managing sensitive information in an api and microservices world

Presented by Joshua Norrid, Apigee and Peter Miron, Apcera

Managing Sensitive Information in an API and Microservices World

Innovation, Meet Trust.+

©2016 Apigee Corp. All Rights Reserved.

• Customers/Consumers want CONVENIENCE.• All parties desire CONTROL of sensitive data.• All parties demand CONSISTENCY of experience and process.• Sensitive Data Providers must apply CONSTRAINTS to

CONSUMPTION.• Sensitive Data Providers must achieve and maintain

COMPLIANCE.

3

A “Chain of Custody” is required for managing sensitiveinformation with APIs in the digital world.

Why Are We Talking About This?

4

Any Application๏ Cloud Native Applications๏ Legacy x86 Applications๏ Containerized Applications and more!

Any Infrastructure

Composition, Orchestration & Deployment

Networking + Nano-Segmentation

Application Service Management

Policy & Enforcement

etc.

Apcera: A Trusted Application Management Platform

Composition, Orchestration & Deployment

Networking + Nano-Segmentation

Application Service Management

WorkloadComposition

WorkloadResource Management

WorkloadScheduling and Placement

WorkloadCommunication and Connectivity

Policy and Automated Enforcement

©2016 Apigee Corp. All Rights Reserved. 5

The Digital Value Chain

©2016 Apigee Corp. All Rights Reserved. 6

The Extended Digital Value Chain

Apigee + Apcera: Capabilities Magnified

©2016 Apigee Corp. All Rights Reserved.

ReportingService

Report

Request Report

Service ConsumersA. Business PartnersB. Regulatory AgenciesC. ComplianceD. Legal Requests

Report Information ClassificationA. Customer Privacy RelatedB. Business CriticalC. Trade Secret

Trace Data Requests and Fulfillment at Each System / Application Handoff• Who requested what data? When?• Who else has access to that data?• What services participated in the transaction to produce the report?• What policies enabled that participation in the transaction?• Are we certain no one and no other services have access to that data?

General Use Case

Trusted3rd PartyConsumer

Example

©2016 Apigee Corp. All Rights Reserved.

©2016 Apigee Corp. All Rights Reserved. 11

©2016 Apigee Corp. All Rights Reserved. 12

©2016 Apigee Corp. All Rights Reserved. 13

©2016 Apigee Corp. All Rights Reserved.

©2016 Apigee Corp. All Rights Reserved.

©2016 Apigee Corp. All Rights Reserved.

©2016 Apigee Corp. All Rights Reserved. 17

The Extended Digital Value Chain

Learn More at

www.apcera.com

Thank You!Joshua Norrid

@JoshuaNorridjnorrid@apigee.com

Peter Miron@PeterMiron

peter.miron@apcera.com