Indeed, according to security company Ermetic, this attack doesn’t only affect the organizations’ on-premises systems but also their cloud-based infrastructure. Other experts reported that this could become a dangerous threat to cloud-based services.

It is a possibility that if the suspected attackers from Russian Intelligence agents were to extract and decrypt API keys from compromised Orion databases, they would then gain access to the related cloud-based services. The attackers could also use root API keys to get administrative access into any compromised accounts.

Therefore, it is essential that organizations take the fundamental precautions to protect their data and identify all exposed credentials. A series of actions in responses have been recommended such as rotating credentials, instituting least privilege protocols, and only deploying Orion on standalone and isolated accounts.

However, if Orion is deployed on an account that isn’t completely isolated from the rest of the cloud environment, everything that came into contact with the account could be compromised as well, as resources and identities are all still connected to the cloud. Similarly, any piece of a cloud environment that uses Orion IAM identity could be compromised as it would give attackers access to sensitive resources.

Hence, every company should put into place greater controls on internal access policies as well as do a manual review of every identity and resource to identify the extent of exposure and take effective action.

It is also vital that security teams understand what impact it could have on other clouds in order to determine the extent of the damage. Indeed, if other integration accounts are compromised, they then may be used to exfiltrate data or create residency on others, creating an even greater threat.

The post SolarWinds hack endangering cloud services’ API keys appeared first on DevOps Online.

The survey also stated that containers are becoming a very popular app with 34% of participants indicating that they were using containers in their production environment. In comparison, only 15% of respondents used serverless and 7% service discovery.

These findings then prove Gartner’s prediction that 75% of global organizations will have containerized applications in production environments by 2022. There is an important shift to microservices‑based apps, where companies want to build platforms with better resilience and quicker deployment abilities.

Moreover, the research revealed that 14% of participants are looking to adopt service meshes in the next year, which is 50% more than nowadays.

Thus, it also stated that the public cloud remains the most used infrastructure option for modern app tools as well as Infrastructure-as-a-Service, serverless computing, and private Platform-as-a-Service. There is a progressive shift away from on-premises load balancers towards more software-based load balancers.

Yet, there are still challenges. Indeed, 50% of respondents are concerned about security while 39% about reliability and availability, and 34% about performance.

As a result, it is likely that API gateway management will increase up to 22% as predicted in 2021. Therefore, organizations will start to invest more in solutions like WAF and service delivery.

As microservices management keeps on growing, there is going to be more investment in open-source container orchestrators and API management tools. Associated technologies will then also be increasing.

The post 2020 led to a rise in global microservices adoption appeared first on DevOps Online.

APIs are the essential building blocks of digital businesses—assembling data, events and services from within the organisation, throughout ecosystems, and across devices. This is driving new demands for organisations to create and monetise APIs and API products; maximise adoption and reuse across internal and external portals and API marketplaces; and ensure API security. WSO2 has added significant new functionality to support these enterprises with the availability of WSO2 API Manager 3.0, the only complete open source platform for creating, managing, consuming, and monitoring APIs and API products.

WSO2 has been recognised by Forrester Research, Inc. as a Leader in The Forrester Wave^TM: API Management Solutions, Q4 2018 report¹. In its evaluation of WSO2 API Manager, the report¹ states, “As the only fully open source solution in our Forrester Wave analysis, WSO2 provides good breadth across all evaluation criteria. Particular strengths include formal life-cycle management and non-REST APIs, both of which facilitate mature and disciplined enterprise API strategies.”

Version 3.0 builds on WSO2 API Manager’s capabilities for delivering a seamless, end-to-end API management experience while addressing all the requirements of API creators, product managers, and consumers. New functionality includes:

• API product creation with functionality for API product managers to combine related APIs into a single, monetisable product
• Redesigned API designer and developer portals that offer responsive user interfaces (UIs) and are easier to customise using the single-page application model and React.js library
• The first full lifecycle API management solution to offer a native Kubernetes operator to simplify API management and configuration in a cloud-native environment
• Support for GraphQL APIs for building high-performance, data-rich APIs
• Out-of-the-box API monetisation via the Stripe billing engine, plus support for plugging in other billing implementations
• Ready-built pipelines for continuous integration and continuous deployment (CI/CD) based on Kubernetes and Jenkins to shorten delivery times
• Integration with the Istio service mesh to bring API management capabilities to microservices
• Expanded security through JSON Web Token (JWT) authentication support, bot detection, and API schema validation

“APIs are the digital products of the 21st Century. As a result, organisations need greater flexibility to create, bundle, re-bundle, sell, and resell APIs—while ensuring their security and integrity,” said Paul Fremantle, WSO2 CTO and co-founder. “WSO2 API Manager is the most successful open-source, full lifecycle API management solution. Version 3.0 builds on the proven technology that already powers billions of API calls daily. Not only have we significantly improved the ability to create and monetise API products; we’ve added many technical enhancements to ensure WSO2 API Manager works effectively in a DevOps-driven cloud environment.”

