Mobile APIs for Healthcare

Next week I am participating in a webinar called Mobile Optimized Healthcare API Programs, from a technical perspective we’ll be looking at some interesting integration between Intel’s Security Gateway and Mashery. From a healthcare standpoint, the discussion looks at what new kinds of use cases are possible in this ecosystem.

For as much hype that financial services and other sectors get vis a vis security, the healthcare security problem set really is harder than the rest. At the same time, there are dramatic benefits from enabling mobile integration for healthcare, it benefits your number one asset: you. Whether its Fit Bit, Nike+, or just healthcare pros with iPads, mobile is uniquely suited to health and wellness related applications. But what is missing is APIs and integration to deliver on the use cases.

The webinar looks at the following concerns:

  • Gateway security patterns to safely repackage legacy data and services as APIs – in short enable access not attackers.
  • How to construct, share, and promote APIs to developers using API workshops and branded portals – make it easy for developers to do things right
  • How to build a mobile-optimized back end that securely exposes enterprise assets via standard internet protocols (e.g. OAuth & JSON) – what comprises the mobile DMZ? How is it similar and different than a plain, old Web DMZ?

As much as I enjoy middleware, security and protocols, what is most interesting about healthcare is the new types of use cases that bring all the technology together. I guess that is as it should be. Still as a technologist its neat to see after all these years that Web services and Secuity Gateways play a leading role in the leading edge technology deployments today.

Making a Mobile DMZ is subtly different than old school Web DMZs. Most of the principles remain the same but the implementation is different. In addition, there are new concerns to handle such as session management, token resolution and asynchronous protocols which function differently on mobile apps than web. In the webinar, we’ll do a deep dive on these topics and what it might mean for your organization

By Gunnar Peterson – this post originally appeared on the 1Raindrop blog


Enterprise Mobile Applications at Apps World

Apps World Focus on Enterprise Mobile Applications

My team attended Apps World in San Francisco last week.  The show almost could have been called “Mobile Middleware World”.  It was clear that we’re not the only ones who think 2013 will be the year of the Enterprise Mobile App.  While the conference had plenty of independent developers and consumer-oriented tools, many of the folks stopping by our booth were focused on the enterprise.  We received several questions about our solutions for enterprise mobile applications and API management.  API providers were also bridging the gap between consumer- and enterprise-grade services, with talks and demos both days from StackMob, eBay, Box, and SendGrid.

Intel is a Software Company?

We received a number of questions related to our API management products.  Once we got past the initial question of “Intel is a software company?“, it was clear that our vision for mobile middleware is well-aligned with what developers of enterprise mobile applications are seeking.  We received positive feedback on the end-to-end capability we offer:

  • Secure and robust API management on the back end
  • Best-in-class API discovery and developer onboarding through our connection to the Mashery portal
  • HTML5 and Appcelerator provide flexible app development on virtually any device.

Digital Payments and Enterprise Mobile Applications

One of the bigger trends I saw had to do with digital payment systems.  This is a rapidly-evolving area, with virtual currency moving from games into other apps, potentially expanding into enterprise mobile applications.  Other payment systems, such as digital wallets and P2P, seemed to be top-of-mind as well.  It’s clear that mobile application and API security will be critical for success, regardless of which standards win out in these areas.

Building the Enterprise Mobile Application Factory

Also in our booth, Kin Lane gave a very popular talk on Building the Enterprise Mobile Application Factory.  If you missed his talk, it is available online.  Our HTML5 development talk was also very well-received, with many participants signing up right away for our cloud-based HTML5 developer tools.

It is shaping up to be an exciting year for us in the enterprise mobile applications and API management space.  Apps world was just the beginning.  For more information, stay tuned to this blog, follow us on twitter at @IntelAPIGateway, download our whitepaper on API Patterns for Cloud & Mobile, or check out some of our mobile middleware tutorials.

Enterprise Mobile App Strategies

This Thursday, I will be presenting a webinar with Forrester covering 4 Building Blocks to Mobilize Your Enterprise App Strategy.  As we prepared for this talk, Mike and I talked about a few trends that are emerging in response to the BYOD-driven growth of enterprise apps.  First, the pervasive 3-tier hosting architecture we all know and love may not be the best fit for hybrid or native applications, but the industry doesn’t seem to have bottomed out on what to call the new model(s) that will replace 3-tier.  Second, while it would be nice to throw out all of the legacy baggage we’re carrying around with us, the reality is that we need to securely integrate new technologies with legacy services in order to provide the best possible mobile enterprise experience.  Finally, with a stable and secure set of APIs in place, developers are looking to SDKs that can streamline multi-platform development.

