How to secure your API with Apigee and Google Cloud Armor
Introducing Apigee Advanced API Security features for Google Cloud
APIs are used by organizations worldwide to boost easier and standardized delivery of services and data for digital experiences.
A growing spike of digital experiences has increased API usage and traffic volumes. However, as malicious API attacks also have grown, API security has become an important aspect to deal with business risk.
To help customers more easily address their growing API security needs, Google Cloud is announcing the Preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, an API management platform. Advanced API Security enables organizations to more easily detect security threats. Here’s a closer look at the two key functionality included in this launch: identifying API misconfigurations and detecting bots.
Identify API misconfigurations
Misconfigured APIs are one of the leading reasons for API security incidents. In 2017, Gartner® predicted that by 2022 API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. It has been discovered that misconfigurations are the number one cause of data breaches, and that “too many cloud APIs and interfaces to adequately govern” are frequently the main point of attack in cyberattacks.
While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process can take much time and require considerable resources.
Advanced API Security can make it easier for API teams to identify API proxies that do not conform to security standards. To help identify APIs that are misconfigured or experiencing abuse, Advanced API Security regularly assesses managed APIs and provides API teams with a recommended action when configuration issues are detected.
APIs form an integral part of the digital connective tissue that makes modern medicine run smoothly for patients and healthcare staff. One common healthcare API use case occurs when a healthcare organization inputs a patient’s medical coverage information into a system that works with insurance companies. Almost instantly, that system determines the patient’s coverage for a specific medication or procedure, a process that is enabled by APIs. Because of the sensitive personal data being transmitted, it is important that the required authentication and authorization policies are implemented so that only authorized users, such as an insurance company, can access the API.
Advanced API Security can detect if required security policies have not been applied, an alert that can help reduce API security risks. By leveraging Advanced API Security, API teams at different organizations can more easily detect misconfiguration issues and can reduce security risks to sensitive information.
Because of the increasing volume of API traffic, there is also an increase in cybercrime in the form of API bot attacks — the automated software programs deployed over the Internet for malicious purposes like identity theft.
Advanced API Security uses pre-configured rules to help provide API teams an easier way to identify malicious and harmful bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address. If an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.
Additionally, Advanced API Security can speed up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.
Financial services APIs are frequently the target of malicious bot attacks due to the high-value data that is processed. A bank or financial institution that has adopted open banking standards by making APIs accessible to customers and partners can use Advanced API Security to make it easier to analyze traffic patterns and identify the sources of malicious traffic. You may experience this when your bank allows you to access your data with a third-party application. While a malicious hacker could try to use a bot to access this information, Advanced API Security can help the bank’s API team to identify and stop malicious bot activity in API traffic.
API Security at Equinix
Equinix powers the world’s digital leaders, while operating a global network of more than 240 data centers with a 99.999% or greater uptime, to boost global interconnections for organizations, save time and effort with the Apigee API management platform.
“A key enabler of our success is Google’s Apigee, delivering digital infrastructure services securely and quickly to our customers and partners,” said Yun Freund, senior vice president of Platform at Equinix.
Security is a key pillar to API-first strategy and Apigee has been instrumental in enabling Equinix customers to securely bridge the connections they need for their businesses to identify and mitigate security risks and threats. As API traffic has grown, the amount of time required to secure APIs grows as well. Having end-to-end software instruments in one managed platform provides you with a high-performing and secure solution.
Apigee from Google Cloud Platform
To learn more about how Google Apigee and Google Cloud can help you use insights to gain a significant business advantage – you may contact the official Google Cloud Premier Partner – Cloudfresh.
Our specialists will help you optimize your IT infrastructure, develop integrations for better system interoperability, and help create completely new structures and processes for your teams, while our support center will provide you with the best customer experience!