Securing against risk: the role of API governance
By Carl Lehmann, 451Research
Modern cloud services, mobile applications, social media and embedded software in the Internet of Things (IoT) are assembled from multiple bits of discrete code – building blocks (services, components, objects, containers, microservices) that comprise a system or application. For the building blocks to function together they must communicate, and exchange data based on rules that describe how they work. When in operation, they must execute securely, consistently, within measurable thresholds, and be controlled when variance or change occurs.
Such is the role of APIs. They specify how building blocks and IT infrastructure exchange data and interact. They can greatly contribute to developer productivity, they also can expose considerable risk to the enterprises that use them. Inherent in any API description is the information by which the systems they integrate can potentially be defeated.
Securing APIs through encryption and perimeter controls is insufficient. Risk needs to be detected prior to breech. This means that any techniques used to secure API structure and execution must also include the means to capture rules and polices for use and control; monitor usage, change, performance and behavior; trigger alerts, and execute preventative measures in real-time time when any variance threatens threshold breech.
Therefore, we believe that the API security techniques constituent to any API development and management platform or service must be predicated upon a thorough governance strategy that documents and can audit how, when, where, why, who, and how often APIs are to be used legitimately according to rules, policies and contractual obligations. Such means are required to assure API risk prevention rather than remediation of the consequences of failure.
Want to know more? Register for the webinar:
Source: Carl F. Lehmann, Principal Analyst | Architecture, Automation & Integration
Want to see more from Carl on Nevatech?