Downloaded 12 times
Uploaded byapidays
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, Akana by Perforce
The document discusses how API automation is essential for enhancing DevOps efficiency while addressing challenges related to security, compliance, and governance. It highlights the critical need for securing APIs and the entire API lifecycle, as well as the importance of automating policies to ensure compliance without hindering development processes. Ultimately, API automation enables faster development, improved security, and better governance in organizations.
More Related Content
Similar to apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, Akana by Perforce
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, Akana by Perforce
- 1. Akana by Perforce© 2021 Perforce Software, Inc. API Automation For DevOps at Scale: How to Go From Code to API Product While Ensuring Compliance ROD COPE – JULY 29, 2021
- 2. akana.com 2 | Akanaby Perforce © 2021 Perforce Software, Inc. What We’ll Cover Today 1 2 3 4 Introduction Challenges With Security, Compliance, & Governance How API Automation Boosts DevOps Summary / Q&A
- 3. akana.com 3 | Akanaby Perforce © 2021 Perforce Software, Inc. Presenter Rod Cope CTO, Perforce Rod Cope is the CTO of Perforce Software where he provides technical vision and architectural leadership for the company’s globally distributed development teams. Rod has over 25 years of experience in software development that spans a number of industries, including telecommunications, aerospace, healthcare, and manufacturing. Previously in his career, Rod was the CTO of Rogue Wave Software and the CTO and Founder of OpenLogic. He also worked in various software development roles for General Electric, IBM, Anthem, and IBM Global Services. He holds both Bachelor’s and Master’s degrees in Software Engineering from the University of Louisville. rcope@perforce.com www.linkedin.com/in/rodcope/
- 4. akana.com 4 | Akanaby Perforce © 2021 Perforce Software, Inc. DevOps and APIs: A Perfect Match • APIs are critical to DevOps success. • And DevOps is critical for APIs to get scaled appropriately. • Both require major enterprise IT culture shifts. • API automation at scale is the key to overcoming common challenges and accelerating development — while ensuring quality. • Automated API creation • Automated security, compliance, and governance. • Automated API management = faster development!
- 5. Challenges With Security,Compliance, and Governance
- 6. akana.com 6 | Akanaby Perforce © 2021 Perforce Software, Inc. Challenge #1: Securing APIs • In the race to scale more APIs, enterprises cannot ignore security threats. • Not only do you need to secure your APIs, you also must secure the API lifecycle. • Especially in DevOps. • DevOps sits at the crossroads of IT and digital innovation and plays a pivotal role in securing the entire API lifecycle. 45% of respondents aren’t confident in their security organization's ability to detect whether a bad actor is accessing their APIs. In fact, 51% aren't even confident their security team knows about all of the APIs that exist in the organization. - Ping Identity Survey
- 7. akana.com 7 | Akanaby Perforce © 2021 Perforce Software, Inc. Challenge #2: Compliance • 91% of organizations experienced API security incident in the last year. • Compliance and governance challenges could cost the enterprise millions if a single undetected threat compromises customer data. • Obviously, the risks of noncompliance are far too high which means compliance is a must. • But compliance regulations often stand in the way of DevOps efficiency. • API management platforms offer automated policies, authentication / authorization, and SLA agreements.
- 8. akana.com 8 | Akanaby Perforce © 2021 Perforce Software, Inc. Challenge #3: Governance • Like compliance, governance has a corporate history of slowing innovation. • Which responsibilities belong to DevOps teams? • Which responsibilities DON’T? • The API interaction / mediation layer allows you to: • Decouple critical API product elements from the code on which the API product is based. • The code is the responsibility of the DevOps team. • Applying security policies for governance can be delegated to an API management solution — in an automated manner.
- 9. How API AutomationBoosts DevOps
- 10. akana.com 10 | Akanaby Perforce © 2021 Perforce Software, Inc. API Automation Boosts DevOps, Bringing Everything Together
- 11. akana.com 11 | Akanaby Perforce © 2021 Perforce Software, Inc. API Automation For Your Security Policies Protect against vulnerabilities. API automation means automated security policies that protect against OWASP API Security Top 10: • Broken Object Level Authorization • Broken Authentication • Lack of Resources and Rate Limiting • Broken Function Level Authorization • Improper Assets Management
- 12. akana.com 12 | Akanaby Perforce © 2021 Perforce Software, Inc. API Automation For Simplified Compliance Simplify compliance with API automation. • Automate common tasks, steps, configurations, templates, and policies. • Ensure repeatability, speed, and compliance results. • Gain major IT savings and greater security, for example: • FHIR provides shared APIs so healthcare platforms can safely share data across facilities. Automation speeds compliance and opens door to healthcare innovation. • PSD2, OIDC, OAuth 2.0 likewise automated at a platform level to provide secure open banking environments.
- 13. akana.com 13 | Akanaby Perforce © 2021 Perforce Software, Inc. API Automation For End-to-End Governance Gain end-to-end governance — the easy way. API automation means security, consistency, stability, and reusability. So, you can: • Enable consistency across APIs – cutting down on development time and cost • Allow components to be reused, both internally and externally • Build APIs to achieve specific goals and bring value to the business • Track all elements of the API lifecycle – know where, how, and by whom they are being used
- 14. akana.com 14 | Akanaby Perforce © 2021 Perforce Software, Inc. • API automation boosts DevOps… • …adding speed. • …ensuring security, compliance, and governance. • …delivering value. API Automation at Scale For DevOps
- 15. akana.com 15 | Akanaby Perforce © 2021 Perforce Software, Inc. Summary • Enterprises face big challenges with security, compliance, and governance — which gets in the way of DevOps. • API automation solves these challenges and boosts DevOps efficiency.
- 16.
- 17. A K AN A A P I M A N A G E M E N T Thank you! Be sure to visit the Akana booth! & Register for a chance to win a $200 Amazon gift card.
Editor's Notes
- #7 In the race to unlock new business channels and create more value, there is always a push to develop new APIs. But how do they get from idea to value? And how do you ensure that they are developed not only swiftly, but securely? Strict top-down control destroys speed, but no governance puts you at major risk of regulatory and compliance violations. Any phase of your API lifecycle - from strategy and design to deployment and optimization – can be the source of vulnerabilities that enable malicious attacks and allow unauthorized access, unapproved APIs, and exposed data.
- #8 https://salt.security/api-security-trends – 91% of organizations
- #13 Look for common tasks, steps, or elements. Capture those into automated configurations, such as templates and policies. You can ensure consistency by applying configurations across collections of similar APIs. For example, APIs that are classified as “critical” will automatically have a specific set of policies applied. By doing this, you enable repeatability, accelerate speed, and ensure compliance. FHIR creates a common set of APIs so healthcare platforms can communicate and share data across facilities in a manner that each platform can understand. This is similar to how Open Banking and PSD2 create sharing within the financial services industry.