API Gateways: Where Security Enables Innovation
API gateways are an emerging hot spot in IT services. They offer platforms for companies to selectively leverage IT systems for end user use. But well beyond just slapping a web server in front of an app, gateways both facilitate use of an application and protect it. Gateways enable third party developers, outside your organization, to support different use cases in different environments – such as new applications, mobile apps, and service mash-ups – while allowing you to control security, function, and access to data. They provide a glue layer between your systems and the outside world.
This research paper describes API gateways in detail, shows how they are deployed, and provides the key information to select and implement a gateway. Here is an except:
API gateways enable developers to build cloud, mobile, and social apps on enterprise data, layered over existing IT systems. That said, API gateways are not sexy. They do not generate headlines like cloud, mobile, and big data. But APIs are the convergence point for all these trends and the crux of IT innovation today. We all know cloud services scale almost too well to believe, at prices that seem to good to be true. But APIs are a key part of what makes them so scalable, universal, and cheap. API mashups bring new ways to collaborate and mobile apps provide fundamentally new front ends. We are commoditizing our IT systems into open services! Of course open, API-driven, multi-tenant environments bring new risks with their new potentials. As Netflix security architect Jason Chan says, securing your app on Amazon Cloud is like rock climbing – Amazon gives you a rope and belays you, but you are on the rock face. You are the one at risk. How do you manage that risk? API gateways play a central role in limiting the cloud’s attack surface and centralizing policy enforcement.
We would like to thank Intel for licensing this research. We wouldn’t be able to do the research we do, or offer it to you folks for this most excellent price, without clients licensing our content. If you have comments of questions about this research, please feel free to email us with questions.
View Intel’s API Gateway resource center to download the report and view other API related tutorials.
Download from Securosis:
API Gateways, version 1.0. (PDF)