• New trends in API security include supporting Istio service mesh technology as part of API management/security solutions
• Vendors are targeting solutions at developers looking to inject security early on in the API lifecycle.
Along with new application development architectures come heightened security concerns within the DevOps process. Enterprises are beginning to move into application modernization projects, adopting new architectures such as microservices and serverless computing. These next-generation architectures, which create distributed applications, require security participation beyond operations and security teams so that app developers and architects can help address new types of vulnerabilities. There is also greater interest in segmenting and monitoring the new app architecture (e.g., access control, authentication, metering, and throttling) so that enterprises have a better understanding of, not only security vulnerabilities, but also how their infrastructure is being used.
These new types of API security offerings are significant for their ability to simplify security requirements through automation, which is critical to developers tasked with creating APIs for distributed apps. This month new vendor solutions are being released in response to these API trends by traditional application platforms providers and start-ups alike.
Start-up 42Crunch sees a growing role for developers in security, considering coders understand the ins and outs of APIs. The company just released a new version of its API security platform, which includes support for Kubernetes container environments, and leverages the OpenAPI specification for white-listing trusted services. The company refers to its latest version as security-as-code because developers are able to participate in the entire application development flow, and apply appropriate security rules while monitoring API activities.
Vendors are also including the Istio OSS standard as part of their API security schemes, including 42Crunch and WSO2. WSO’s API security technology now includes security and operational monitoring capabilities in the service mesh, supporting Istio as part of its API management solution. Also addressing developers’ distributed app requirements head-on, WSO2’s newest API Microgateway release provides developers with a simplified command-line interface, owing to their growing role in determining the architectures of large-scale apps being created in microservices and serverless environments.
Finally, TIBCO also recently increased its API security standing through a partnership with Ping Identity. The combined solution, TIBCO Cloud Mashery and PingIdentity, leverage AI to protect against new API threats. The technology partnership builds on TIBCO’s API security features, which include authentication, bot detection, white/blacklisting, and access control.
GlobalData closely follows these types of trends as part of its application platforms and DevOps research practice. Developers are not security experts but it has become increasingly important to inject security as early as possible in the API lifecycle. I look forward to attending API World in San Jose later this year to continue the conversation around key API management/security innovations which are becoming the backbone of the app development world, including IoT apps.