Monetising and Productising APIs

The Forrester Wave^TM: API Management Solutions, Q4 2018 report¹ observes that, “Whatever the API use case, API providers can borrow from product management ideas and disciplines and manage their APIs as products—whether or not they intend to directly bring in revenue by charging for API use. API management products provide one or more tools to define available APIs, set policies and limits for their use, analyse how developers use APIs, configure pricing and billing models and other usage parameters, and communicate and collaborate with API user and API creator communities.”

WSO2 API Manager 3.0 adds capabilities that empower enterprises to embrace product management disciplines by making it easier to monetise APIs and create API products.

API Product Creation. WSO2 API Manager 3.0 enables API product managers to create new digital products by integrating multiple APIs into a single API product with well-defined subscription levels and monetisation plans. This enables true API product management, enabling enterprises to create and manage new business models while simplifying the subscription process for application developers.

API Monetization. With Version 3.0, API monetisation is now available out-of-the-box using Stripe as the default billing engine. Additionally, organisations can easily plug in other third-party billing engines based on their requirements and preferences. As a result, publishers can implement billing plans that align with their business models, maximise revenues, and attract API subscribers by offering a range of options.

Enhanced Developer Experience

As APIs have become central to modern application development, WSO2 has invested in introducing innovations to WSO2 API Manager that optimise the productivity of software developers. In Q3 2019, WSO2 launched WSO2 API Microgateway 3.0—part of the WSO2 API Manager platform—to simplify the process of creating, deploying, and securing APIs within distributed microservices architectures. Using an architecture based on the open source Ballerina language, it provides a cloud-native, lightweight, developer-centric, decentralised API gateway for microservices.

Version 3.0 of WSO2 API Manager offers new and enhanced capabilities to further support the efforts of developers, as well as API publishers and API consumers.

Kubernetes Operator. Kubernetes is rapidly becoming the de facto cloud orchestration platform standard. WSO2 API Manager 3.0 is the first full lifecycle API management platform to natively support Kubernetes through a Kubernetes Operator. This means that managing and configuring APIs becomes a core part of the Kubernetes platform, closely integrating with existing management tools. The result is higher productivity for developers, DevOps, and cloud administrators when building, deploying, and managing APIs.

CI/CD Pipeline. The ability to deploy APIs and API products into an API portal and API gateway is becoming a key requirement for agile development. WSO2 API Manager 3.0 addresses this demand with a pre-defined CI/CD pipeline. This enables teams to significantly reduce the time it takes to deliver an API to customers and partners, while ensuring increased testing and quality assurance. WSO2 API Manager also works seamlessly with teams’ existing CI/CD pipelines to create a complete end-to-end CI/CD approach.

Integration with Istio. A microservices architecture (MSA) enables developers to be more agile and innovate faster. Istio is the industry’s most popular service mesh, providing a uniform way to secure, connect, and monitor the microservices in this disaggregated architecture. Now WSO2 API Manager integration with Istio brings full lifecycle API management capabilities to microservices while Istio serves as the control point—without the need for a separate microgateway.

Redesigned User Interfaces. React.js is one of the most used UI libraries for developing eye-catching, responsive user interfaces. WSO2 API Manager 3.0 features completely redesigned UIs for the API designer and developer portals based on React.js, making it simpler and more effective to customise the portals and create an effective API catalogue.

GraphQL Services as APIs. The GraphQL query language simplifies and optimises the creation of data-rich APIs. Using the Schema Definition Language (SDL), it becomes a simple process to define and manage GraphQL-based APIs. This offers a simple, standard alternative to traditional REST APIs and is particularly effective for mobile applications as it can dramatically reduce the number of API calls required to implement a business operation.

Expanded API Security

The proliferation of APIs driven by digital initiatives is viewed as a virtual goldmine by hackers. WSO2 has put a priority on addressing the rapidly evolving security attacks on APIs by expanding on the robust policy-based controls for authentication and authorisation in WSO2 API Manager. In Q2 2019, WSO2 delivered an open source extension to WSO2 API Manager that enables enterprises to take advantage of the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs. Version 3.0 further advances security in WSO2 API Manager through three new capabilities.

