Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Managing Sensitive Information in an API and Microservices World

5.344 Aufrufe

Veröffentlicht am

As enterprises begin to share their sensitive data through APIs the ability to enforce authorization and non-repudiation of data with full visibility and traceability is critical for corporate compliance and viability. Join Apigee and Apcera on how to best manage data sovereignty through an end to end chain of custody through workloads, APIs and end users.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Managing Sensitive Information in an API and Microservices World

  1. 1. ©2016 Apigee Corp. All Rights Reserved. Managing Sensitive Information in an API and Microservices World Peter Miron, Apcera Joshua Norrid, Apigee
  2. 2. Presented by Joshua Norrid, Apigee and Peter Miron, Apcera Managing Sensitive Information in an API and Microservices World
  3. 3. Innovation, Meet Trust. +
  4. 4. ©2016 Apigee Corp. All Rights Reserved. • Customers want CONVENIENCE. • All parties desire CONTROL of sensitive data. • All parties demand CONSISTENCY of experience and process. • Sensitive Data Providers must apply CONSTRAINTS to CONSUMPTION. • Sensitive Data Providers must achieve and maintain COMPLIANCE. 4 A “Chain of Custody” is required for managing sensitive information with APIs in the digital world. Why Are We Talking About This?
  5. 5. ©2016 Apigee Corp. All Rights Reserved. Help businesses compete digitally Proven. More API management deployments – over 500 to date – run on Apigee than any other platform $100M run rate. Signed definitive offer to be acquired by Google in September, 2016 API Management Platform: Apigee Edge Experienced management team from BEA, Oracle, IBM, Yahoo 5 About Apigee
  6. 6. 6 Any Application ๏Cloud Native Applications ๏Legacy x86 Applications ๏Containerized Applications and more! Any Infrastructure Composition, Orchestration & Deployment Networking + Nano-Segmentation Application Service Management Policy & Enforcement etc. Apcera: A Trusted Application Management Platform Composition, Orchestration & Deployment Networking + Nano-Segmentation Application Service Management Workload Composition Workload Resource Management Workload Scheduling and Placement Workload Communication and Connectivity Policy and Automated Enforcement
  7. 7. ©2016 Apigee Corp. All Rights Reserved. 7 The Digital Value Chain
  8. 8. ©2016 Apigee Corp. All Rights Reserved. 8 The Extended Digital Value Chain
  9. 9. ©2016 Apigee Corp. All Rights Reserved. The pipeline: inspiration from the past… 9
  10. 10. ©2016 Apigee Corp. All Rights Reserved. A useful pattern from from Caesar in Alesia… • Alesia was a hill-top fort surrounded by river valleys, with strong defensive features. • Over 80,000 men were garrisoned inside. • 3 Roman legions built dual fortification walls that surrounded the enemy. • An moat and 4.5 meter ditches were also constructed on the inner wall. Water from nearby rivers was used to fill it. • No traffic was permitted inside or out without first being “mediated” or “transformed” by Roman soldiers. A true physical proxy. 10
  11. 11. Mediate + Enrichment Analytics Developer Portal Apps / Systems Developers + PartnersUsers API Security Traffic Management Callouts Extensibility (Node, Java, Python, JavaScript) Dashboards + Reports Monetization Global Scale BaaS Existing and New Services (SOAP, REST, HTTP/HTTPS, JMS, etc.) Apigee + Apcera: Capabilities Magnified APIs PUT DELETE POST GET Multi-CloudAdditl. Code + LogicEnhanced Security Semantic Pipeline Rules + BPM Enhanced Messaging Container Mgt. < CUSTOMER > C O N F I D E N T I A L
  12. 12. ©2016 Apigee Corp. All Rights Reserved. Trace Data Requests and Fulfillment at Each System / Application Handoff • Who requested what data? When? • Who else has access to that data? • What services participated in the transaction to produce the report? • What policies enabled that participation in the transaction? • Are we certain no one and no other services have access to that data? Service Consumers A. Business Partners B. Regulatory Agencies C. Compliance D. Legal Requests Report Classification A. Customer Privacy Relate B. Business Critical C. Trade Secret General Use Case Reporting Service Report Trusted 3rd Party Request Report
