Cloud Security Authors: Ed Featherston, Liz McMillan, Elizabeth White, Dana Gardner, Yeshim Deniz

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Feed Post

API Testing Helps MedicAlert Increase Agility, Extend Services

Acclerating the roll out of secure, reliable APIs

MedicAlert pioneered the use of medical ID products and delivers the most dependable, responsive, and trusted Emergency Identification and Medical Information Network. The nonprofit charity provides the functionality of an e-health information exchange for emergencies through an innovative combination of a unique patient identifier linked to a personal health record and a live 24/7 emergency response service.

medicalertAs MedicAlert continues expanding its role as an innovative provider of healthcare information services, they are leveraging APIs.  To accelerate their ability to roll out new APIs in a secure and effective fashion, MedicAlert has relied on automated API testing software from Parasoft.

With Parasoft, the organization has been able to rapidly manage the functional, regression and load testing challenges associated with its new capabilities and offerings. Parasoft has enabled MedicAlert to automate the testing and validating of new APIs – enabling them to provide new healthcare information services and more rapidly respond to business opportunities.

Challenge: Agility and Scalability on Demand

MedicAlert is focused on enabling members to manage their personal health records (PHR) online while maintaining security, privacy and confidentiality. Its repository of personal health information also facilitates the delivery of critical medical information between patients, providers, payers, and emergency responders. These foundations have enabled the organization to grow by constantly introducing new product offerings such as an RFID-based medical card and a USB- enabled portable information device called E- HealthKEY.

Given the high demands associated with such endeavors, MedicAlert recognized the need to
publish APIs to support its dynamic market plans and objectives. The organization now relies on
these interfaces to support its members’ PHR, which include information about medical conditions
as well as drug prescriptions and other relevant health data.

Considering the sensitive nature and life-saving potential of such information, MedicAlert’s IT organization is under severe pressure to ensure its systems are secure, streamlined and effective. APIs represent an opportunity to roll out new  offerings rapidly, capitalize on reusability, and ensure the systems can scale up to meet the growing demands of members and partners. “APIs are about making your business more agile – being able to rapidly seize new business opportunities,” says Jorge Mercado, Principal Architect for MedicAlert’s Product Development Group.

To be sure, software quality is an essential factor in meeting these objectives – and this fast-moving organization needed a way to address its demanding quality requirements quickly and effectively. “We needed tools to automate our testing processes,” says Natalie Doan, the team’s QA Engineer. “When I joined the group, we had a very manual approach for testing.”

Action: Capitalizing on Parasoft API Testing

After exploring some of the potential API testing solutions, MedicAlert chose API testing with Parasoft SOAtest. “We found SOAtest and we ran with it,” says Doan. “Parasoft support trained us for one week and we were able to take it from there. We quickly saw that the product had a lot of powerful features that would help us automate our testing activities and processes. Parasoft SOAtest was able to support all the latest standards (ex. security and schema validation standards); we were able to test all areas of our APIs.”

Through the use of Parasoft SOAtest, the team is able to efficiently test different endpoints and ensure broad test coverage within this environment. When new updates or modifications are made to an API, Parasoft SOAtest’s regression testing can be employed to ensure that no defects have been introduced and that previously verified functionality continues to operate as expected. “I can quickly ensure that features from the previous version are in place to support the new version,” adds Doan.

Parasoft also brought powerful capabilities in terms of functionality and load testing. It enables the team to test the performance differences on the system between, say, 10 or 100 users simultaneously, updating their personal health record through the services under various scenarios. For instance, Parasoft can test how a user sending a long, data-intensive message impacts a particular API.

Parasoft also helps the group ensure authentication and authorization of data and users are managed properly. However, the key to Parasoft’s value is the range of capabilities it delivers and coverage it enables. “We load test the system from beginning to end,” says Doan. “I couldn’t do that with other testing tools we were using previously.”

Results: Enhanced API Security, Quality and Performance

In recent years, MedicAlert has realized important benefits from Parasoft along three key dimensions: security; quality; and performance.

