+
2023 State of Authorization Report offers guidance on critical issues impacting authorization Learn more  

Enhancing API Security: Dynamic Authorization to Protect Sensitive Data

Gerry Gebel   ·   Monday, September 18th, 2017

API Gateways effectively manage the authentication of the user and provide service orchestration capabilities, but if sensitive data is involved, additional fine-grained authorization capabilities are required.

Digital transformation continues to be a priority as organizations realize the potential business benefits of becoming a digital organization. The internal efficiency gained often means improving the speed to market for new products, and a deeper level of customer engagement and satisfaction. However, this kind of transformation also means a change in the complexity of the IT ecosystem. The demands on day-to-day IT operations can be a major challenge as often this means managing both cloud native and existing, on-premises IT infrastructure.

Applications Program Interfaces (APIs) and microservices are the latest approach to breaking down large monolithic applications and merging legacy systems with new IT platforms. They have revolutionized the way we exchange data and have become the preferred method for exposing data to external parties. With a microservices architecture, the functions of an application are built as discrete components that communicate with each other via APIs. This approach lends itself to a faster, almost continuous development and deployment cycle.

APIs that handle sensitive data pose security and data access control threats, require advanced security solutions. An important component in API security is the management and enforcement of the authentication and authorization permissions of users. API Gateways effectively manage the authentication of the user and provide service orchestration capabilities. But if business critical data, personal identifiable information (PII) or any other sensitive data is involved, additional fine-grained authorization capabilities are required. Continue reading.

This article originally appeared in CSO Online. The article, in its entirety, can be accessed here.

Archived under:
  Join us on LinkedIn for more insights
About the author

Related articles

Expanding our reach – bringing ABAC to APAC with emt Distribution, a rhipe company

The one about ISO certifications | Dynamically Speaking

What happened to Robinhood?

Untangling zero trust with dynamic authorization

Free Report

State of Authorization Report 2023

Get it now

Trending Articles

You have questions, we have answers

Mark talks about everything...including Zero Trust | Dynamically Speaking

How Policy-as-code can make your developers infallible?

Take Our Poll

Where is your organization currently at with authorization?

View Results

Loading ... Loading ...
Content...