Proverbs: how to become a cloud-based digital service expert using Trapize, no fishing required

As a business transforms itself into a digital enterprise by consuming cloud services, the IT department may feel as if they are being dragged along for the ride.  Gone are the days when an IT department’s sole concern was the management of firewalls, email, VPN’s, and more.

Today’s IT departments are now being asked to not only evaluate digital services but also determine the risks that those services may pose to the enterprise.  With the services running through a ‘pinhole’ in a firewall or via some encrypted, tunneling technology, the IT department must secure the access while also understanding the underlying data that is being exposed.

Every digital service that an enterprise exposes itself to causes the corporate IT staff to become an expert in a new application domain.  An enterprise either chooses to assign staff to help IT understand the applications (“give the man a fish…”) or begin the process of training the IT staff on the applications (“teach them to fish…”).

We’ve found that when it comes to our customer’s digital services, they don’t want to deal with fishing at all.  They instead want to sit down to enjoy a nice trout almandine.  The Trapize Digital Services Broker can make that a reality with built-in service intelligence.

The built-in tokenizing data vault allows the network management and IT staff teams to monitor and control application performance without being exposed to any sensitive business data. The Trapize inline proxy delivers profiles of popular digital services that allows the IT department to both monitor the performance of the service at the application level and enforce compliance and governance controls without becoming application experts.

Data analytics in the forest


A common misconception about big data analytics is that if you capture everything then you can make some really, really smart decisions.  In the “forest” of data collected it is more important how you weight the individual data elements.  The processing of data into categories is a crucial first step into deriving actionable insights from data.

In a forest, it’s really more important how you look at the trees rather than being able to see everything within the forest.  At a glance you might see a bunch of diseased trees and then you could be tempted to cut down the forest.  But if you look closer you might see that only elm trees look diseased which allows you to cultivate a different plan where you can be more judicious with the use of your chain saw.

Similarly, not all data is created equal.  Personally identifiable information (PII) and corporate private data must be identified and made to standout in the forest of data.  A social security number is not just a number, it is a personal identifier, it is confidential data and it is a government ID.  Assigning important data to categories or multiple categories allows businesses to actually know what is occurring in the dense forest of data.

Data being exchanged on your digital services needs to be classified much the same way.  Edge systems that merely tokenize data to hide the underlying information will never give you an actionable view of the data forest that is leaving your enterprise.

The Trapize Digital Services Broker provides cross digital service categorization of data being exchanged in your enterprise.  Business analytics can give you insights into what kinds of data is crossing from your control to your partners or even between your own business applications.  A multi-use token vault that underlies handling of all private data in Trapize and allows a business to understand the type and how many times an exact piece of data is being exchanged.

Et tu, Brute? Are firewalls and SD-WANS enough protection when using cloud APIs?

As enterprises are rapidly transforming their businesses with cloud-based digital services that are being driven by APIs, they are starting to realize more and more, that their firewall is providing less and less protection.  Interestingly, it’s not that the firewall technology has gotten noticeably poorer, it’s that today’s data streams are bypassing this traditional security model altogether.

Enterprises are beginning to realize – many with surprise and dismay – the need to shift their security model away from sessions being managed by a firewall to a more application-centric control model like a software-defined wide area network (SD-WAN).  These new software architectures enable IT to replace older tunneling technology – like multiprotocol label switching (MPLS) – and quickly build dynamic connections with trusted partners.

All good so far. The problem now becomes: Do you trust your friends?

For businesses to achieve regulated compliance and internal governance, they need to have positive controls over all digital transactions, specifically the “5 Ws” – What, Who, When, Why, Where. At the end of the day, it doesn’t really matter if you shared corporate data with your partners via a simple HTTPS session via the firewall or routed that data over a new private connection.  The question a corporate compliance or governance officer needs to answer is: Should that data have been shared in the first place?

So, while we probably could not have helped Julius Caesar with his problems of betrayal, the Trapize proxy can help our customers ensure that as your protected data passes to and from your partners, that your business retains full control while engaging in the API economy.

Is Shadow IT going to sink your enterprise?

We’ve all heard the saying “loose lips sink ships” and now imagine how that translates to enterprise data, where sometimes exchanging sensitive data with a partner is a good thing, sometimes not so much.

Today we’re finding that corporate infrastructures at most large enterprises have sprung more than a few leaks.  This situation has been driven by the rise of cloud-based digital services, where corporate IT is under increasing pressure to open ‘pin holes’ in a firewall or add DNS exceptions to satisfy business needs.

