Application Security & Identity White Papers



Application Security & Identity White Papers

Cloud Identity Buyer's GuideCloud Identity Buyer’s Guide
The Cloud Identity Buyer’s Guide discusses the issue of identity and access management (IAM) for cloud applications. It outlines the issues that need to be addressed, suggests some approaches to solving those issues and provides an overview of the Intel products that help companies manage their SaaS application identities more effectively and efficiently.


IHE White PaperIHE and Intel: Delivering a Foundation for
Interoperable Health Information Exchange
IHE is an initiative by healthcare professionals and industry to improve the way computer systems in healthcare share information. Together, IHE and SOA can provide a strong foundation for cost-effective, flexible and interoperable Healthcare Information Exchange (HIE) infrastructure. The focus of the paper is to help explore the issues, challenges and benefits of a closer alignment of IHE profiles with a SOA approach to designing and building systems.


Security Gateway Buyer's GuideSecurity Gateway Buyer’s Guide
Independent industry security expert Gunnar Peterson provides the analysis and decision support that will enable you make an informed choice when evaluating Security Gateways. Describes security architecture capabilities, common business use cases, and deployment considerations. Upon registration you will receive access to the white paper and a customizable technical RFP matrix.


DZone REST Reference CardDZone REST Reference Card
A must-have tool for everyone engaged in developing, managing and securing REST based API infrastructure. This reference card created by DZone contains handy references to various REST topics including The Basics of REST, What about SOAP, Richardson Maturity Model, Verbs, Response Codes and more.


Federal Cloud Security Challenges and SolutionsFederal Cloud Security Challenges & Solutions
This paper is designed to define the landscape of federal cloud security initiatives, distill relevant standards and security design patterns, and map these to commercial technologies in the market today. Our goal is to equip government security practitioners with actionable knowledge and solutions to accelerate their adoption of the Federal cloud. Intel and McAfee contracted this paper to be written by Gunnar Peterson, an independent security consultant with significant field experience in the federal sector.


Cloud Security Reference Architecture GuideCloud Security Reference Architecture Guide
Intel’s Cloud Builders program permits you to leverage a team of leading vendors to design, deploy and manage your cloud infrastructure. We provide you with a starting-point on your evolution to cloud computing, by supplying you with basic hardware blueprints and available cloud software management solutions, including Intel® Expressway Service Gateway. In this reference guide, you’ll find beneficial use-cases that can be adapted to suit your specialized usage and deployment models.


Intel Expressway Service Gateway: REST Solution Brief
Presents how to simplify the implementation of standardized enterprise security for both REST and WS-* services, and how a Service Gateway can act as a central Policy Enforcement Point to delegate authentication/authorization and provide REST to SOAP mediation without having to write code.


QSA Tokenization Broker Assessors Guide
The Assessors Guide describes how Intel® Expressway Tokenization Broker specifically addresses more than 200 PCI DSS requirements. This document was written and edited by actual PCI Compliance Assessors. The document provides specific guidance on how to increase security of your cardholder data environment through tokenization. In particular, Section #4 of the Assessors Guide offers you a beneficial and comprehensive outline of individual PCI DSS 2.0 requirements and how Intel Expressway Tokenization Broker helps address those requirements.


HIMSS Security SurveyIntel-sponsored HIMSS Security Survey
The 2010 Intel-sponsored HIMSS Security Survey reports the opinions of 272 information technology (IT) and security professionals from healthcare provider organizations across the U.S. In particular, it focuses on key issues associated with the tools and policies that are in place to secure electronic patient data at healthcare organizations. For a playback of the November 30th HIMSS/Intel Webinar that provides additional details regarding how security gateways can be leveraged to help safeguard patients’ data, click here to access our Webinar playback page.


Reducing PCI DSS Scope: The Gateway Approach
Organizations that process credit card information are confronted with the issue of PCI DSS “scope”, which refers to all components of a computing network that directly or indirectly handle card data. These network components are a primary focus of PCI DSS regulation, compliance, and assessment. Any information system such as a database, web server, or application server that handles credit card numbers can immediately be pulled into PCI scope and become the focus of an assessment. One of the primary ways to counter the cost and organizational burden of PCI DSS compliance is to reduce overall scope within the enterprise, and the only way to reduce scope is to eliminate accessibility to sensitive card data. This White Paper discusses how Intel Expressway Service Gateway security gateway-generated tokens can replace card numbers with surrogates, removing systems from scope.


