Welcome!

Cloud Security Authors: XebiaLabs Blog, Mehdi Daoudi, Derek Weeks, Liz McMillan, ManageEngine IT Matters

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Feed Post

API Testing Helps MedicAlert Increase Agility, Extend Services

Acclerating the roll out of secure, reliable APIs

MedicAlert pioneered the use of medical ID products and delivers the most dependable, responsive, and trusted Emergency Identification and Medical Information Network. The nonprofit charity provides the functionality of an e-health information exchange for emergencies through an innovative combination of a unique patient identifier linked to a personal health record and a live 24/7 emergency response service.

medicalertAs MedicAlert continues expanding its role as an innovative provider of healthcare information services, they are leveraging APIs.  To accelerate their ability to roll out new APIs in a secure and effective fashion, MedicAlert has relied on automated API testing software from Parasoft.

With Parasoft, the organization has been able to rapidly manage the functional, regression and load testing challenges associated with its new capabilities and offerings. Parasoft has enabled MedicAlert to automate the testing and validating of new APIs – enabling them to provide new healthcare information services and more rapidly respond to business opportunities.

Challenge: Agility and Scalability on Demand

MedicAlert is focused on enabling members to manage their personal health records (PHR) online while maintaining security, privacy and confidentiality. Its repository of personal health information also facilitates the delivery of critical medical information between patients, providers, payers, and emergency responders. These foundations have enabled the organization to grow by constantly introducing new product offerings such as an RFID-based medical card and a USB- enabled portable information device called E- HealthKEY.

Given the high demands associated with such endeavors, MedicAlert recognized the need to
publish APIs to support its dynamic market plans and objectives. The organization now relies on
these interfaces to support its members’ PHR, which include information about medical conditions
as well as drug prescriptions and other relevant health data.

Considering the sensitive nature and life-saving potential of such information, MedicAlert’s IT organization is under severe pressure to ensure its systems are secure, streamlined and effective. APIs represent an opportunity to roll out new  offerings rapidly, capitalize on reusability, and ensure the systems can scale up to meet the growing demands of members and partners. “APIs are about making your business more agile – being able to rapidly seize new business opportunities,” says Jorge Mercado, Principal Architect for MedicAlert’s Product Development Group.

To be sure, software quality is an essential factor in meeting these objectives – and this fast-moving organization needed a way to address its demanding quality requirements quickly and effectively. “We needed tools to automate our testing processes,” says Natalie Doan, the team’s QA Engineer. “When I joined the group, we had a very manual approach for testing.”

Action: Capitalizing on Parasoft API Testing

After exploring some of the potential API testing solutions, MedicAlert chose API testing with Parasoft SOAtest. “We found SOAtest and we ran with it,” says Doan. “Parasoft support trained us for one week and we were able to take it from there. We quickly saw that the product had a lot of powerful features that would help us automate our testing activities and processes. Parasoft SOAtest was able to support all the latest standards (ex. security and schema validation standards); we were able to test all areas of our APIs.”

Through the use of Parasoft SOAtest, the team is able to efficiently test different endpoints and ensure broad test coverage within this environment. When new updates or modifications are made to an API, Parasoft SOAtest’s regression testing can be employed to ensure that no defects have been introduced and that previously verified functionality continues to operate as expected. “I can quickly ensure that features from the previous version are in place to support the new version,” adds Doan.

Parasoft also brought powerful capabilities in terms of functionality and load testing. It enables the team to test the performance differences on the system between, say, 10 or 100 users simultaneously, updating their personal health record through the services under various scenarios. For instance, Parasoft can test how a user sending a long, data-intensive message impacts a particular API.

Parasoft also helps the group ensure authentication and authorization of data and users are managed properly. However, the key to Parasoft’s value is the range of capabilities it delivers and coverage it enables. “We load test the system from beginning to end,” says Doan. “I couldn’t do that with other testing tools we were using previously.”

Results: Enhanced API Security, Quality and Performance

In recent years, MedicAlert has realized important benefits from Parasoft along three key dimensions: security; quality; and performance.

Parasoft’s support for security is critical to an organization that manages personal health records for its four million members. It relies on Parasoft to ensure authentication and authorization capabilities are performing as expected – whether this requires the team to test SAML assertions or HTTP authentication procedures. With different levels of security support, MedicAlert benefits from Parasoft’s expansive testing capabilities.

In terms of quality, Parasoft’s regression testing capabilities are particularly valued. Doan notes that she can use the same test suites she built two years ago to test new versions of products such as E-HealthKEY, ensuring that all members are continually supported. “When we upgrade to new versions of an API, I can rerun tests and make sure the new API actually supports the previous functionality,” she says. “It’s reliable. It assures me that the functionality is there and working as expected.”

Without such testing capabilities, MedicAlert would run the risk of upsetting its members. APIs might not perform and member data might not be saved or updated properly. “We have to ensure members have an effective experience and that data is there when you need it in an emergency,” Doan adds. “The data must be valid and correct. It must be rapidly and correctly updated. Parasoft helps us ensure these objectives are consistently met.”

Finally, Parasoft supports MedicAlert’s progressive efforts to enhance online performance for its members and partners. Doan explains that the performance of the organization’s APIs was “quite slow” when they initially launched their effort. Updating one’s health record could take as much as a minute to complete. However, through continual testing, iterations and improvement, the team has been able to reduce the time associated with such transactions to less than four seconds.

“We don’t want our members or partners to wait at all,” says Doan. “So we are continually upgrading our services and enhancing the performance of our system to ensure the members have an effective experience.”

Ultimately, automated testing has enhanced the user’s experience online, strengthened relationships with members and partners, and contributed to the agility of MedicAlert. Parasoft’s delivers a “strong return on investment,” says Doan. “We use it on a daily basis for reliability and support throughout our API infrastructure.”

Such capabilities have clearly strengthened the linkages between IT and the business. “Business leaders at MedicAlert want to be able to react quicker and make our APIs more valuable,” says Mercado. “They want to bring on more members at a faster rate. Being able to more rapidly respond to different business opportunities addresses their objectives – and now they realize that APIs can help the organization meet those goals.”

[PAPER] API Testing Business Drivers

Learn about the business drivers behind API testing solution purchase decisions, as well as the opportunities for ROI. This 6-page API Testing Business Drivers paper explains how an automated enterprise-grade API testing solution delivers

  • Reduced costs by reducing testing costs, reducing technical debt, and exposing defects earlier in the SDLC
  • Reduced risks by applying more exhaustive testing techniques, increasing test coverage, and immediately exposing any defects introduced by modifications
  • Increased efficiency by leveraging sophisticated automation and enabling artifact reuse

More Stories By Cynthia Dunlop

Cynthia Dunlop, Lead Content Strategist/Writer at Tricentis, writes about software testing and the SDLC—specializing in continuous testing, functional/API testing, DevOps, Agile, and service virtualization. She has written articles for publications including SD Times, Stickyminds, InfoQ, ComputerWorld, IEEE Computer, and Dr. Dobb's Journal. She also co-authored and ghostwritten several books on software development and testing for Wiley and Wiley-IEEE Press. Dunlop holds a BA from UCLA and an MA from Washington State University.

@ThingsExpo Stories
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...