API Security

Featured image for Cloudentity Wins Cybersecurity Excellence Award in API Security

Cloudentity Wins Cybersecurity Excellence Award in API Security

We’re excited to share that Cloudentity has been named a Silver Winner in the API Security category for the 2022 Cybersecurity Excellence Awards! The Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in information security. With over 700 entries this year, we’re honored to be selected as a winner. Specifically,...
Read More
Featured image for Externalized Authorization for GraphQL

Externalized Authorization for GraphQL

This article is the first part of a series to explore usage of the Cloudentity authorization platform for externalized GraphQL runtime authorization along with policy based access controls for GraphQL native constructs. Modern applications require runtime and flexible authorization controls to manage the security and risk of data exposed using technologies like GraphQL to various...
Read More
Featured image for Identity and Authorization At Cloud Scale

Identity and Authorization At Cloud Scale

The future has a lot to answer for. For decades we’ve been promised super-cool inventions that we still haven’t received - flying cars, jetpacks and IAM platforms that provide security, scale and manageability- all with wrapped up with 21st century automation. George Jetson’s job had two settings ("Start" & "Stop") and the computer did the...
Read More
Featured image for When your modern IAM platform isn't modern: the case for authorization and identity microservices.

When your modern IAM platform isn't modern: the case for authorization and identity microservices.

By Nathanael Coffing, CSO and co-founder of Cloudentity A couple of weeks ago, a leading identity provider suffered a zero-day vulnerability that was immediately used maliciously to compromise financial, retail and healthcare customers.   The big question is— why was this "modern" IAM platform so appealing to security researchers and hackers alike, and how can we,...
Read More
Featured image for The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

Last week, the public was notified about a pretty serious Experian API-related incident leading to the potential public exposure of credit scores for millions of Americans. What Went Wrong? Experian’s credit score API drew the attention of a security researcher Bill Demirkapi. It started innocently with him looking around for student loan options. He bumped...
Read More
Featured image for How to Unlock the Potential of the API Economy. (Part 1)

How to Unlock the Potential of the API Economy. (Part 1)

By Gary Zimmerman, TechVision Marc Andreessen famously said, “Software is eating the world”, but what does this mean? In short, software is a digital means to drive marginal costs of transactions of any kind – human-to-human, human-to-machine, business-to-human, and machine to machine, et al. – to zero. And as companies become digital enterprises, they are...
Read More
Featured image for How to Unlock the Potential of the API Economy. (Part 2)

How to Unlock the Potential of the API Economy. (Part 2)

By Gary Zimmerman, TechVision Research In part 1 of this API economy blog series, we described how companies are becoming API-first companies in how they are addressing the emerging API economy and how API management is key to the success of those efforts. Another key to success is addressing resource access and data protection policy...
Read More
Featured image for OB 101: A Quick and Simple Guide to Open Banking Adoption

OB 101: A Quick and Simple Guide to Open Banking Adoption

Open Banking is globally disruptive and growing exponentially, spurring innovation in financial services. It was developed to create software standards and industry guidelines to drive competition and innovation in the financial services industry. Successful Open Banking APIs have increased by ,10x over the last 18 months and continues to accelerate during the pandemic. Now, Open...
Read More
Featured image for Object level Authorization for s3 buckets with the Authorization Control Plane

Object level Authorization for s3 buckets with the Authorization Control Plane

What do CapitalOne, Prestige Software,  ManageCartUber, Accenture and the DOD all have in common?  Major breaches through Amazon S3 buckets.   Amazon’s regular security updates in 2017, 2018, 2019 and 2020 have done little to slow the tide of data leaks.     The core problem for S3 is one of authorization both from a scale and a granularity/management perspective. ...
Read More
Featured image for What is OAuth 2.1?

What is OAuth 2.1?

Introduction The challenge with creating web standards and frameworks is that technology evolves so quickly that within a short amount of time your framework is already out of date. This is especially true for web-based application development, given how different the world looks today than it did in 2012 when the spec was first introduced....
Read More