SlideShare una empresa de Scribd logo
1 de 15
Descargar para leer sin conexión
Moving Business to the Cloud: A Tale of Security and
Governance
Rag Ramanathan
When is Cloud a Fit for Enterprises?

       •  Customer 1: Global financial institution
              – Variable, periodic demand
              – Internal resource constraints
       •  Customer 2: SaaS based enterprise feedback
          system
              – Focus on core business
              – Speed of provisioning is constraining business
                execution
       •  Customer 3: International educational
          publishing and technology company
              – Focus on core business
              – Variable, periodic or seasonal demand

2
Savvis Proprietary & Confidential
What Kind of Cloud is Right For You?


     •  SaaS Enablement               •  Cloud Bursting          •  Voice/Video
     •  Web Hosting                   •  Test/Development        •  Sensitive Data
     •  Proof of Concept              •  Peak Performance        •  Production
                                      Bursting                   Applications
     •  Test/Development
                                                                 •  Traffic Management



                                             Hybrid              Private
                                                                     Private
                     Public                  Cloud                   Cloud
                                                                 Cloud
                     Cloud




                      Internet – Public IP                Private – Private IP

3
Savvis Proprietary & Confidential
Cloud Use Case: Global Financial Institution

         Building private cloud on dedicated infrastructure in US and UK
         with public cloud bursting. Tenants are internal groups.

         •    Uses Virtual Private Data Center in dedicated infrastructure
         •    Able to create and manage multiple virtual data centers
         •    Uses a 3rd party, cloud aggregation software
         •    Integrates using APIs
         •    VPN integrates internal and external networks
         •    Manages their own user authentication and authorization
         •    Manages their own IP addresses (DHCP server)




                                    Enterprise connects to hybrid private/
                                    public cloud

4
                     Enterprise
Savvis Proprietary & Confidential                                            Cloud
Challenges of Hybrid Cloud

                                           Integration
                       Making external compute, cloud & applications look
                            internal is often an integration challenge


                                              Security
                      Whether opening up to public or outsourced private
                      cloud you will encounter some repeat challenges in
                                 moving data and workloads


                                           Governance
                              How do you define policies for how enterprise
                               consumes & interacts with cloud services?

5
Savvis Proprietary & Confidential
The Secret to Hybrid Cloud: SOA & APIs

                                      APIs are the way
            SOA is the integration
                                     enterprise systems
               framework for
                                     access provisioning,
            connecting enterprise
                                       management &
                 with private
                                     application systems
                & public cloud
                                           in cloud


            SOA Gateways designed for Cloud (e.g.
           Layer 7, Vordel, Apigee, SOA Software) is
              the best way to address security &
                     governance challenges

6
Savvis Proprietary & Confidential
Why SOA / APIs?


          >>         APIs to integrate

          >> APIs for management, operations & run-time

          >> APIs for automating provisioning

          >> APIs to expose/control the cloud services

          >> Strongest authentication & authorization

          >> Facility for compliance enforcement


7
Savvis Proprietary & Confidential
SOA / API Challenges


                                    Security       Governance

                 • Authorization               • Availability
                 • Basic firewall              • Performance
                 • DDos                        • Protection
                 • SSL for each                • Meeting SLAs
                   service end points          • Maintain QoS
                 • Audit logs                  • Audit trails
                 • Authentication              • Data for
                                                 investigation &
                                                 reporting


8
Savvis Proprietary & Confidential
But SOA / API Security & Governance Is
Bigger

    Security                                      Message                          Traffic Control
    Penetration                                   Protection
    Protection

                  •  Code                                •  XML                          •  Rate limit
                     injection                              DOCTYPE                      •  Tiered
                  •  Malformed                              insertion                       service
                     requests                            •  XML                             levels
                  •  SQL attacks                            document                     •  Automatic
                                                            structure                       retries
                                                         •  Limit
                                                            message
                                                            size


        And More..                  >> Credential caching & expiration IP restrictions
                                                                     >>

                                    >> OAuth support                    >> Reporting and analytics

                                    >> Common authentication & authorization across all
                                    services

9
Savvis Proprietary & Confidential
…along with
                  >> Common API security

                  >> Common logging, and auditing

                  >> Reporting and analytics

                  >> Support for multiple versions

                  >> Protocol transformation

                  >> Delegated policy authoring

                  >> Best practices based common policy libraries

                  >> Centralized policy release and enforcement

                  >> External system integration (OSS, BSS, CMDB)
10
Savvis Proprietary & Confidential
How Are We Addressing These Hybrid Cloud
       Integration Requirements for Biz?