JWT Authentication Support. JSON Web Tokens are widely used to share user details between services. JWT authentication support in WSO2 API Manager 3.0 means that when APIs are secured using the OAuth 2.0 authorisation protocol, JWTs issued for users from the API Manager security token service (STS) can be used to invoke APIs. This greatly simplifies the ability to perform true hybrid and distributed deployments of API gateways, significantly increases the scalability factor of API gateways, and reduces operational costs.

Bot Detection. WSO2 API Manager 3.0 provides out-of-the-box functionality to easily trace back problematic API calls, detect suspicious behaviors—such as context scanning and internal scanning—and then notify administrators. This makes it possible to identify potential threats from bots and other attackers and take preventative measures as required.

API Schema Validator. Validating requests and responses against predefined schemas is one of the most common requirements faced by developers. The API Schema Validator in WSO2 API Manager 3.0 lets developers use their own Open API definitions and enforce their request/response validations without additional work.

Availability and Support

WSO2 API Manager 3.0 is available today. As a fully open source solution released under the Apache License 2.0, it does not carry any licensing fees. WSO2 API Manager is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24×7 support. Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model—cloud, on-premises or hybrid—based on their preferences. Information on WSO2 Subscription and other service and support offerings can be found at https://wso2.com/consultant-services.

About WSO2

WSO2 is the world’s #1 open source integration vendor, helping digital-driven organizations become integration agile. Customers choose us for our broad integrated platform, our approach to open source, and our agile transformation methodology. The company’s hybrid platform for developing, reusing, running and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. Today, hundreds of leading brands and thousands of global projects execute 6 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.

¹Forrester Research, Inc. “The Forrester Wave: API Management Solutions, Q4 2018,” by Randy Heffner with Christopher Mines, Allison Vizgaitis, and Diane Lynch, October 29, 2018.

Trademarks and registered trademarks are the properties of their respective owners.

The post WSO2 API Manager 3.0 brings a new level of ease to monetising, productising, securing, and managing APIs appeared first on DevOps Online.

By leveraging Zephyr and creating new integrations, the company plans to provide Atlassian users with a native experience for their development activities.

According to the release, the new integration will enable test automation across UI, API, and data layers, as well as across a range of mobile devices and browsers.

The company also expanded its Behaviour Driven Development (BDD) capabilities with the introduction of a new Living Documentation Jira, which enables all team members to collaborate on projects more easily.

“We are excited to be following our acquisition of Zephyr so quickly to help Jira users extend their workflows,” said Justin Teague, CEO of SmartBear.

“With these new integrations, SmartBear continues to lead the way in software development and testing by being the first to provide a completely integrated test automation solution—extending the native Jira experience in Zephyr. This continues to highlight our belief in the Atlassian ecosystem and commitment to those 130,000 customers.”

The post Smartbear integrates test tools with the Atlassian ecosystem appeared first on DevOps Online.

In the UK, fintech has become especially important and is viewed as a potential economic beacon amid post-Brexit uncertainty, as multiple jurisdictions vie for top fintech hub status. There is both a national fintech initiative and a number of provincial projects aimed at encouraging private sector investment and promoting more academic involvement. And these efforts are being replicated worldwide – from the US to Hong Kong and Singapore.

What’s open banking all about?

Open banking is designed to increase competition in banking and lower the barriers to entry, while the EU’s ‘PSD2’ directive is focused on creating a safer and more innovative European payments landscape. The legislation will give consumers the option to share their bank account data securely with ‘trusted third parties’ through open APIs. Trusted third parties can then access this data to create new insights and innovations for customers based on their transaction behaviour.

This opens up the banking market to a host of new competitors and also paves the way for increased collaboration with all types of organisations – from industry giants such as Amazon to niche solution providers offering complementary services.

In the UK, the nine largest banks have already been told to open up access to customer data to licensed fintechs. Other countries worldwide are also mandating a similar approach.

At the same time, banks are faced with a range of other IT challenges, including the need to:

1. Deliver real-time transactions
2. Digitise front and back-end systems and processes
3. Connect their systems to a wider ecosystem through open APIs
4. Incorporate distributed ledger technology or blockchain – seen by many banks as game-changing technology
5. Move areas of their business to the cloud: to reduce hosting fees, be safe and secure, provide hardware support and maintenance that can scale
6. Innovate and improve customer service using artificial intelligence.

