Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays London 2023 - API Programs - Security b...

apidays
PRO
September 21, 2023
Programming
0
8

apidays London 2023 - API Programs - Security by Design, Privacy by Default, Frederick Purcell, eXate

apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023

API Programs - Security by Design, Privacy by Default
Frederick Purcell, Software solution owner at eXate

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

September 21, 2023
Tweet

More Decks by apidays

See All by apidays
Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal
apidays
PRO
0
18
Apidays London 2024 - From Fragmentation to Federation by Peter Mörsch, Boomi
apidays
PRO
0
10
Apidays London 2024 - Open Standards for Getting your APIs into the Geospatial Ecosystem by Gobe Hobona
apidays
PRO
0
7
Apidays London 2024 - Harmonizing Asynchronous Systems by Artur Ciocanu, Adobe
apidays
PRO
0
4
Apidays London 2024 - Renovate to Innovate 5 by Rashmi Venugopal, Netflix
apidays
PRO
0
6
Apidays London 2024 - Open Standards, AI and Data for Better Decisions by Ravinder Singh
apidays
PRO
0
16
Apidays London 2024 - The Hidden Power Brokers in the EU Data Act Enforcement by David Vazquez Cortizo, apinity
apidays
PRO
0
9
Apidays London 2024 - The Web Sustainability Guidelines by Alexander Dawson, W3C
apidays
PRO
0
10
Apidays London 2024 - Battle-tested APIs_Tech and Business working together by Jean Burellier, Sanofi
apidays
PRO
0
9

Other Decks in Programming

See All in Programming
Googleのテストサイズを活用したテスト環境の構築
toms74209200
0
290
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
3
420
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
160
CSC509 Lecture 08
javiergs
PRO
0
110
EventSourcingの理想と現実
wenas
6
2.1k
JaSST 24 九州:ワークショップ(は除く) 実践!マインドマップを活用したソフトウェアテスト+活用事例
satohiroyuki
0
290
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.3k
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
470
Vue.js学習の振り返り
hiro_xre
2
140
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
24k
破壊せよ!データ破壊駆動で考えるドメインモデリング / data-destroy-driven
minodriven
16
4.2k
PLoP 2024: The evolution of the microservice architecture pattern language
cer
PRO
0
2k

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
96
11k
A Philosophy of Restraint
colly
203
16k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Done Done
chrislema
181
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Testing 201, or: Great Expectations
jmmastey
38
7.1k

Transcript

  1. API PROGRAMS - SECURITY BY DEFAULT, PRIVACY BY DESIGN w

    w w . e x a t e . c o m | i n f o @ e x a t e . c o m

  2. API Programs – Security by Design, Privacy by Default DR.

    FRED PURCELL LEAD SOLUTION ACHITECT

  3. THE EVOLUTION OF ACCESS MANAGEMENT Privacy by default and security

    by design Username and Password Single Sign On (SSO) + RBA C Central IAM + RBAC Central IAM + RBA C + Security (MFA) The Opportunity Central IAM + RBA C + Security + Weaknesses Nirvana • Operationally challenging • Fragmented • Single username and password • Limited to a single identity provider • Security concerns become apparent • Privacy concerns become apparent • Automation of privacy by default and security by design Where we are today Where we are going

  4. The Growing Complexity 80% of large organisations estimate they have

    up to 25,000 distributed applications, databases, and services that ingest or distribute data in their portfolio The Great Digital Shift Manually Unachievable CHALLENGES IMPLEMENTING PRIVACY In 2023, API abuse became the most-frequent attack vector (Gartner) of organisations had a security incident involving APIs 91% 1 Developer 1 Day 25k services 113 Years $100m+

  5. Internal Policies Third Parties Data Regulation Audit Test Data DEV

    TEST UAT PROD 1 Capture the Policies 2 Automatically classify data SOLUTION: THE EXATE DATA PROTECTION PLATFORM Semi-structured Data { “JSON”, “XML” } Target common data distribution and data ingestion points for a faster and low-cost implementation to centralise entitlements 3 Automatically protect the data Data in Motion Data at Rest Aggregation of Privacy Enhancing Techniques to optimise Data Privacy Aggregation of Privacy Enhancing Techniques to optimise Data Privacy Database Schemas

  6. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  7. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Event streaming Gateways

    / Service Mesh IPaaS Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement

  8. API Consumer API Producer API Gateway AUTOMATIC PROTECTION IN GATEWAY

  9. API Gateway US Partners SaaS Products UK Customers Cloud Services

    EU Accounts Accounts Customer US Customer Order Balance EU Customer LUX Accounts YOUR GATEWAY BECOMES POPULAR

  10. …THEN THERE’S THE MESH…

  11. API Consumer API Producer API Gateway Data Governance & Compliance

    Data Governance & Compliance WHAT IF YOUR PATTERN CAN SOLVE THIS IN YOUR GATEWAY?

  12. US Partners SaaS Products UK Customers Cloud Services Accounts Customer

    Order Balance API Gateway Data Governance & Compliance Data Governance & Compliance SET THE PATTERN, SIMPLIFY, RE-USE

  13. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  14. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data at Rest Enforce LEARN AND ADAPT Central entitlement Gateways / Service Mesh Event streaming IPaaS Data in Motion Enforce Monitoring + operational

  15. HOW TO ENFORCE? We need different information to be protected

    in different ways. This helps us to keep our data safe while making the best use of it. Dynamic masking Static masking Anonymisation Purpose of Use Pseudonymisation Consent driven access

  16. HOW TO ENFORCE? Privacy vs. Utility ▪ Can we gain

    insight without breaking privacy? Original Protected [email protected] Frederick Purcell 37 £13.69 **********@exate.com No Access 23rcqcgwaf3wtfxa3wr 30-40 £14.82

  17. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  18. IPaaS Data Science Data in Motion Data at Rest Enforce

    Enforce Central entitlement Database Schemas Regulatory Policies Semi-structured Data { “JSON”, “XML” } LEARN AND ADAPT Monitoring + operational

  19. MONITOR AND OPERATION LEARN The unknown: • Risks and policies

    associated with each data attribute • Jurisdiction and the context in which it is being used How to solve it: • Real-time data from enforcement stages need to work alongside the core service to do the following:  Find and classify your data traffic  Analyse and learn about your data risks  Solve data risks automatically  Test continually for risks during the life cycle

  20. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  21. WHAT PROBLEMS DOES THIS PATTERN SOLVE? Audit of how data

    is being used, by whom, where, and why Autodetect and protect sensitive data Segregation of duties when accessing data Consistent security and data protection by jurisdiction Enforcement of data protection regulation (such as client consent, sharing with 3rd parties, right to be forgotten, etc) eXate aggregates multiple protection techniques to provide maximum flexibility Chain testing Production data in non-production environments

  22. DON’T BECOME A STATISTIC EXATE YOUR DATA w w w

    . e x a t e . c o m | i n f o @ e x a t e . c o m