  13. 13. ©2016 Apigee Corp. All Rights Reserved. Service Consumers A. Law Enforcement B. Legal/Risk/Security Telco Use Case Telco offers call data reporting as a business service: • Online and printed reports—who called whom, when, duration, etc. • Policy governs the service—who has access to a given report, who saw a report, who granted access, who deploys software, who writes and tests software, etc. • Composed of both software and operations (IT, legal, risk, etc.) Report Classification A. Sensitive / Privacy Relate B. Requires Warrant CDR Service Client Details Report Trusted 3rd Party Request Call Detail Records
  14. 14. ©2016 Apigee Corp. All Rights Reserved. KYC Service Client Details Report Finance Use Case Client Onboarding Operations Request KYC Details for Jane Doe Client Onboarding Ops A. Legal / Risk / Security (Internal) B. Banking Systems C. Audit (External and Internal) Information Classification A. Very sensitive / privacy- related B. Requires a reason and entitlements to access C. May result in fines, penalties, notification to entities impacted or other business operations if disclosed incorrectly (or thought to). A Financial Firm Must: • Capture and verify each account’s complete ownership, legal entities, for example, joint, LLC, individual. • Capture all activities that create, update, delete or query client information. • On a regular basis re-validate the above, retain all records in write-once-form. • Ensure that all information disclosure requirements are met for PCI and KYC related information (notification, credit insurance, etc.) • In general the firm must provide all KYC supporting details as required by its policies and those of its regulator. Requirements vary for each jurisdiction (country, state, etc.), product (stock, CD) and business (brokerage, banking, insurance, credit / loan)
  15. 15. ©2016 Apigee Corp. All Rights Reserved. EMR Service Electronic Medical Records Healthcare Use Case Trusted EMR 3rd Parties Request EMR Details for John Doe Trusted 3rd Parties A. Doctors B. Patients C. Payers Information Classification A. Very sensitive / privacy- related B. Requires a reason and entitlements to access C. Requires auditability of access Policy Governs: • Organizations and potentially Users that can access data through Apigee Edge • Developers ability to modify software to update access to those records • Operational control over where data can be sent to Auditability: • Access grant date • Software modification • Per request traceability
  16. 16. Demonstration
  17. 17. Try Apcera Community Edition for Free: http://bit.ly/apcera-ce Try Apigee for Free: Apigee.com
  18. 18. Learn More at www.apcera.com Thank You! Joshua Norrid @JoshuaNorrid jnorrid@apigee.com Peter Miron @PeteMiron peter.miron@apcera.com
  19. 19. Thank you
  20. 20. ©2016 Apigee Corp. All Rights Reserved. Appendices 20
  21. 21. ©2016 Apigee Corp. All Rights Reserved. Apigee Edge Covers The Entire API Management Lifecycle 21 Threat Protection Test Monetize Scale Traffic Maintain Availability Update / Iterate Publish APIs Analyze Develop Deploy Model Access Control Data Access Real Time Monitoring Document Use Run Build Apigee Edge Swagger Node.js Design Package Integration Configuration Coding TransformationQuota Monitoring Versions Logging Alerts Debugging Auditing Load TestingStaging DDoS Identity Roles Portal Developers App Registration Rate Plans Documentation Mobile Data Activity Metrics Push Notification Zero Downtime Low Latency Geo-Distribution Traffic Spikes
  22. 22. ©2016 Apigee Corp. All Rights Reserved. Apigee Products 22 Experience APIs Intelligent Security Run-time Data Warehouse CRM, ERP, etc. SOA Database Customer Application Infrastructure Internet of Things Vertical-specific api-x Backend APIs

×