Innovate and Integrate – Modernising API Security
-
Upload
forum-systems -
Category
Technology
-
view
327 -
download
0
Transcript of Innovate and Integrate – Modernising API Security
![Page 1: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/1.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Innovate and IntegrateModernising API Security
Jason Macy, Chief Technology Officer
![Page 2: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/2.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Discussion Points
• What is an API
• Data externalization and modernization
• Anatomy of API (information border) security
• Secure agility via architecture design
![Page 3: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/3.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
What is an API?
![Page 4: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/4.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
What is an API?
The ServiceMobile, B2B, Portal, Data …
(HTML, XML, SOAP, REST, JSON, …)
API is the access point (interface) to the service or data
![Page 5: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/5.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
APIs are Everywhere
APIsThe Integration Point of Innovation
Externalization Modernization
Cloud | Web ApplicationsExposed and consumed via standards-based technology for rapid integration and adoption
Mobile| AppsUse web services for calls to back-end servers delivering data and logic
Big Data| AnalysisBig data analytic engines expose and monetize results via APIs
Portals| UsersPersonalized experience, seamless and unified access to information resources
![Page 6: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/6.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Externalization and Modernization
Open new channelsAnd new revenue
Deliver Integration and Service Maintain Security
Services and AssetsClients and Consumers
CreateConsumeInternal APIs
External APIs
• Integrate• Subscribe• Invoke
• Promote• Monitor• Secure
![Page 7: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/7.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
The Agility of API Abstraction
Mobile Device
Web Portal
B2B Partner
Cloud App
Web Site
Sat Link
Company Assets and Services
![Page 8: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/8.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Anatomy of Modern API Security
The ServiceMobile, B2B, Portal, Data …
(HTML, XML, SOAP, REST, JSON, …)
![Page 9: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/9.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Anatomy of Modern API Security
Threat Mitigation• Content-Aware (SOAP, REST, …)• Intrusion Detection and Prevention• Data Leakage • Embedded Malware
Transport Security• SSL/TLS• IP, Port, URL
Data Privacy• Content Encryption• Content Decryption
Attribute Based Access Control• Subject, Object, Environment
Role-Based Access Control• AuthN, AuthZ
Integrity and Trust • Digital Signature• Signature Verification• Schema Validation
![Page 10: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/10.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Agile API Security – Decouple from Service
The ServiceMobile, B2B, Portal, Data …
(HTML, XML, SOAP, REST, JSON, …)
![Page 11: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/11.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway
Agile API Security – Decouple from Service
The ServiceMobile, B2B, Portal, Data …
(HTML, XML, SOAP, REST, JSON, …)
![Page 12: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/12.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway
Agile API Security – Decouple from Service
Role-Based Access Control
Threat Mitigation
Transport Security
Attribute-Based Access Control
Data Privacy
Integrity and Trust The Service
Mobile, B2B, Portal, Data …(HTML, XML, SOAP, REST, JSON, …)
![Page 13: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/13.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Modernise the IT Security Architecture
![Page 14: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/14.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
WAF
IDS
SIEM
SOAVirtual ESBApps Portals
Endpoint Services and Data
Firewall
Mobile B2B Cloud / 3rd PartyBrowsers
Legacy IT Security Architecture
![Page 15: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/15.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Firewall
WAF
IDS
SIEM
SOAVirtual ESBApps Portals
Internet / DMZ boundary DMZ / Extranet boundary DMZ / Intranet boundary Extranet / Intranet boundary Intranet / internal-enclave boundary
API Security Gateway
SECURITY• Protocol-Break Security• Deep Content-Inspection• Data Validation• Threat Analysis• Antivirus Scanning• Accelerated Cryptography
Endpoint Services and Data
IDENTITY• ABAC, RBAC, CBAC• SSO• Integrated SAML & OAuth
Mobile B2B Cloud / 3rd PartyBrowsers
The API Gateway Modern Architecture
![Page 16: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/16.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway
Combining Security with Identity
ABAC, RBAC, CBAC
![Page 17: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/17.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Gateway – Centralized ABAC, RBAC, CBAC
API Security Gateway
SOA
Virtual
ESB
Apps
Portals
Publish APIs for Consumption
![Page 18: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/18.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Gateway – Centralized ABAC, RBAC, CBAC
Content Inspection (CBAC)SOAP, XML, REST, JSON, HTML, URL
client
Virtual API(Protocol break)
API Security Gateway
SOA
Virtual
ESB
Apps
Portals
![Page 19: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/19.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
SOA
Virtual
ESB
Apps
Portals
API Security Gateway
Content Inspection (CBAC)SOAP, XML, REST, JSON, HTML, URL
client
Virtual API(Protocol break)
API Gateway – Centralized ABAC, RBAC, CBAC
![Page 20: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/20.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Content Inspection (CBAC)SOAP, XML, REST, JSON, HTML, URL
ID Authentication, Authorization (Role-Based Access Control)OAuth, SAML, WS-Tokens, HTTP Form Post, HTTP Basic, HTTP Digest, NTLM, Kerberos, X509 Mutual, RSA SecureID
client
Virtual API(Protocol break)
API Gateway – Centralized ABAC, RBAC, CBAC
?#
!
EnvironmentConditions
Subject Attributes
Object Attributes
Attribute Analysis (ABAC)
API Security Gateway
SOA
Virtual
ESB
Apps
Portals
![Page 21: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/21.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
ID Authentication, Authorization (Role-Based Access Control)OAuth, SAML, WS-Tokens, HTTP Form Post, HTTP Basic, HTTP Digest, NTLM, Kerberos, X509 Mutual, RSA SecureID
Content Inspection (CBAC)SOAP, XML, REST, JSON, HTML, URL
Virtual API(Protocol break)
client
API Gateway – Centralized ABAC, RBAC, CBAC
?#
!
EnvironmentConditions
Subject Attributes
Object Attributes
Attribute Analysis (ABAC)
API Security Gateway
SOA
Virtual
ESB
Apps
Portals
Broker client request
![Page 22: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/22.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Authorization (Response RBAC)• Correlate inbound identity with response information• Allow, Filter, or Reject
Deep Content Inspection (Response CBAC)• SOAP, XML, REST, JSON, HTML, URL
client
API Gateway – Centralized RBAC + CBAC + SSO
API Security Gateway
SOA
Virtual
ESB
Apps
Portals
Broker service response
![Page 23: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/23.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway
Key Considerations
![Page 24: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/24.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway – Key Considerations
Build vs Buy• Remove complexities of interoperability and leverage
purpose-built industry proven security over home-grown coded solutions
Flexible form factors• Virtual and physical to support deployment in any
computing environment
No Code SAML and OAuth• Legacy and modern system enablement of SAML and
OAuth SSO without writing a single line of code
![Page 25: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/25.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security Gateway – Key Considerations
Vendor Agnostic• Enables technology choices that improve agility, rather
than stifle it
Standard-Based• Out of the box support for all modern industry protocol
and messaging standards (SOAP, XML, JSON, etc)
Edge Facing• API Security Gateway built on secure architecture
enables Tier 0 deployment to unify identity with security
![Page 26: Innovate and Integrate – Modernising API Security](https://reader030.fdocuments.in/reader030/viewer/2022032617/55ab6ce91a28abbf7a8b47ea/html5/thumbnails/26.jpg)
Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Thank You
More Info:www.forumsys.com