How to Unlock the Potential of the API Economy. (Part 2)

by | Feb 26, 2021 | Cybersecurity, Identity | 0 comments

In part 1 of this API economy blog series, we described how companies are becoming API-first companies in how they are addressing the emerging API economy and how API management is key to the success of those efforts. Another key to success is addressing resource access and data protection policy decisions across the assembled APIs.

To capitalize on the API economy, enterprises must implement technology with the following capabilities:

  • Collect APIs into Services and Expose Them: We referenced Stripe and Twilio examples in the last post. Those services are really collections of APIs that those companies chose to expose externally. The Cloudentity Authorization Control Plane allows enterprises to define, expose, monetize, and protect their own services as part of an API-first strategy. In terms of protection, Cloudentity moves well beyond traditional access models.
  • Deploy a Dynamic Authorization Model at Scale: It changes the protection model to focus on resources being requested rather than who is asking, which creates an adaptive security model. For example, rather than basing access decisions on who and what, you could expand the context to include factors such as where the request is coming from, when the request is being made, and why the resource is being requested. The policies can be individually contextualized for the applications and can be invoked thousands of times per second.
  • Externalize Security and Data Protection Policy Management: The solution externalizes access and privacy management to a dedicated tool with an administrative console, so developers no longer need to spend their time making security policy changes, and instead a security analyst or even an end-user can make security / privacy policy changes as necessary.
  • Allow Changes at Runtime: Because the application security / privacy checks are separated from the application code, an application’s resource access or data protection rules can be changed while the application is running. There is no need to refactor code to enforce a new security / privacy policy change. For example, if a customer’s shoe size suddenly becomes PII, the rules around keeping and sharing shoe size can be applied without opening the application code.

Cloudentity’s  level of dynamic authorization enables policy to evolve in real time, speeds time to market, and ensures consistency across all environments.

At TechVision Research, we see the management and security of Application Programming Interfaces (APIs) as a core strategic competence supporting the evolution of the Digital Enterprise. Proper and consistent resource access and data protection are critical to delivering the API-first experience. Done right, API management and security are a part of a Pragmatic Zero Trust approach to risk management. In the next series of posts, we’ll further define Pragmatic Zero Trust and its impact on digital risk.

468

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We can help

If you want to find out more detail, we're happy to help. Just give us your business email so that we can start a conversation.

Thanks, we'll be in touch!

Subscribe

Join our mailing list to receive the latest announcements and offers.

You have Successfully Subscribed!

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

Stay in the know!

Keep informed of new speakers, topics, and activities as they are added. By registering now you are not making a firm commitment to attend.

Congrats! We'll be sending you updates on the progress of the conference.