As APIs and Big Data become increasingly important in the digital transformations underway across the global economy, security and privacy become increasingly important, too. Data security is paramount, and that means security of the interfaces to the data and controllers of the data: in other words, the APIs. In a nutshell, it’s imperative for enterprises to deliver security built into the API channel. It has to protect the whole digital supply chain, end-to-end, from apps to APIs to backend services.
Apigee has already taken many steps to ensure the utmost possible security of our products and operations. Over the years, we’ve obtained important standardized security certifications and undergone major security audits (including SOC 2, PCI-DSS, and HIPAA, with more to come) for our cloud offering. But we believe that security compliance must be achieved by following secure product SDLC and rigorous governance processes rather than just delivering a compliance checklist. This bottom-up approach has helped Apigee to embed security across our stack: our products, our server hosting models, and our network operations.
Additionally, there are many capabilities built into our products to enable the implementation of secure API systems and data hosting systems, including built-in and standardized authentication/authorization models (such as two-legged and three-legged OAuth, as well as support for other models) and built-in threat protection tools (to prevent XML or JSON injection attacks, for example).
Yet the sky is the limit when it comes to our customers’ security needs. As technology becomes increasingly complicated and individual clouds become ever more interlinked into inter-clouds (which we all tend to think of as “the cloud”), the possibility of overlooked or under-tested crevices and vulnerabilities grows. Meanwhile, the arms race charges on, as the bad guys discover new techniques for exploits, the good guys figure out ways to block or remediate them, and the bad guys go at it again and come up with something new.
In recognition of this, Apigee recently took two additional decisive steps to extend and strengthen our already strong security expertise and security operations team. First, Subra Kumaraswamy has joined our products team as chief security architect to bring additional cycles and increased focus to security-related product features and capabilities. Second, Tim Mather has joined us as chief security officer to help expand our presence and participation in the security industry, and to be responsible for Apigee’s overall security posture.
Both Subra and Tim have long pedigrees in security. They’ve both also been published many times, and are publicly acknowledged experts in the field. Additionally, Subra and Tim each have made important contributions and provided thought leadership in many industry working groups on security topics. Coincidentally, the two have collaborated previously, having written a definitive book on cloud security.
This is by no means wraps up Apigee’s efforts in the security area. But it’s an important next step in continuing to push forward and maintain our leadership position on security.
Stay tuned for further security updates, as we continue to innovate to help developers, IT security, and business deliver apps at warp speed without compromising security. We believe you can have the cake and eat it too!