In Thursday’s webinar, we’ll look at how mobile middleware is enabling native applications to access data through APIs, signaling an evolution from traditional 3-tier architectures.  We’ll also talk about how REST/JSON APIs are being integrated with SOAP services and other data sources to create composite applications.  Click here to sign up for the webinar, and stay tuned for our “Mobile Middleware Buyers Guide” that takes a closer look at some of the building blocks for enterprise app mobilization.

What You Need to Know about API Security

Since the growth of APIs “hockey-sticked” around 2005, the proliferation of web-based APIs has spanned every industry and vertical from e-commerce to map services to enterprise. APIs like that of Twitter, Amazon, and Netflix garner billions of API calls every day, and these represent just a few of the more visible.  With this rapid growth, on the order of 300-400 new APIs arriving each month, security is an ever-increasing concern.  Enterprise focused, SaaS based APIs are among the fastest growing segments, and in light of this, securing company assets and Data Loss Prevention are paramount.  The perimeter of enterprise networks has become amorphous as workflows increasingly leverage platforms and applications beyond the firewall.  So what does that mean for your organization’s security?

Attend our May 10th webinar featuring Intel, McAfee, and tech analyst & CTO, Dan Woods for an advanced perspective on what you should do to ensure API Security, specifically as related to Authentication, DLP, and Validation Controls.

 For more information about Intel Expressway Service Gateway — with free webinars, tutorials and expert blogs on securely exposing Web Services in the Cloud, please visit us at:

Webinar: Applying Strong Authentication and Data Loss Prevention to Collaborative File Sharing (April 26)

Join us for what will be a very informative webinar on Applying Strong Authentication and Data Loss Prevention to Collaborative File Sharing

April 26th 2012 – Time: 10:00 AM PDT, 1:00 PM EDT

> Register Now

Employees love the convenience and utility of collaborative file sharing applications like Box. Sharing contracts, graphics/video files, or other corporate content using a cloud-based service empowers users to share information directly with external partners-outside traditional enterprise security controls.

While you want to encourage productivity, you also need a strategy that addresses how you’re going to control access to file sharing applications and inspect data before it leaves the enterprise.

In this webinar Intel, McAfee and Box join forces to discuss how your sensitive content can be protected throughout the collaboration life cycle—from access and upload to download and distribution.

You will learn:

  • Overview of typical file sharing use cases and workflows
  • Streamlining access for users
  • Tying federated authentication to corporate ID stores
  • Adding 2nd factor strong authentication for sensitive document security
  • Blocking sensitive files from upload
  • On-prem, 100% in the cloud, and hybrid SaaS access options

As a bonus, all attendees will be eligible to receive a free enterprise trial account from Box.






For additional information, please visit



March 29th Analyst Webinar – Identity and Access Management in the Cloud: Real or Mirage?





Traditional IAM solutions have not kept pace with cloud innovation and new approaches to identity and access management are gaining ground. Should you move your IAM infrastructure to the cloud? What is the role of related standards? These and more questions will be addressed in a free webinar “Identity & Access Management in the Cloud: Real or Mirage?”, hosted by Intel and industry analyst firm KuppingerCole on March 29, 2012 at 10:00 AM Pacific (1:00 PM Eastern, 7:00 PM CEST).

In this webinar KuppingerCole Sr. Analyst Dave Kearns will discuss the benefits and challenges of moving use identities to the cloud. Vikas Jain, Director of Product Management at Intel, will follow with an overview of Intel Cloud SSO, Intel’s newest identity and security solution for the cloud. Click here to register for this informative event.

RSA 2012 Interview with Andy Thurai, Chief Architect of Intel’s Application Security & Identity Products Group

Watch this interview between Tom Field and Intel Application Security & Identity Products Group, Chief Architect Andy Thurai.  Andy talks about API management and the attendant issues including security, management, auditing, metering, monitoring and monetization.

You’ll hear Andy talk about Social APIs vs other APIs, as well as how Intel is providing mobile enablement. Andy talks about a platform that is technology, security, and identity agnostic, so that when messages are sent to a hosted app or a partners app, one has the appropriate mechanism to consume those messages coming in from mobile devices. Listen to Andy talk about Intel’s latest announcement made at RSA, about Cloud SSO  — visit for more information.

RSA 2012 Andy Thurai Interview

RSA 2012 Interview with Andy Thurai