By Gary Zimmerman, TechVision Research
In part 1 of this API economy blog series, we described how companies are becoming API-first companies in how they are addressing the emerging API economy and how API management is key to the success of those efforts. Another key to success is addressing resource access and data protection policy decisions across the assembled APIs.
To capitalize on the API economy, enterprises must implement technology with the following capabilities:
- Collect APIs into Services and Expose Them: We referenced Stripe and Twilio examples in the last post. Those services are really collections of APIs that those companies chose to expose externally. The Cloudentity Authorization Control Plane allows enterprises to define, expose, monetize, and protect their own services as part of an API-first strategy. In terms of protection, Cloudentity moves well beyond traditional access models.
- Deploy a Dynamic Authorization Model at Scale: It changes the protection model to focus on resources being requested rather than who is asking, which creates an adaptive security model. For example, rather than basing access decisions on who and what, you could expand the context to include factors such as where the request is coming from, when the request is being made, and why the resource is being requested. The policies can be individually contextualized for the applications and can be invoked thousands of times per second.
Cloudentity’s level of dynamic authorization enables policy to evolve in real time, speeds time to market, and ensures consistency across all environments.
At TechVision Research, we see the management and security of Application Programming Interfaces (APIs) as a core strategic competence supporting the evolution of the Digital Enterprise. Proper and consistent resource access and data protection are critical to delivering the API-first experience. Done right, API management and security are a part of a Pragmatic Zero Trust approach to risk management. In the next series of posts, we’ll further define Pragmatic Zero Trust and its impact on digital risk.