part of modern SASE
The roles played by API gateways and management systems are increasingly important. Whereas just a few years ago an API gateway arbitrated entry over monolithic applications within the enterprise, today’s picture is much more complex.
API gateways not only handle east-west traffic between modularized applications (application compiled to DB instances to public cloud services), but APIs are an integral part of every microservice-based application. In fact, it’s safe to say that containers would currently be just a developer’s toy – just an “interesting idea” – without careful management of the data plane.
Because of the integral role APIs and their management systems play, this feature of every company’s network has a critical role to play in securing the business at large. A new generation of security brokerage systems are now commonly found at the edge of the network, acting as the canonical source of security policy for all users, devices, applications and services, wherever they are. SASE (pronounced “sassy”) may be a new buzzword, but the technology behind it isn’t necessarily new. At all levels of an SASE, from high-level security policy to data flow, API management plays a critical role in the grand scheme of zero-trust cybersecurity arrangements.
Enforcing internal API policy is as important as arbitrating inputs from outside the corporate network. This is a spread of attention that is largely aligned with the shift in cybersecurity focus from perimeter protection to a more endpoint-based set of security policies.
Because CIOs in large organizations are unlikely to be aware of the breadth of the thousands of applications used across the enterprise, even managing the basic details of keys, tokens, and access levels cannot. not be done piecemeal. The API gateway and management systems continue to play their role in the movement of data, but are increasingly important as arbiter of security in zero-trust environments.
It is therefore extremely important that API Gateway devices (or hardware device abstractions) have at least some (but preferably all) of the following.
– the ability to manage the keys or tokens of an authorization logic and to determine authorization and authentication by user, group, time, content of data flows, privilege level and location.
– offer secure self-service for entrepreneurs, developers, SREs and QA testers.
– be able to oversee and be the source of highly granular security settings for all parts of the network, i.e. be both data and control planes, or…
-… transmit these authorization parameters as dictated by other platforms, ensuring interoperability with existing security systems: an Active Directory scheme, for example simplistic.
– Support industry standard RESTful and SOAP APIs, and have the ability to tailor them if needed.
– be scalable, fast and intrinsically secure.
Here has Technical HQ, we’re looking at three API management technology vendors that can be deployed at scale and won’t introduce additional layers of complexity to manage. Likewise, the products we offer will not create bottlenecks as they represent legacy technology that has been hastily reconfigured for a microservices and multi-cloud world. In short, they are business-ready and fit-for-use platforms.
Nevatech’s Sentinet solution offers a unique ability to create authorization configurations by simply dragging and dropping from a graphical interface while creating complex, highly granular policies. For example, Sentinet access rules for managed APIs can be configured based on caller identities, message content, privilege levels, subnets, VLAN segments, API usage metrics and date / time calendars, among other variables.
It is also an extensible platform capable of using custom plugins which can further extend authorization with any custom logic.
At the data level, API calls can be configured to hide or show sensitive information, with full or partial logging, a critical aspect of data security compliance.
Nevatech is also unique in that its solution separates authentication schemes from specific authorization logic, allowing teams to reflect on the effect of both on overall API security.
Equally at home in the cloud as it is on-premises and available as a VM or physical hardware device, the Sentinet platform is our preferred choice for this increasingly important aspect of today’s digital businesses: their security. and their operational stability. With a self-service, customizable portal designed specifically for developers, Sentinet is the out-of-the-box API management platform of choice.
You can read more about Nevatech and the Sentinet platform here on the pages of Technical HQ, Where Click here to go to the company website for more information.
Axway’s Amplify platform is one of the company’s other offerings, ranging from simple file exchange mechanisms to automating internal APIs reminiscent of RPA functions. However, as a platform in its own right, Amplify provides businesses with a single source of information about existing API assets, no matter where they are in a distributed environment.
Any team or department that publishes API access can secure, track, and monitor its assets as part of existing or new applications and services. Conversely, consumers can use the same discovery methods to subscribe and interact with the API within the enterprise or open for external use.
At the heart of Amplify is the API Catalog, the source of detailed information about each API resource – for internal, external, SecOps, DevOps, or NetOps use, and this catalog is not a static library in read only. Instead, it adapts in real time, constantly discovering and monitoring the entire network.
To learn more about the Amplify catalog, the Amplify platform and Axway itself, click on this way to know more.
The NGINX web service platform has recently (this year – 2021) become the most used platform, overtaking the old Apache web server in number of install instances.
In addition to web service capabilities, many will know it as the benchmark platform as the world’s most trusted reverse proxy, right behind routers and firewalls around the world.
But it is in API management that NGINX is the most numerous in terms of number of installations. Much of this is due to containerized applications and services, where NGINX will arbitrate traffic between individual containers, in virtualized networks, and between discrete applications and services in the cloud – or wherever cloud-native technologies are located.
Under the guise of NGINX Plus and NGINX Controller, F5 Networks (which acquired NGINX in 2019) has successfully monetized what remains a very proud open source project, which remains free for simpler network deployments.
To learn more about NGINX’s API management capabilities in free and paid forms, Click here.
* Some of the companies featured in this article are TechHQ business partners