Welcome!

Microservices Expo Authors: Mehdi Daoudi, Liz McMillan, Pat Romanski, Elizabeth White, Stackify Blog

News Feed Item

Forum Systems Achieves Industry-First International Security Certification

-- Setting a New Bar in Cloud Security, Forum Sentry is the Only API Gateway to Attain Network Device Protection Profile Compliance

BOSTON, Aug. 13, 2014 /PRNewswire/ -- Forum Systems Inc. today announced that Forum Sentry is the world's first API Gateway to achieve Network Device Protection Profile (NDPP) compliance.

In order to facilitate NDPP conformance, Forum Systems pursued a rigorous certification program with Corsec Security, Inc., the largest independent validation consultant in the security industry. The NDPP compliant designation builds on Forum Sentry's FIPS 140-2 certification foundation, reaffirming Forum Systems' commitment to delivering industry-leading API and cloud security gateway technology for protecting XML-, JSON-, SOAP- and HTML-traversing cloud, mobile and enterprise infrastructure traffic.

Although Common Criteria Evaluation Assurance Level 4 (EAL 4) has become the de facto standard for evaluation, the generic EAL 4 requirements may not be relevant, achievable and repeatable in all cases. The creation of technology-specific Protection Profiles with their own set of security assurance requirements can offer more targeted assurance with achievable, repeatable and testable requirements. Protection Profile compliance can require assurances and testing more rigorous than standardized EALs. In cooperation with other countries, the United States has initiated an evaluation paradigm where achieving success for certain IT products requires a transition to Protection Profile compliance and a move away from EALs.

Now "PP Compliant," Forum Sentry is the industry's only FIPS 140-2 NDPP-certified API Gateway for enabling secure connectivity between users, applications and the cloud. The first Layer 4-7 device to achieve NDPP security certification, it holds the industry's only patent for cryptographic acceleration of security processing.

"Improving cloud security is a massive challenge – but also represents a multibillion-dollar global opportunity for companies dedicated to delivering new, powerful and innovative solutions. Last summer, the Information Technology & Innovation Foundation forecasted that U.S. cloud computing providers could lose up to $35 billion in sales through 2016 based on escalating customer privacy and security concerns," said Mamoon Yunus, CEO of Forum Systems. "Entropy for random number generation is the cornerstone of strong cryptography. And Forum Sentry offers the highest level entropy coupled with hardened key protection to provide security assurance to those enterprise organizations hesitant to migrate to the cloud. We are excited to partner with Corsec to showcase Forum Sentry – the most hardened platform that delivers the industry's strongest cryptography."

"We have worked with Forum Systems for more than 10 years, making the rigorous security validation process easier, faster and more efficient so that Forum could focus on its core business objective – continuing to deliver strategic solutions to its customers," said Matthew Appler, CEO of Corsec. "We are pleased to team with Forum Systems to help this innovative company achieve NDPP certification and validate Forum Sentry's cryptographic capabilities in an evaluation that focused on technology-specific, tailored assurance requirements."

Processing and securing more than 10 billion transactions per day worldwide, Forum Sentry significantly reduces the cost and complexity of centralizing security, identity and governance for hundreds of global organizations, including some of the world's largest federal agencies. With the industry's most comprehensive built-in support for data formats and communication protocols, Forum Sentry enables companies to rapidly integrate internal SOA and external RESTful systems.

Last fall, Forum Systems significantly enhanced Forum Sentry with features including intelligent edge caching for network optimization, Amazon S3 integration for secure enterprise-to-cloud storage and expanded OAuth 2.0 support to simplify mobile SSO. Forum Sentry remains the industry's only FIPS 140-2 secured edge caching solution that provides tight integration with all enterprise-class identity stores to satisfy mobile users' demand for anytime, anywhere access while ensuring the highest levels of network security.

Additional Resources

About Corsec
Corsec is the world's leading certification solution. Corsec's 15-year track record includes more than one million hours of validation services delivered, more than 350 completed certifications, and hundreds of clients on five continents. For more information, visit corsec.com.

