Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays London 2023 - API Programs - Security b...

apidays
PRO
September 21, 2023
Programming
0
8

apidays London 2023 - API Programs - Security by Design, Privacy by Default, Frederick Purcell, eXate

apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023

API Programs - Security by Design, Privacy by Default
Frederick Purcell, Software solution owner at eXate

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays
PRO

September 21, 2023
Tweet

More Decks by apidays

See All by apidays
Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal
apidays
PRO
0
21
Apidays London 2024 - From Fragmentation to Federation by Peter Mörsch, Boomi
apidays
PRO
0
15
Apidays London 2024 - Open Standards for Getting your APIs into the Geospatial Ecosystem by Gobe Hobona
apidays
PRO
0
8
Apidays London 2024 - Harmonizing Asynchronous Systems by Artur Ciocanu, Adobe
apidays
PRO
0
8
Apidays London 2024 - Renovate to Innovate 5 by Rashmi Venugopal, Netflix
apidays
PRO
0
7
Apidays London 2024 - Open Standards, AI and Data for Better Decisions by Ravinder Singh
apidays
PRO
0
17
Apidays London 2024 - The Hidden Power Brokers in the EU Data Act Enforcement by David Vazquez Cortizo, apinity
apidays
PRO
0
10
Apidays London 2024 - The Web Sustainability Guidelines by Alexander Dawson, W3C
apidays
PRO
0
11
Apidays London 2024 - Battle-tested APIs_Tech and Business working together by Jean Burellier, Sanofi
apidays
PRO
0
10

Other Decks in Programming

See All in Programming
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
200
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
630
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
120
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
9
3.3k
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
250
ペアーズにおけるAmazon Bedrockを⽤いた障害対応⽀援 ⽣成AIツールの導⼊事例 @ 20241115配信AWSウェビナー登壇
fukubaka0825
6
2k
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
230
Enabling DevOps and Team Topologies Through Architecture: Architecting for Fast Flow
cer
PRO
0
340
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
610
subpath importsで始めるモック生活
10tera
0
320
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.2k
初めてDefinitelyTypedにPRを出した話
syumai
0
420

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
900
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Designing for Performance
lara
604
68k
Music & Morning Musume
bryan
46
6.2k
BBQ
matthewcrist
85
9.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Rails Girls Zürich Keynote
gr2m
94
13k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k

Transcript

  1. API PROGRAMS - SECURITY BY DEFAULT, PRIVACY BY DESIGN w

    w w . e x a t e . c o m | i n f o @ e x a t e . c o m

  2. API Programs – Security by Design, Privacy by Default DR.

    FRED PURCELL LEAD SOLUTION ACHITECT

  3. THE EVOLUTION OF ACCESS MANAGEMENT Privacy by default and security

    by design Username and Password Single Sign On (SSO) + RBA C Central IAM + RBAC Central IAM + RBA C + Security (MFA) The Opportunity Central IAM + RBA C + Security + Weaknesses Nirvana • Operationally challenging • Fragmented • Single username and password • Limited to a single identity provider • Security concerns become apparent • Privacy concerns become apparent • Automation of privacy by default and security by design Where we are today Where we are going

  4. The Growing Complexity 80% of large organisations estimate they have

    up to 25,000 distributed applications, databases, and services that ingest or distribute data in their portfolio The Great Digital Shift Manually Unachievable CHALLENGES IMPLEMENTING PRIVACY In 2023, API abuse became the most-frequent attack vector (Gartner) of organisations had a security incident involving APIs 91% 1 Developer 1 Day 25k services 113 Years $100m+

  5. Internal Policies Third Parties Data Regulation Audit Test Data DEV

    TEST UAT PROD 1 Capture the Policies 2 Automatically classify data SOLUTION: THE EXATE DATA PROTECTION PLATFORM Semi-structured Data { “JSON”, “XML” } Target common data distribution and data ingestion points for a faster and low-cost implementation to centralise entitlements 3 Automatically protect the data Data in Motion Data at Rest Aggregation of Privacy Enhancing Techniques to optimise Data Privacy Aggregation of Privacy Enhancing Techniques to optimise Data Privacy Database Schemas

  6. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  7. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Event streaming Gateways

    / Service Mesh IPaaS Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement

  8. API Consumer API Producer API Gateway AUTOMATIC PROTECTION IN GATEWAY

  9. API Gateway US Partners SaaS Products UK Customers Cloud Services

    EU Accounts Accounts Customer US Customer Order Balance EU Customer LUX Accounts YOUR GATEWAY BECOMES POPULAR

  10. …THEN THERE’S THE MESH…

  11. API Consumer API Producer API Gateway Data Governance & Compliance

    Data Governance & Compliance WHAT IF YOUR PATTERN CAN SOLVE THIS IN YOUR GATEWAY?

  12. US Partners SaaS Products UK Customers Cloud Services Accounts Customer

    Order Balance API Gateway Data Governance & Compliance Data Governance & Compliance SET THE PATTERN, SIMPLIFY, RE-USE

  13. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  14. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data at Rest Enforce LEARN AND ADAPT Central entitlement Gateways / Service Mesh Event streaming IPaaS Data in Motion Enforce Monitoring + operational

  15. HOW TO ENFORCE? We need different information to be protected

    in different ways. This helps us to keep our data safe while making the best use of it. Dynamic masking Static masking Anonymisation Purpose of Use Pseudonymisation Consent driven access

  16. HOW TO ENFORCE? Privacy vs. Utility ▪ Can we gain

    insight without breaking privacy? Original Protected [email protected] Frederick Purcell 37 £13.69 **********@exate.com No Access 23rcqcgwaf3wtfxa3wr 30-40 £14.82

  17. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  18. IPaaS Data Science Data in Motion Data at Rest Enforce

    Enforce Central entitlement Database Schemas Regulatory Policies Semi-structured Data { “JSON”, “XML” } LEARN AND ADAPT Monitoring + operational

  19. MONITOR AND OPERATION LEARN The unknown: • Risks and policies

    associated with each data attribute • Jurisdiction and the context in which it is being used How to solve it: • Real-time data from enforcement stages need to work alongside the core service to do the following:  Find and classify your data traffic  Analyse and learn about your data risks  Solve data risks automatically  Test continually for risks during the life cycle

  20. AN EXTENSIBLE ACCESS CONTROL AND SECURITY PATTERN Database Schemas Regulatory

    Policies Semi-structured Data { “JSON”, “XML” } Gateways / Service Mesh Event streaming IPaaS Databases Data Virtualisation Data Science Data protection and Dynamic ABAC enforcement at common data distribution and data ingestion points Data in Motion Data at Rest Enforce Enforce LEARN AND ADAPT Central entitlement Monitoring + operational

  21. WHAT PROBLEMS DOES THIS PATTERN SOLVE? Audit of how data

    is being used, by whom, where, and why Autodetect and protect sensitive data Segregation of duties when accessing data Consistent security and data protection by jurisdiction Enforcement of data protection regulation (such as client consent, sharing with 3rd parties, right to be forgotten, etc) eXate aggregates multiple protection techniques to provide maximum flexibility Chain testing Production data in non-production environments

  22. DON’T BECOME A STATISTIC EXATE YOUR DATA w w w

    . e x a t e . c o m | i n f o @ e x a t e . c o m