Tokenization Risk and Security AssessmentRisk & Security Assessment of Intel Expressway Tokenization Broker
This paper covers the general approach by Intel® to risk and compliance and provides a framework and set of questions for evaluating risk with a special focus on PCI DSS. The PCI DSS is an international compliance standard that reduces the risk of a credit card breach through increased security and compliance requirements. This Intel® Risk and Compliance group assessment can help internal enterprise compliance teams understand how a product Such as Intel® Expressway Tokenization Broker can be used to reduce the risk of a sensitive data breach.


XML Threat ModelXML Threat Model for REST, SOA and Web 2.0
This technical document intended for Architects and Developers describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP and the Web Services Description Language [WSDL]. This white paper also defines the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention. A new type of threat called an XML Content Attack is described, and examples are provided for each layer in the threat model. This document is intended to help individuals and organizations discover and mitigate the rising number of threats in the Web 2.0 environment using a Service Gateway.


Intel Expressway Service Gateway Web Service/API Security Performance Comparison to IBM* DataPower XI50Intel Expressway Service Gateway Web Service/API Security Performance Comparison to IBM* DataPower XI50
Taking advantage of chip optimization improvements such as Intel’s XEON E5-2600, Intel Expressway Service Gateway outpaces IBM DataPower by 6x to 10x in a direct “apples to apples” comparison. This paper presents benchmark test scenarios, cost analysis, and the Service Gateway’s multi-core optimized software architectural elements.


Comparison to OracleComparison to Oracle* Enterprise Gateway
Performance, security and simplicity are the three reasons organizations deploy a services gateway. In an apples to apples comparison Intel Expressway Service Gateway significantly outpaces Oracle Enterprise Gateway in all three key buying criteria. This paper presents comparison of product functionality, benchmark performance test scenarios, cost analysis and the Service Gateway’s multi-core optimized software architecture elements.


Taking Control of the Cloud for Your EnterpriseTaking Control of the Cloud for Your Enterprise: Addressing Security, Visibility, and Governance Challenges
This paper is intended for Enterprise security architects and executives who need to rapidly understand the risks of moving business critical data, systems, and applications to external cloud providers. The concept of a dynamic security perimeter is presented to help explain how to address: Insecure APIs, multi-tenancy, data protection, and tiered access control for cloud.


Secure Principal Propagation for BPMS White Paper
Describes the problem of principle id propagation encountered by BPMS systems as they attempt to expand workflows that cross-platforms and security domains. Outlines how Intel Expressway Service Gateway can be used for service abstraction and credential mapping that enables expanded BPMS roll-out.


Open Policy Framework for Cross-vendor Integrated GovernanceAn Open Policy Framework for Cross-vendor Integrated Governance
In reality most technology stacks implement a hard coupling between the policy definition and the runtime execution environment. What is needed is an open, pluggable platform, and policy integration framework that allows an organization to bridge different vendor registries with various service implementations. This paper discusses how to achieve open and integrated governance.


Accelerate SOA Processing with Intel® SSE4.2 Instruction Sets
Intel Expressway Service Gateway delivers continuous improvement for XML-based solutions through enhanced feature support for upcoming generations of Intel architecture-based servers. Support for Intel® Streaming SIMD Extensions 4.2 (Intel® SSE4.2) instructions allow applications to immediately deliver performance improvements of as much as 20 percent or more on legacy systems that do not support this new instruction set architecture. Describes XML Parsing and the Parallel Tree Approach to Schema Validation.


PushToTest Independent Performance Assessment of ExpresswayPushToTest Independent Performance Assessment of Expressway
In this primary research, PushToTest, a company specializing in business optimization and information systems test automation, evaluates how SOA soft-appliance platforms fair by applying the PushToTest SOA performance and scalability test methodology to the Intel Expressway Service Gateway software product.


Application to Security Gateway Usage ModelsXPath 2.0 Schema Validation & Content Checking: Application to Security Gateway Usage Models
XPath 2.0 offers functions and capabilities that enable SOA applications to greatly strengthen the content checking of messages while at the same time targeting those checks to just the parts of the documents that are relevant. Provides an overview of XPath 2.0 then describes new features in the Intel Expressway Service Gateway that make use of these new capabilities.


A Multi-Core Optimized Software Appliance: A New Breed of Service Intermediary
This article describes Service intermediary usage models, limitations of hardware XML & security gateway appliances, presents next-gen intermediaries, and publishes scenario benchmark testing results.


Security Gateway