About Forum Systems
Forum Systems, a wholly owned subsidiary of Crosscheck Networks, Inc., is the innovation leader in API and cloud gateway technology. The industry's most comprehensive solution for centralized security, identity and governance for SOA, REST and mobile communications, Forum Sentry enables comprehensive threat mitigation and trust enablement, providing enterprises and government organizations worldwide with the foundation for achieving Secure Service Mediation. Processing more than 10 billion transactions per day worldwide, the NDPP-, FIPS- and DoD-certified Forum Sentry API Security Gateway delivers unparalleled protection against HTML-, XML-, SOAP- and REST-based vulnerabilities. Notably, Forum Systems products provide simplified integration and task processing with over 100 built-in, standards-based processing tasks. For more information, please visit www.forumsys.com.

All product and company names herein may be trademarks of their respective owners.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@MicroservicesExpo Stories
We have already established the importance of APIs in today’s digital world (read about it here). With APIs playing such an important role in keeping us connected, it’s necessary to maintain the API’s performance as well as availability. There are multiple aspects to consider when monitoring APIs, from integration to performance issues, therefore a general monitoring strategy that only accounts for up-time is not ideal.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost ...
These days, change is the only constant. In order to adapt and thrive in an ever-advancing and sometimes chaotic workforce, companies must leverage intelligent tools to streamline operations. While we're only at the dawn of machine intelligence, using a workflow manager will benefit your company in both the short and long term. Think: reduced errors, improved efficiency and more empowered employees-and that's just the start. Here are five other reasons workflow automation is leading a revolution...
As today's digital disruptions bounce and smash their way through conventional technologies and conventional wisdom alike, predicting their path is a multifaceted challenge. So many areas of technology advance on Moore's Law-like exponential curves that divining the future is fraught with danger. Such is the problem with artificial intelligence (AI), and its related concepts, including cognitive computing, machine learning, and deep learning.
There are several reasons why businesses migrate their operations to the cloud. Scalability and price are among the most important factors determining this transition. Unlike legacy systems, cloud based businesses can scale on demand. The database and applications in the cloud are not rendered simply from one server located in your headquarters, but is instead distributed across several servers across the world. Such CDNs also bring about greater control in times of uncertainty. A database hack ...
We have Continuous Integration and we have Continuous Deployment, but what’s continuous across all of what we do is people. Even when tasks are automated, someone wrote the automation. So, Jayne Groll evangelizes about Continuous Everyone. Jayne is the CEO of the DevOps Institute and the author of Agile Service Management Guide. She talked about Continuous Everyone at the 2016 All Day DevOps conference. She describes it as "about people, culture, and collaboration mapped into your value streams....
API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below.
“Why didn’t testing catch this” must become “How did this make it to testing?” Traditional quality teams are the crutch and excuse keeping organizations from making the necessary investment in people, process, and technology to accelerate test automation. Just like societies that did not build waterways because the labor to keep carrying the water was so cheap, we have created disincentives to automate. In her session at @DevOpsSummit at 20th Cloud Expo, Anne Hungate, President of Daring System...
Did you know that you can develop for mainframes in Java? Or that the testing and deployment can be automated across mobile to mainframe? In his session and demo at @DevOpsSummit at 21st Cloud Expo, Dana Boudreau, a Senior Director at CA Technologies, will discuss how increasingly teams are developing with agile methodologies, using modern development environments, and automating testing and deployments, mobile to mainframe.
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single-threaded, you can effectively identify hot spots in your serverless code. In his session at @DevOpsSummit at 21st Cloud Expo, Dave Martin, Product owner at CA Technologies, will give a live demonstration and code walkthrough, showing how ...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
We define Hybrid IT as a management approach in which organizations create a workload-centric and value-driven integrated technology stack that may include legacy infrastructure, web-scale architectures, private cloud implementations along with public cloud platforms ranging from Infrastructure-as-a-Service to Software-as-a-Service.
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.