Perficient Digital Transformation Blog

Archives

Archive for the ‘News’ Category

API Security: Common Threats and Considerations

shutterstock_199528379

Common API Threats: spoofing, tampering, repudiation, denial of service, unauthorized access, confidentiality violation

API Security Considerations: 

Identification – Know Your Consumer
The common approach to implementing this is using API keys, which are nothing but randomly generated values that will vary for each consumer.

Authentication – is Consumer Authentic

User-Password over SSl/TSL: the API consumer will be providing a user password to ensure their authenticity.

OAuth – Additional Security by providing token-based access, and the token can have attributes like expiration, which means
any user can perform certain activity for certain period of time and then later on they need to renew or get a new token
depending on what strategy is being implemented.

SAML – Another mechanism for Authentication. Security Assertion Markup Language (SAML) is an XML standard for injecting
Assertions. Typically, the identity provider will validate the user’s identity and insert appropriate assertions to describe things like what application, resource users have access, roles etc.

OpenID is another solution that gives funcationality similar to OAuth and SAML

Authorization – Is consumer authorized to perform a certain action?

Apart from these basic things, one might also want to consider following:

Json Attack: Since most of the API accept or return JSON response, the response can be intercepted in middle. We can have API Gateway taking care of this for all request responses.

Data Protection : Depending on the information being sent or received, we might need to encrypt certain data elements or mask data so that it will be difficult to guess or figure out what they are and what they really mean. For example, PHI or PCI information.

Twitter please improve user experience

Billionaire venture investor and Twitter shareholder Chris Sacca recently wrote a much deliberated post and open letter to Twitter entitled What Twitter Can Be. His reason for writing this long letter was, “Twitter can be so much more than it is today.”

An excerpt from his writings follows:

Hundreds of millions of new users will join and stay active on Twitter, hundreds of millions of inactive users will return to Twitter, and hundreds of millions more will use Twitter from the outside if Twitter can:

  • Make Tweets effortless to enjoy,
  • Make it easier for all to participate, and
  • Make each of us on Twitter feel heard and valuable.

Accomplishing this isn’t hard and there are obvious, concrete steps to fix it all. Done right, countless users new and old will find Twitter indispensable, use Twitter more, see great ads, buy lots of stuff, and make the company much more money along the way.

The entire letter can be boiled down to, Twitter improve your user’s experience. This has long been a goal of the systems we build at Perficient and we have a great user experience team to help our technologists build applications to delight users.

I agree with Chris Sacca. Twitter, like many companies, should strive to improve their user’s experience and value their user’s feedback. There should be no controversy here.

Posted in News

Digital Leadership Turns into Better Business Performance

We’ve been talking about how digital transformation is essential to success in the future. Harvard Business Review Analytic Services and Redhat recently published a study that shows digital leaders are more likely to be successful than followers or laggards.  Here are a few key points from the study:

  • Digital leaders are more likely to have revenue growth over 10%
  • Profit margins for digital leaders are greater than the average
  • Leading companies will have a CEO who understands digital opportunities and threats, a CIO who is a master at digital, and digitally proficient leaders at many levels of the company
  • Digital leaders will have a clearly defined strategy and vision

In the study, digital followers and laggards were only confident in their digital skills and knowledge 19% and 5% respectively, compared to 67% of the leaders who were extremely confident in their skills and knowledge.  When asked about barriers to developing their digital business, 57% of laggards cited lack of digital leadership as a cause, which was the most cited reason by laggards.

For those companies who want to improve their digital leadership, the authors identify the following actions for CIOs:

  • Create a digital advisory board made up of internal and external experts to advise the executive team.
  • Learn to paint a picture of the digital future and use real examples
  • Embed IT staff in the lines of business to increase two-way learning
  • Create a common lexicon to increase understanding and improve communications
  • Partner closely with key business leaders
  • Establish formal and informal learning forums
  • Embrace a coaching framework across the organization
  • Identify and bring in outside experts to address specific trends for various parts of the business

A good way to start improving your digital leadership is to attend the upcoming webinar Rethink and Realign for Digital Transformation Success. While not tied to the study I talked about, this webinar will provide insights into many of the areas identified above.