By mandating banks to make their customers’ data accessible to third parties and encouraging the use of open APIs, open banking is designed to encourage innovation and champion collaboration – allowing developers access to banks’ precious customer data and their core systems upon which so many successful fintech apps are built.

The move to platform – on the rise

Platform is the business model of the 21st century. A platform connects consumers with producers in a way that benefits all, quickly and with minimal friction. The company that owns the platform needn’t develop the products or services being sold – it’s all about the connections. Uber’s a great example: it’s the largest ride service in the world but doesn’t own the cars.

Apple was an early adopter of the platform model. The Apple App Store is open to everyone. New apps can be posted rapidly and gain exposure to more than half a billion people from 155 countries. In 2017, iOS developers earned US$26.5billion in this way.

In contrast, financial services have been slow to adopt the platform model. Closed, legacy systems and requirements around availability and security have been major obstacles to innovation. For developers, working with banks has been difficult because the integration processes are so tough, messy and long. But this is changing. People today expect modern apps and services and they’re not seeing them fast enough from their banks, lenders and investors. As a result, we’re now seeing a real appetite from banks to move to a platform model.

To support the move, Finastra is backing a ‘platform-as-as-service’ approach – designed to give banks and developers the optimum environment to collaborate and build new applications. As well as providing connectivity to a standard set of pre-built and fully integrated open APIs, a platform-based approach can also dramatically optimize the software developer environment. For example, giving developers the ability to interact with the open APIs in a sandbox environment will allow them to experiment online in bringing data into their applications and to test the inputs and outputs in a safe environment before they’re deployed to market.

The benefit of the cloud and a platform-based approach is that it allows banks to decouple their APIs from their often-incompatible legacy systems and to create the API testing environment necessary for quality control and ease of collaboration with partners and customers. As a result, new apps can be fully tested and delivered to market much faster – helping banks deliver on the potential of open banking for their customers.

Developers have never had such a great opportunity to present their ideas and innovations to the banking industry. As you consider how best to invest your time – just remember, banks, lenders and investment firms need your help, now. Shall we get started?

Written by Mitesh Soni, Senior Director – Innovation, Fintech and Ecosystems at Finastra

The post Open banking: what are the opportunities for developers? appeared first on DevOps Online.

Starting with a clear vision and strategy for the specific outcomes we desire has allowed us to put in place the technical and cultural building blocks in our product for the permanent transformation of our product delivery pipeline. We have a simple but clear vision to:

• Have a holistic approach that optimises the efficiency of the whole system, not just some parts
• Re-engineer the product architecture and the release processes to improve deployment frequency and deployment lag
• Demonstrate improved behaviour of the product in production to the operations teams
• Conform to all appropriate company compliance standards
• Ensure all stakeholders in the delivery pipeline are involved in creating the solution.

Our aim is to deliver this vision using the “configuration as code” DevOps model with standard software engineering principles. The outcome we desire is to reduce the time from code commit to the deployment of high quality, highly secure small functional artefacts into production.

Cultural changes

Tools are a necessary but not sufficient condition for DevOps to succeed. As well as new tools and methods, it is important to understand that business processes and cultural habits will also need to change. Changes will often experience resistance unless the benefits DevOps can be demonstrated.

Because of previous deployment issues, most companies will have additional governance processes and separation of duties to reduce the risk of production issues. This will naturally create silos, which are anti-patterns to DevOps success. Breaking down these barriers must be done in a sensitive way so as not to imply lack of commitment or professionalism from either side. Building relationships and demonstrating deployment competence of the development teams are often the only way to change opinions. This takes time and effort.

John Kotter’s 8 stage change process is a useful tool to manage business change (see diagram). Key to this is building a guiding coalition. Initially, it is important to spend time building relationships across the different disciplines and silos. This helps determine whom the key decision makers are, what strategies and tools are already being used, and what degrees of freedom there are to make changes. Finding ways to demonstrate business value (short-term wins) are an excellent way to gain trust and respect across the various stakeholders and between silos.

Source: https://www.kotterinc.com/8-steps-process-for-leading-change/

Automated testing

It is also important to understand potential objections and address those objections in any DevOps strategy. For example, it is vitally important to prove that the new processes deliver higher quality and more secure artefacts than previous deployment pipelines. This means implementing a “shift-left” testing policy particularly by using automated testing earlier in the software development cycle. In many organisations, testing is often performed late and usually includes manual or semi-automated testing. Using automated testing enables us to provide quality gates earlier in the continuous delivery pipeline. This ensures greater confidence in deployments into test environments and eventually into production. It also enables regression testing to be performed when modules are changed reducing the risk for production deployments. This does, however, have implications for the new skills and behaviours required in both software development teams and testing teams.

