API Management, PCI Compliance, Enterprise Mobile Access

Hybrid Enterprise

Cloud Security > Hybrid Enterprise

Learning Bundle

Hybrid Enterprise Background

The enormous differential between cloud economics and Internal IT economics for storage, compute and network is such that the Enterprises are increasingly using the hybrid deployment patterns for reasons that increasingly going beyond "peak" usage provisioning versus "mean" usage provisioning. In fact, hybrid deployment patterns where components of a business application reside on public cloud while others are in private domain are exploding.

The emergence of hybrid Enterprise provides opportunities for IT to enable business to be nimble and for business line managers to have the flexibility to utilize SaaS (Software-as-a-Service) services as well as react more nimbly to their customers especially as it relates to mobile apps and services.

Hybrid Enterprise also creates its own set of challenges for Application Infrastructure, right from the plan & design phase, through deployment & staging and in regards to security & data protection. Intel's Expressway product solution can be deployed stand-alone or in combination to address various Hybrid Enterprise usage models as your organization grows.

Expose Application Services through a Central Integration Backplane

First step in moving to a cloud enabled hybrid Enterprise Application Infrastructure is to inventory internal services and applications, and partition the components that are hard or unlikely to move to public cloud infrastructure due to compliance, application sensitivity or spheres of control reasons. As these reasons may change over time, the easiest way to "partition" the cloud-ready and non-cloud-ready application stack is through a flexible, secure & lightweight Integration ESB such as Intel® Expressway Service Gateway. Supporting SOA, REST and legacy integration patterns in a visual design-and-deploy environment it provides the ideal IT owned or Cloud Service Provider offered Cloud Service brokerage infrastructure. See SOA Integration

Stage Application Services with API Management

API based Services can transform enterprise business models by surfacing siloed legacy assets and data for simplified external consumption outside the enterprise firewall. API Management provides the ability to stage APIs through API packaging and proxy capabilities referred to as an API Gateway. The economic value of APIs is enabled through analytics, metering and billing capabilities. The value is realized through a community based "API portal" model where new APIs & services are exposed and discovered by developers who can write new composite applications using the building block services promoted through the portal. See API Management

Secure Application Services with Application Firewalling & Authentication

Both API based services and cloud-enabled Enterprise Applications need to be protected against application level threats and provide authentication, authorization and data security capabilities typically not offered by the network level security products. HTTP(S) 1.0/1.1, REST, SOAP, JSON, XML and other means of exposing application services have shown a long history of potential expansion of attack vectors. In addition to protecting against such application threats, external or cloud user authentication and authorization is likely to be restricted to Network DMZ and done by a service gateway proxy where authentication happens against authoritative decision points like identity & access management products. See Token Authentication

Data Protection: Make Application Services PCI & PII Compliant

Data protection & data residency practices are becoming increasingly important in a hybrid Enterprise environment where the ability of Enterprises to enforce a business-specific compliance regimen such as for PCI DSS (Payment Card Industry Data Security Standard) or PII (Personally Identifiable Information) may not be viable in public cloud. Proxy based Tokenization for PCI DSS compliance ensures that the islands of PCI-DSS datasets remains small and well protected while most hybrid applications are cleanly separated from annual recertification for compliance purposes. Format Preserving Encryption or encrypting in such a way that the output is in the same form as input provides for an easier way to mitigate effects of data residency requirements in restricting the use of cloud economics. See PCI Compliant Security

© Intel Corporation  |  Terms & Conditions  |  Privacy Policy  |   Resources  |   Wiki  |   Site Map