You can get the full report on the enterprisersproject.com site.

Digital Transformation without APIs and Data Costing Millions

A recent UK study sponsored by Apigee found that a digital transformation should include mobile apps, APIs and data analytics. And that companies “investing in these core digital technologies are eight times more likely to increase revenue from digital activity, this is when compared to those who are only developing apps.”

The report found that those who are only delivering apps saw an increased revenue median of about £266,000, in contrast, those who are investing in all the areas saw median returns of over £9,000,000.

Despite the majority of UK companies recognizing the value of developing API’s (75%), only 26% actually plan to deploy APIs in 2015 and not many more (35%) plan to incorporate big data analytics into their products, processes and services.

Not only is the use of the ‘digital trifecta’ providing an increase in revenue, it is also leading to an increased ability to innovate, with 41% compared to apps only 15% seeing an increase.

Perficient’s Digital Transformation webinars, whitepapers and blogs have focused on the holistic approach to a Digital Transformation including apps, APIs and data analytics backed by a deep understanding of the customer’s experience. This study enforces the need to take an all-inclusive approach to Digital Transformation.

Posted in News

8 Benefits of Microservices

shutterstock_90066292_croppedMicroservices are small, independent services that work together. In other words, these services are small, highly decoupled and focus on doing a small task at a time.

  • Follow the Single Responsibility Principle
  • Resilient/Flexible – failure in one service does not impact other services. If you have monolithic or bulky service errors in one service/module it can impact other modules/functionality.
  • High scalability – demanding services can be deployed in multiple servers to enhance performance and keep away from other services so that they don’t impact other services. Will be difficult to achieve same with single, large monolithic service.
  • Easy to enhance – less dependency and easy to change and test
  • Low impact on other services – being an independent service, this has less chance to impact other services
  • Easy to understand since they represent the small piece of functionality
  • Ease of deployment
  • Freedom to choose technology – allows you to choose technology that is best suited for a particular functionality

How to do API Versioning

1- URL based versioning

Easy and very common way to version api is to include version no in api url.
For e.g. http://myapi/v1.0.0 , http://myapi/v1.0.1

  • Easy to use and identify different version by looking URL.
  • Over time need to maintain various urls

2- Using query param

Another easy to use startegy for api versioning
For e.g. http://myapi?version=1.0.0

  • Same url for different api version
  • Need to add tranformation logic to route to particular version

3- Using custom HTTP header

Slight advantage over approach #2 since this will keep url short.

  • same url for different api version
  • Need to add tranformation logic to route to particular version

4- Using Accept HTTP Header

For e.g. Accept:application/v1.0.0+json , Aceept:application/v1.0.0+json

Slight advantage over approach #3 since no need to add new custom header.

  • Same url for different api version
  • Need to add tranformation logic to route to particular version

Tags: ,

Posted in api, Best Practices, Mobile, News

Google and IoT

To compete with efforts by Oracle, Apple and Microsoft to create software for developers for the Internet of Things (IoT) applications, Google announced “Project Brillo” at their I/O Conference in San Francisco on May 28. In their statement, they said that, “Brillo extends the Android platform to all your connected devices, so they are easy to set up and work seamlessly with each other and your smartphone”. They also indicated that Brillo will work another new technology called Weave, which is designed to foster easier communications between devices.

Google specified the particular target groups that they would focus on:
1) For OEMs of devices, they will benefit from a quick and secure building process without the need for software updates. Other operating systems will also benefit by connecting to Weave.

2) For application developers, Brillo will “Extend the reach of…apps to the physical world. Build one app to control multiple devices in the home and work environments, leveraging Google services such as voice actions.”