Unfortunately, this is a risky approach that could compromise the safety and integrity of the enterprise network, particularly since the term ‘pin hole’ implies a small, manageable exception to the otherwise rigid controls that a firewall supplies.  In reality, this couldn’t be further from the actual risk introduced with this approach.

With every pin hole or exception added, a ‘digital waterway’ is created where data can flow in and out of the enterprise.  Adding another layer of complication, this data is often encrypted so centralized compliance and governance solutions have no visibility into these streams.  This has given rise to the popular term “shadow IT”, where core IT has ceded control of previously protected corporate data to the line of business application using cloud-based digital services.  All in all, a pretty perilous situation and unacceptable to regulators who provide oversight.

While some cloud security solutions gaining in popularity today think that scanning for data that has left your enterprise gives you control, we think having the right tools – a sound strategy and navigational instruments – is a safer approach.

So why are enterprises putting their data at risk?

At Trapize, we have built an in-line proxy that not only decrypts this data, ours has a packet-by-packet deep understanding of the data in an application flow.  So, as data enters or leaves the enterprise perimeter, Trapize can apply policies on a service-by-service basis.  It’s a better approach to keep your enterprise afloat.

On the horizon, a new approach for digital transformation

Yesterday I wrote about my meetings with a diverse group of IT leaders who often ask “Are ESB’s dead?”. Today I’d like to continue that topic and review the complications many are experiencing on their digital transformation journey.

At the very foundation is the need to safely exchange data and services across their organization with agility. Yet today many IT organizations are experiencing some principled headwinds – and obvious blind spots – as their cloud-based digital traffic is traversing firewalls with little IT visibility or control of the digital services being used, consumed and exchanged.

Covered in an earlier post, IT is caught without the required tools necessary to address core business functions, yet is on the hook for agile innovation from the line of business stakeholders. So, what’s an enterprise to do?

Based on my conversations, there are three clear options but all that entail some cost or risk:

  1. add connectors to external services for the ESB;
  2. write custom middleware to wrap the services;
  3. or just ignore the problem.

From experience, most organizations are doing some version of all three.  So, let’s ‘pro/con’ the opportunity cost when putting those three options in practice.

To remain compliant to the mandatory regulations, the enterprise must write a connector for each API or develop middleware wrappers for the APIs in use. The cost estimates that I’ve seen range from $200K for each connector, to $400K for middleware wrappers.  We also can’t forget the hidden cost to your organization which typically drives a 12-18 month delay in deploying new services.  Sadly, the cost in both dollars and time have led many lines of business to simply take option three, poke a hole in the corporate firewall, and assume the business risk.  Probably not a good idea.

There is a new approach on the horizon, Trapize offers an in-line proxy that provides positive control on a request-by-request basis. This approach – not only quick and affordable – is the only way to achieve true enterprise compliance.   Trapize is a digital service broker that supports many of the most popular services enterprises are using today.

Is the sun setting on Enterprise Service Bus?

I frequently meet with a diverse group of IT leaders and I’m often asked “Are ESB’s dead?” The short answer is, it’s complicated.

Since the 1990’s ESBs have played a critical role for companies by providing a ‘walled garden’ to protect access to core business functions. ESBs have delivered assurances that business applications were communicating with legally required compliance and governance.

However, as a business’s critical services have shifted from proprietary applications deployed inside an enterprises perimeter to cloud-based applications and services, the role of the ESB is being called into question. As those mission-critical applications have moved outside of the ‘circle of trust’ that the ESB provided, enterprises have struggled to keep the same level of control mandatory to meet industry regulatory requirements.

These technology shifts have fundamentally changed the way a modern enterprise conducts its business today.  Lines of business inside an enterprise are more often relying directly on Google, IBM, Microsoft and others for digital services rather than accessing core IT functionality.  Studies have shown the average enterprise uses over 1400 unique cloud services in the normal course of its day to day business.

So, while new best-in-class services arise almost daily – and are necessary to remain competitive in this agile environment –  businesses need to quickly adapt. Particularly since the same confidential enterprise data is being used and exchanged by those services – which gave rise to the ESBs in the first place – yet without the necessary regulatory requirements.

Well, what’s an enterprise to do?  From my conversations, there seem to be three options: add connectors to external services for the ESB, write custom middleware to wrap the services, or just ignore the problem.

Over here at Trapize, we have a better idea. We provide ESB-level compliance and governance while enabling the enterprises continued use of cloud-native APIs.  Our high performance in-line proxy gives the same level of tight control in minutes and at a fraction of the cost that an enterprise is spending.

So, is the sun setting on ESB’s?   No, of course not, we believe they’re just reaching retirement.