Security is an essential element of any organization’s API strategy. While API security shares a lot of aspects that are common to both website security and network security, it's also fundamentally different both in terms of usage patterns as well as the unique areas of additional risks that microservices and sidecars are susceptible to. For instance, APIs move the boundary of interaction from the web tier to the backend applications, microservices and data sources directly.
Securing the microservices mesh with an API Gateway is a best practice that API providers and microservices mesh builders can put in place to prevent unauthorized data access, loss of data integrity, or the degradation of the quality of service.
Emerging microservices architectural concepts such as sidecars and platforms to inject sidecars into container pods present DevOps teams with new security challenges to solve as new layers of abstraction are introduced into an already complex system of components and protocols.
The following juxtaposition of open source servicemesh 1.0.1, beta and alpha features compared to version 8.4 of the Akana API Platform clearly illustrates why it is imperative to leverage the features of a mature API Gateway architecture on the edge of the cloud and in the core of the servicemesh for proper authentication, authorization, mediation, and resiliency.
For additional information on securing the edge API and microservices mesh, download this full white paper by clicking below.
Read White Paper
API Security & Integration Architecture, Akana
Ryan Bagnulo has implemented API integration and security and privacy solutions for hundreds of global transactional systems over the past 2 decades, with deep technical experience in investment banking high performance grid computing as well as connected electronic medical devices and international regulatory compliance. Ryan was the first chief security officer and the head of Solution Architecture for Joyent, a container focused cloud IaaS startup in 2010, and has worked with a number of Silicon Valley startups on cloud API IoT and Microservices innovations.