Over the last 20+ years, if you didn’t offer an open API as a software maker, you were not invited to sit at the cool kids table. The culture of interconnected software has rapidly fostered tech prosperity & business growth to the point that the API has become the new database. Just imagine the possibilities, if you will, of an API so data rich that I can expose a decade of personal information for millions of users...what could possibly go wrong?
In today’s era of Continuous Integration/Continuous Delivery (CI/CD) Pipelines, DevOps and rapid Cloud adoption, there are a multitude of changes influencing the shipping of code so fast that security remains an afterthought...a retrofit. Security leaders have been preaching integrating security into the SDLC since before the invention of the Chicken McNugget. Yet security remains spread on and not baked in. Imagine if instead of airbags, your car had a couple of pillows belted on to your bumpers?
Today, I’m announcing my role as board advisor with Cloudentity. I believe a key reason integrating security into the SDLC remains for the most part an unrealized dream is because software developers are not security experts...nor should they be forced to be. Cloudentity allows software to communicate with other software safely by creating a MicroPerimeter™ for APIs and allowing software makers to define how their code should and should not be used.
Cloudentity is different than an API gateway in that it can act as a sensor for East-West traffic because it acts as a wrapper/side-car to your containers. Cloudentity offers API security in a very different way that doesn’t depend on defining & maintaining user entitlements perfectly because its Identity Provider (IDP) module allows you to govern not just users, but also services and things.
Allowing developers to code, and keeping security simple will speed the adoption of DevSecOps...instead of DevSecOops. I haven’t seen another solution that attacks this problem with a simple approach like this. Check us out: cloudentity.io