my needs, so for the foreseeable future, local PowerPoint will remain my illustration tool of choice.

I find that software development is a little like presentation design. It responds well to intense focus and enjoys a very iterative style. And like graphic design, coding is a discipline that demands instantaneous feedback. Sometimes I write applications in a simple text editor, but when I can, I much prefer the power of a full IDE. Sometimes I think that IntelliJ IDEA is the smartest guy in the room. So for many of the same reasons I prefer local PowerPoint for presentations, so too I prefer a local IDE with few if any external dependencies for software development.

What I’ve discovered is that I don’t want to develop in the cloud; but I do want to use cloud services and probably deploy my application into the cloud. I want a local cloud I can work on offline without any external dependency. (In truth, I really do code on airplanes—indeed some of my best work takes place at 35,000 feet.) Once I’m ready to deploy, I want to migrate my app into the cloud without modifying the underlying code.

Until recently, this was hard to do. But it sounds like Micro Cloud Foundry is just what I have been looking for. More on this topic once I’ve had a chance to dig deeply into it.

→ 3 Comments

Posted in Layer 7 Technologies

Tagged , , ,

The Cloud Security Alliance Introduces The Security, Trust and Assurance Registry

Posted on August 16, 2011 | 1 Comment

As a vendor of security products, I see a lot of Requests for Proposal (RFPs). More often than not these consist of an Excel spreadsheet with dozens—sometimes even hundreds—of questions ranging from how our products address business concerns to security minutia that only a high-geek can understand. RFPs are a lot of work for any vendor to respond to, but they are an important part of the selling process and we always take them seriously. RFPs are also a tremendous amount of work for the customer to prepare, so it’s not surprising that they vary greatly in sophistication.

I’ve always thought it would be nice if the SOA gateway space had a standardized set of basic questions that focused vendors and customers on the things that matter most in Governance, Risk and Compliance (GRC). In the cloud space, such a framework now exists. The Cloud Security Alliance (CSA) has introduced the Security, Trust and Assurance Registry (STAR), which is a series of questions designed to document the security controls a cloud provider has in place. IaaS, PaaS and SaaS cloud providers will self-assess their status and publish the results in the CSA’s centralized registry.

Providers report on their compliance with CSA best practices in two different ways. From the CSA STAR announcement:

1. The Consensus Assessments Initiative Questionnaire (CAIQ), which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings. The questionnaire (CAIQ) provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. Providers may opt to submit a completed Consensus Assessments Initiative Questionnaire.
2. The Cloud Controls Matrix (CCM), which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. Providers may choose to submit a report documenting compliance with Cloud Controls Matrix.

The spreadsheets cover eleven control areas, each subdivided into a number of distinct control specifications. The control areas are:

  1. Compliance
  2. Data Governance
  3. Facility Security
  4. Human Resources
  5. Information Security
  6. Legal
  7. Operations Management
  8. Risk Management
  9. Release Management
  10. Resiliency
  11. Security Architecture

The CSA hopes that STAR will help to shorten purchasing cycles for cloud services because the assessment addresses many of the security concerns that users have today with the cloud. As with any benchmark, over time vendors will refine their product to do well against the test—and as with many benchmarks, this may be to the detriment of other important indicators. But this set of controls has been well thought through by the security professionals in the CSA community, so cramming for this test will be a positive step for security in the cloud.

→ 1 Comment

Posted in Layer 7 Technologies

Tagged , , , ,

Amazon Web Services Startup Challenge

Posted on August 8, 2011 | 1 Comment

The 2011 AWS Startup Challenge is now open. Every year Amazon stages a contest to promote up and coming startups that leverage the Amazon cloud. This is the 5th annual contest, and for the first time they’ve opened it to entrepreneurs world wide.

According to the contest FAQ, contestants are to be judged according to the following criteria:

(a) implementation and integration of AWS paid services as described in the Official Rules;

(b) originality and creativity;

(c) likelihood of long-term success and scalability;

(d) effectiveness in addressing a need in the marketplace.

The prizes are split evenly between cash and credits on AWS, acknowleding the new economics around bootstraping a modern tech company. Best of all—and unlike the more traditional sources of startup funding such as angels and VCs—the cash is non-dilutive. The free publicity of winning also doesn’t hurt.

New companies have always been the most aggressive adopters of cloud technology, and startups are obviously very important to Amazon. I’m a big fan of the free-tier pricing model they offer as a way to seed projects, but it doesn’t take too much success before you kick into higher-level tiers. It would be great to see Amazon create some kind of formal startup seeding program. It would be similar to what Sun once offered startups with its free servers back in the days when startups actually wanted physical boxes.

→ 1 Comment

Posted in Layer 7 Technologies

Tagged ,