Parasoft’s support for security is critical to an organization that manages personal health records for its four million members. It relies on Parasoft to ensure authentication and authorization capabilities are performing as expected – whether this requires the team to test SAML assertions or HTTP authentication procedures. With different levels of security support, MedicAlert benefits from Parasoft’s expansive testing capabilities.

In terms of quality, Parasoft’s regression testing capabilities are particularly valued. Doan notes that she can use the same test suites she built two years ago to test new versions of products such as E-HealthKEY, ensuring that all members are continually supported. “When we upgrade to new versions of an API, I can rerun tests and make sure the new API actually supports the previous functionality,” she says. “It’s reliable. It assures me that the functionality is there and working as expected.”

Without such testing capabilities, MedicAlert would run the risk of upsetting its members. APIs might not perform and member data might not be saved or updated properly. “We have to ensure members have an effective experience and that data is there when you need it in an emergency,” Doan adds. “The data must be valid and correct. It must be rapidly and correctly updated. Parasoft helps us ensure these objectives are consistently met.”

Finally, Parasoft supports MedicAlert’s progressive efforts to enhance online performance for its members and partners. Doan explains that the performance of the organization’s APIs was “quite slow” when they initially launched their effort. Updating one’s health record could take as much as a minute to complete. However, through continual testing, iterations and improvement, the team has been able to reduce the time associated with such transactions to less than four seconds.

“We don’t want our members or partners to wait at all,” says Doan. “So we are continually upgrading our services and enhancing the performance of our system to ensure the members have an effective experience.”

Ultimately, automated testing has enhanced the user’s experience online, strengthened relationships with members and partners, and contributed to the agility of MedicAlert. Parasoft’s delivers a “strong return on investment,” says Doan. “We use it on a daily basis for reliability and support throughout our API infrastructure.”

Such capabilities have clearly strengthened the linkages between IT and the business. “Business leaders at MedicAlert want to be able to react quicker and make our APIs more valuable,” says Mercado. “They want to bring on more members at a faster rate. Being able to more rapidly respond to different business opportunities addresses their objectives – and now they realize that APIs can help the organization meet those goals.”

[PAPER] API Testing Business Drivers

Learn about the business drivers behind API testing solution purchase decisions, as well as the opportunities for ROI. This 6-page API Testing Business Drivers paper explains how an automated enterprise-grade API testing solution delivers

  • Reduced costs by reducing testing costs, reducing technical debt, and exposing defects earlier in the SDLC
  • Reduced risks by applying more exhaustive testing techniques, increasing test coverage, and immediately exposing any defects introduced by modifications
  • Increased efficiency by leveraging sophisticated automation and enabling artifact reuse

More Stories By Cynthia Dunlop

Cynthia Dunlop, Lead Technical Writer at Parasoft, authors technical articles, documentation, white papers, case studies, and other marketing communications—currently specializing in service virtualization, API testing, DevOps, and continuous testing. She has also co-authored and ghostwritten several books on software development and testing for Wiley and Wiley-IEEE Press. Dunlop holds a BA from UCLA and an MA from Washington State University.

@ThingsExpo Stories
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
A completely new computing platform is on the horizon. They’re called Microservers by some, ARM Servers by others, and sometimes even ARM-based Servers. No matter what you call them, Microservers will have a huge impact on the data center and on server computing in general. Although few people are familiar with Microservers today, their impact will be felt very soon. This is a new category of computing platform that is available today and is predicted to have triple-digit growth rates for some ...
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
The Quantified Economy represents the total global addressable market (TAM) for IoT that, according to a recent IDC report, will grow to an unprecedented $1.3 trillion by 2019. With this the third wave of the Internet-global proliferation of connected devices, appliances and sensors is poised to take off in 2016. In his session at @ThingsExpo, David McLauchlan, CEO and co-founder of Buddy Platform, discussed how the ability to access and analyze the massive volume of streaming data from millio...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.