3) For end users, they can feel comfortable that their “connected devices will work with each other, and work with your phone. Automatic setup and easy-to-use sharing is built-in.”

Google did not yet explain how Project Brillo and Weave would work with or compete with “NEST”, the smart device platform that Google also owns. Further, they did not at the time choose to address how Google’s new play will fit into a market that is already highly competitive with the dominant forces of Oracle, Apple and Microsoft. However, it was still very intriguing to see Google plunge into this space.

Posted in News

How Not to Lose a Job Before Starting

shutterstock_272657948At Perficient, generally and specifically here on the digital transformation blog, we spend a lot of time discussing change: how companies want to change, how they need to change. How eCommerce and marketing are changing the relationship between consumers and company. We provide examples on what executives need to do to change their relationships with customers. The changing relationship of customers with other customers are themes.

Today, I thought we would discuss another aspect of the change: the change between employee and employers. In interest of full disclosure, David Strom once came to my company to work with my team on testing HSM (hierarchical storage management) products. I like to think of these type of product reviews the Yelp of pre-Internet days. David’s recent post on LinkedIn discusses how social can impact one’s employment and not in good ways.

Considering how so many of us use crowd sourcing, whether it for a new purchase, movie selection or vacation destination, it isn’t surprising that people have done so with job offers. The part of the article that resonated most with me was this quote:

First, if you get job offers from more than one company, keep them offline, and if you have to seek advice, definitely keep it to a phone call or two to a trusted mentor or adviser. No need to get the entire webverse engaged. This doesn’t have to be a public spectacle. Or really anyone else’s business but your own.

(Emphasis in the original post) As I have said to people, never write anything in an email that you wouldn’t want to see on the side of a bus or on a 4’ X 4’ card in a courtroom. I’ve had to modify that advice to include more channels over the years but the premise still holds true.

In the past several years, I have noticed LinkedIn profiles being used with or instead of resumes. Whether this is interviewing consultants, researching people while in meetings or as an industry speaker, I am finding that our electronic work lives are finding their way into our physical life.

I recall presenting at a Society of Information Management (SIM) event on social. One of my co-presenters said they use LinkedIn during the interview process. They weren’t checking the resume, instead they want to see the candidate’s connections. Does this person have the type and level of connections and recommendations that one would expect at this level?

There has been a lot of discussion over the changing nature of the resume (video resume!  Twitter resume!) and I won’t repeat those comments but I do firmly believe that our social personas are becoming more critical in the employment process.  While the examples have focused on LinkedIn, my comments are generic. What are your experiences? How often do you use LinkedIn when hiring, either employees or consultants? Do you use it to decide which speakers to see at a conference?

Posted in News

What is Service Virtualization and Why Do We Need It?

Service Virtualization emulates the behavior and data of dependent systems such a way that represents the dependent system without any constraints, thus allowing software to be developed and delivered faster, with lower costs and higher reliability.

Before Virtualization:

 

After Virtualization:

AfterVirtualization

Constraints which affect development and testing at various SDLC phases:

  • Dependent component/services still not completed
  • Dependent component/services not available due to maintenance or system issue
  • Data set-up not completed
  • Limited access
  • Data refresh caused cleared out existing data

Benefits:

  • Reduce dependency for various system/services.
  • Increased Productivity
  • Faster development
  • Reduce system constraints
  • Agile Development made easy

Private APIs Vs Public APIs

Private APIs :

  • APIs which are used within organization to build apps.
  • Apps built on private APIs can be used inside organization or released to public using various channels like company site, app store.
  • Partners can use private APIs to build apps.
  • Private APIs enable faster business integration with partners.
  • Avoid dependency on external APIs and apps, For e.g. public API is discontinued.

Public APIs:

  • Expanding reach across various platform and devices.
  • Increased brand value.
  • Creativity has no limits.
  • Your competitor can use content for various purpose if your API overexposed your business content.
  • Patent/Rights infringement.

Tags: ,

Posted in api, Mobile, News