Tools and recipes

Continuous delivery is such a different paradigm to the usual deployment methods that stakeholders, particularly budget holders, need to be shown why investment in tooling is important. Adopting some tools and choosing an appropriate project to demonstrate business benefit quickly is often a better approach than company-wide initiatives over a longer period. Which tools are chosen are usually less important than adopting DevOps policies and principles such as using recipes, adopting version control for all code (not just source code) and using appropriate pipeline orchestration. As with any coding discipline, our knowledge of how to build pipelines grows as we gain experience writing more and more complex pipelines.

Continuous delivery

While there is still work to be done, the early results we have seen in our product have demonstrated the business value to various stakeholders and allowed us to gain credibility within the development and operations teams. Each new delivery gives us more confidence and enables us to grow our knowledge in building relationships across teams and using DevOps techniques.

Written by Director of DevOps at ADP UK, Keith Watson

The post Technical & cultural building blocks appeared first on DevOps Online.

The cross-platform service integrates competitions into mobile, PC and console games, helping developers partake in the growing eSports market.

Players and streamers will be able to create their own user-generated competitions and invite participants, which allows them to connect with friends, helping expand their gaming network.

‘Powerful tools to foster community’

The gaming service works on any operating system and is built on AWS cloud infrastructure.

Amazon competitive gaming director, Marja Koopmans, said at the firm’s GDC 2018 keynote: “Game developers have consistently told us they are looking for ways to increase player engagement and retention.

“We built Amazon GameOn to give developers simple, yet powerful tools to foster community through competitive gameplay.”

GameOn is currently being used by nWay, game Insight, Millenial Esports’ Eden Games, Umbrella Games, Nazara, Mindstorm, Mokuni, Avix and GameCloud Studios.

Written by Leah Alger

The post GDC 2018: Amazon announces cloud-based gaming service appeared first on DevOps Online.

Even though this looks like a gargantuan amount, US$1.9trillion is just 8.7% of the total retail sales in the year 2016.

With the growing number of internet service providers, the proliferation of mobile data and the growing acceptance of e-commerce sites, there is a huge potential for further growth, and sales numbers are projected to reach US$5trillion by 2021.

This has led to a flurry of new startups and investments in the e-commerce domain, and every new player is aggressively trying capture this market.

Customer experience

One of the key metrics that decides success in this field is the “conversion rate” –  the ratio of visitors to a website that completes a purchase.

The average conversion ratio varies widely depending on the nature of a business, but it is critical to have an above average conversion ratio to be a successful e-commerce website.

Though a lot of factors play a role in determining the conversion ratio, customer experience stands out as the most important ingredient.

Gartner’s prediction indicates that, by 2020, customer experience will overtake prices and products as the key brand differentiator. But the problem is that there is no fixed set of rules to improve customer experience.

Innovations

Experience suggests it is purely based on trial and error. Unlike other websites, e-commerce websites require extra attention to ensure seamless performance at a customer’s end.

This means tweaking, upgrading, and adapting to new innovations at a rapid pace to stay ahead of the competition.

Quick implementation of these innovations and rolling back certain unsuccessful ones at a lightning pace gives a company huge competitive advantages.

These innovations might help in providing a solution for a wide variety of issues ranging from:

1. Adaptability to existing and new devices (Mobile phones, laptops, tablets and any other new devices)
2. Adaptability to a new UI or web server
3. Improving and measuring load performance during peak hours or during flash sales
4. Integrating a new API to improve the functionality of the website

Testing the ecosystem

Agile development is just one piece of the puzzle offering to solve these issues, but an equally important piece is an end-to-end test system.

A comprehensive test system which tests the whole ecosystem starting from frontend, backend, API, load and integration layer (Integrating shopping carts, standards for data transfer, payment server).

Furthermore, automating end-to-end testing adds greater agility, allowing you to quickly respond to changing business needs, reducing time to market.

Automating also allows you to increase the number of tests performed, adding to the breadth and completeness of your testing.

Written By Mouli Srinivasan, marketing manager at Renovite Technologies.

The post Why is end-to-end test automation the ‘best way ahead’ in e-commerce? appeared first on DevOps Online.