Welcome!

Cloud Security Authors: Liz McMillan, Pat Romanski, Shelly Palmer, Jim Hansen, Elizabeth White

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Feed Post

API Testing Helps MedicAlert Increase Agility, Extend Services

Acclerating the roll out of secure, reliable APIs

MedicAlert pioneered the use of medical ID products and delivers the most dependable, responsive, and trusted Emergency Identification and Medical Information Network. The nonprofit charity provides the functionality of an e-health information exchange for emergencies through an innovative combination of a unique patient identifier linked to a personal health record and a live 24/7 emergency response service.

medicalertAs MedicAlert continues expanding its role as an innovative provider of healthcare information services, they are leveraging APIs.  To accelerate their ability to roll out new APIs in a secure and effective fashion, MedicAlert has relied on automated API testing software from Parasoft.

With Parasoft, the organization has been able to rapidly manage the functional, regression and load testing challenges associated with its new capabilities and offerings. Parasoft has enabled MedicAlert to automate the testing and validating of new APIs – enabling them to provide new healthcare information services and more rapidly respond to business opportunities.

Challenge: Agility and Scalability on Demand

MedicAlert is focused on enabling members to manage their personal health records (PHR) online while maintaining security, privacy and confidentiality. Its repository of personal health information also facilitates the delivery of critical medical information between patients, providers, payers, and emergency responders. These foundations have enabled the organization to grow by constantly introducing new product offerings such as an RFID-based medical card and a USB- enabled portable information device called E- HealthKEY.

Given the high demands associated with such endeavors, MedicAlert recognized the need to
publish APIs to support its dynamic market plans and objectives. The organization now relies on
these interfaces to support its members’ PHR, which include information about medical conditions
as well as drug prescriptions and other relevant health data.

Considering the sensitive nature and life-saving potential of such information, MedicAlert’s IT organization is under severe pressure to ensure its systems are secure, streamlined and effective. APIs represent an opportunity to roll out new  offerings rapidly, capitalize on reusability, and ensure the systems can scale up to meet the growing demands of members and partners. “APIs are about making your business more agile – being able to rapidly seize new business opportunities,” says Jorge Mercado, Principal Architect for MedicAlert’s Product Development Group.

To be sure, software quality is an essential factor in meeting these objectives – and this fast-moving organization needed a way to address its demanding quality requirements quickly and effectively. “We needed tools to automate our testing processes,” says Natalie Doan, the team’s QA Engineer. “When I joined the group, we had a very manual approach for testing.”

Action: Capitalizing on Parasoft API Testing

After exploring some of the potential API testing solutions, MedicAlert chose API testing with Parasoft SOAtest. “We found SOAtest and we ran with it,” says Doan. “Parasoft support trained us for one week and we were able to take it from there. We quickly saw that the product had a lot of powerful features that would help us automate our testing activities and processes. Parasoft SOAtest was able to support all the latest standards (ex. security and schema validation standards); we were able to test all areas of our APIs.”

Through the use of Parasoft SOAtest, the team is able to efficiently test different endpoints and ensure broad test coverage within this environment. When new updates or modifications are made to an API, Parasoft SOAtest’s regression testing can be employed to ensure that no defects have been introduced and that previously verified functionality continues to operate as expected. “I can quickly ensure that features from the previous version are in place to support the new version,” adds Doan.

Parasoft also brought powerful capabilities in terms of functionality and load testing. It enables the team to test the performance differences on the system between, say, 10 or 100 users simultaneously, updating their personal health record through the services under various scenarios. For instance, Parasoft can test how a user sending a long, data-intensive message impacts a particular API.

Parasoft also helps the group ensure authentication and authorization of data and users are managed properly. However, the key to Parasoft’s value is the range of capabilities it delivers and coverage it enables. “We load test the system from beginning to end,” says Doan. “I couldn’t do that with other testing tools we were using previously.”

Results: Enhanced API Security, Quality and Performance

In recent years, MedicAlert has realized important benefits from Parasoft along three key dimensions: security; quality; and performance.

Parasoft’s support for security is critical to an organization that manages personal health records for its four million members. It relies on Parasoft to ensure authentication and authorization capabilities are performing as expected – whether this requires the team to test SAML assertions or HTTP authentication procedures. With different levels of security support, MedicAlert benefits from Parasoft’s expansive testing capabilities.

In terms of quality, Parasoft’s regression testing capabilities are particularly valued. Doan notes that she can use the same test suites she built two years ago to test new versions of products such as E-HealthKEY, ensuring that all members are continually supported. “When we upgrade to new versions of an API, I can rerun tests and make sure the new API actually supports the previous functionality,” she says. “It’s reliable. It assures me that the functionality is there and working as expected.”

Without such testing capabilities, MedicAlert would run the risk of upsetting its members. APIs might not perform and member data might not be saved or updated properly. “We have to ensure members have an effective experience and that data is there when you need it in an emergency,” Doan adds. “The data must be valid and correct. It must be rapidly and correctly updated. Parasoft helps us ensure these objectives are consistently met.”

Finally, Parasoft supports MedicAlert’s progressive efforts to enhance online performance for its members and partners. Doan explains that the performance of the organization’s APIs was “quite slow” when they initially launched their effort. Updating one’s health record could take as much as a minute to complete. However, through continual testing, iterations and improvement, the team has been able to reduce the time associated with such transactions to less than four seconds.

“We don’t want our members or partners to wait at all,” says Doan. “So we are continually upgrading our services and enhancing the performance of our system to ensure the members have an effective experience.”

Ultimately, automated testing has enhanced the user’s experience online, strengthened relationships with members and partners, and contributed to the agility of MedicAlert. Parasoft’s delivers a “strong return on investment,” says Doan. “We use it on a daily basis for reliability and support throughout our API infrastructure.”

Such capabilities have clearly strengthened the linkages between IT and the business. “Business leaders at MedicAlert want to be able to react quicker and make our APIs more valuable,” says Mercado. “They want to bring on more members at a faster rate. Being able to more rapidly respond to different business opportunities addresses their objectives – and now they realize that APIs can help the organization meet those goals.”

[PAPER] API Testing Business Drivers

Learn about the business drivers behind API testing solution purchase decisions, as well as the opportunities for ROI. This 6-page API Testing Business Drivers paper explains how an automated enterprise-grade API testing solution delivers

  • Reduced costs by reducing testing costs, reducing technical debt, and exposing defects earlier in the SDLC
  • Reduced risks by applying more exhaustive testing techniques, increasing test coverage, and immediately exposing any defects introduced by modifications
  • Increased efficiency by leveraging sophisticated automation and enabling artifact reuse

More Stories By Cynthia Dunlop

Cynthia Dunlop, Lead Content Strategist/Writer at Tricentis, writes about software testing and the SDLC—specializing in continuous testing, functional/API testing, DevOps, Agile, and service virtualization. She has written articles for publications including SD Times, Stickyminds, InfoQ, ComputerWorld, IEEE Computer, and Dr. Dobb's Journal. She also co-authored and ghostwritten several books on software development and testing for Wiley and Wiley-IEEE Press. Dunlop holds a BA from UCLA and an MA from Washington State University.

@ThingsExpo Stories
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, will provide a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services ...
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...