                             Common API and SOA
                            Governance Layer Using a
                                 Cloud Gateway




11
Savvis Proprietary & Confidential
Common API / SOA Security & Governance
       Layer Using Layer 7 Gateway

                                               API / SOA / Cloud Governance
                                               Gateway




    Common API and SOA                                  Policy
                                                                   • Throttling
                                                                   • Monitoring
    Governance for Cloud                                           • Usage
                                                       Reporting
                                                                   • Billing

     VPDC                     Portal   OSS   Storage               • Authentication
                                                       Security
                                                                   • Authorization



12
Savvis Proprietary & Confidential
Deployment of Layer 7 Cloud Gateway




13
Savvis Proprietary & Confidential
Specific Security Example

       •  Requirement: Provide multi-factor authentication for all APIs
       •  Options 1:
              –  Each service or product can implement their own solution
              –  Will require weeks to months of implementation and testing
       •  Option 2:
              –  Provide a common security service via a proxy
              –  Apply best practices based single solution across all the services
              –  Use Layer 7 policy for OAuth (2-legged)
              –  Integrate key/token management and distribution between Layer
                 7, Savvis Portal, BSS, and OSS




14
Savvis Proprietary & Confidential
Lessons Learned & Recommendations
            >> APIs drive more cloud traffic than web sites

            >> Take API-first design approach

            >> Drive toward a common framework

                     > Configuration based and not development based
                     > Supports flexible and distributed deployment models
                     > Extensible

            >> Be prepared to handle special requests

            >> Do through testing of APIs for security

            >> Look at Security & Gov Gateway for Cloud


15
Savvis Proprietary & Confidential

Más contenido relacionado

La actualidad más candente

Growing Adoption of Open Source in Enterprises
Growing Adoption of Open Source in EnterprisesGrowing Adoption of Open Source in Enterprises
Growing Adoption of Open Source in EnterprisesWSO2
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudCA API Management
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
OpSource cloud hosting
OpSource cloud hostingOpSource cloud hosting
OpSource cloud hostingOpSource
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionHugh Everett
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Krystel Hery
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...WSO2
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
Open APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsOpen APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsCA API Management
 
Guy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App ServersGuy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App Serversdeimos
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 

La actualidad más candente (20)

Growing Adoption of Open Source in Enterprises
Growing Adoption of Open Source in EnterprisesGrowing Adoption of Open Source in Enterprises
Growing Adoption of Open Source in Enterprises
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the Cloud
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
OpSource cloud hosting
OpSource cloud hostingOpSource cloud hosting
OpSource cloud hosting
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Open APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative SolutionsOpen APIs + Software Competitions = Innovative & Creative Solutions
Open APIs + Software Competitions = Innovative & Creative Solutions
 
Guy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App ServersGuy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App Servers
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikala
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 

Similar a Gartner Catalyst Savvis Cloud API Case Study

VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres,  OracleVincent Desveronnieres,  Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
RightScale Webinar: Rock Your SoftLayer Cloud with RightScale
RightScale Webinar: Rock Your SoftLayer Cloud with RightScaleRightScale Webinar: Rock Your SoftLayer Cloud with RightScale
RightScale Webinar: Rock Your SoftLayer Cloud with RightScaleRightScale
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackbuildacloud
 
Round table guide
Round table guideRound table guide
Round table guideOracleIDM
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerOracleIDM
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalOracleIDM
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 

Similar a Gartner Catalyst Savvis Cloud API Case Study (20)

VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell Groupwise
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres,  OracleVincent Desveronnieres,  Oracle
Vincent Desveronnieres, Oracle
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
RightScale Webinar: Rock Your SoftLayer Cloud with RightScale
RightScale Webinar: Rock Your SoftLayer Cloud with RightScaleRightScale Webinar: Rock Your SoftLayer Cloud with RightScale
RightScale Webinar: Rock Your SoftLayer Cloud with RightScale
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
 
Alta 3-2013
Alta 3-2013Alta 3-2013
Alta 3-2013
 
Round table guide
Round table guideRound table guide
Round table guide
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 

Más de CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014   Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014   Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 

Más de CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014   Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014   Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Último

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 

Último (20)

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 

Gartner Catalyst Savvis Cloud API Case Study

  • 1. Moving Business to the Cloud: A Tale of Security and Governance Rag Ramanathan
  • 2. When is Cloud a Fit for Enterprises? •  Customer 1: Global financial institution – Variable, periodic demand – Internal resource constraints •  Customer 2: SaaS based enterprise feedback system – Focus on core business – Speed of provisioning is constraining business execution •  Customer 3: International educational publishing and technology company – Focus on core business – Variable, periodic or seasonal demand 2 Savvis Proprietary & Confidential
  • 3. What Kind of Cloud is Right For You? •  SaaS Enablement •  Cloud Bursting •  Voice/Video •  Web Hosting •  Test/Development •  Sensitive Data •  Proof of Concept •  Peak Performance •  Production Bursting Applications •  Test/Development •  Traffic Management Hybrid Private Private Public Cloud Cloud Cloud Cloud Internet – Public IP Private – Private IP 3 Savvis Proprietary & Confidential
  • 4. Cloud Use Case: Global Financial Institution Building private cloud on dedicated infrastructure in US and UK with public cloud bursting. Tenants are internal groups. •  Uses Virtual Private Data Center in dedicated infrastructure •  Able to create and manage multiple virtual data centers •  Uses a 3rd party, cloud aggregation software •  Integrates using APIs •  VPN integrates internal and external networks •  Manages their own user authentication and authorization •  Manages their own IP addresses (DHCP server) Enterprise connects to hybrid private/ public cloud 4 Enterprise Savvis Proprietary & Confidential Cloud
  • 5. Challenges of Hybrid Cloud Integration Making external compute, cloud & applications look internal is often an integration challenge Security Whether opening up to public or outsourced private cloud you will encounter some repeat challenges in moving data and workloads Governance How do you define policies for how enterprise consumes & interacts with cloud services? 5 Savvis Proprietary & Confidential
  • 6. The Secret to Hybrid Cloud: SOA & APIs APIs are the way SOA is the integration enterprise systems framework for access provisioning, connecting enterprise management & with private application systems & public cloud in cloud SOA Gateways designed for Cloud (e.g. Layer 7, Vordel, Apigee, SOA Software) is the best way to address security & governance challenges 6 Savvis Proprietary & Confidential
  • 7. Why SOA / APIs? >> APIs to integrate >> APIs for management, operations & run-time >> APIs for automating provisioning >> APIs to expose/control the cloud services >> Strongest authentication & authorization >> Facility for compliance enforcement 7 Savvis Proprietary & Confidential
  • 8. SOA / API Challenges Security Governance • Authorization • Availability • Basic firewall • Performance • DDos • Protection • SSL for each • Meeting SLAs service end points • Maintain QoS • Audit logs • Audit trails • Authentication • Data for investigation & reporting 8 Savvis Proprietary & Confidential
  • 9. But SOA / API Security & Governance Is Bigger Security Message Traffic Control Penetration Protection Protection •  Code •  XML •  Rate limit injection DOCTYPE •  Tiered •  Malformed insertion service requests •  XML levels •  SQL attacks document •  Automatic structure retries •  Limit message size And More.. >> Credential caching & expiration IP restrictions >> >> OAuth support >> Reporting and analytics >> Common authentication & authorization across all services 9 Savvis Proprietary & Confidential
  • 10. …along with >> Common API security >> Common logging, and auditing >> Reporting and analytics >> Support for multiple versions >> Protocol transformation >> Delegated policy authoring >> Best practices based common policy libraries >> Centralized policy release and enforcement >> External system integration (OSS, BSS, CMDB) 10 Savvis Proprietary & Confidential
  • 11. How Are We Addressing These Hybrid Cloud Integration Requirements for Biz? Common API and SOA Governance Layer Using a Cloud Gateway 11 Savvis Proprietary & Confidential
  • 12. Common API / SOA Security & Governance Layer Using Layer 7 Gateway API / SOA / Cloud Governance Gateway Common API and SOA Policy • Throttling • Monitoring Governance for Cloud • Usage Reporting • Billing VPDC Portal OSS Storage • Authentication Security • Authorization 12 Savvis Proprietary & Confidential
  • 13. Deployment of Layer 7 Cloud Gateway 13 Savvis Proprietary & Confidential
  • 14. Specific Security Example •  Requirement: Provide multi-factor authentication for all APIs •  Options 1: –  Each service or product can implement their own solution –  Will require weeks to months of implementation and testing •  Option 2: –  Provide a common security service via a proxy –  Apply best practices based single solution across all the services –  Use Layer 7 policy for OAuth (2-legged) –  Integrate key/token management and distribution between Layer 7, Savvis Portal, BSS, and OSS 14 Savvis Proprietary & Confidential
  • 15. Lessons Learned & Recommendations >> APIs drive more cloud traffic than web sites >> Take API-first design approach >> Drive toward a common framework > Configuration based and not development based > Supports flexible and distributed deployment models > Extensible >> Be prepared to handle special requests >> Do through testing of APIs for security >> Look at Security & Gov Gateway for Cloud 15 Savvis Proprietary & Confidential