The ABC’s of regulatory Alphabet Soup

There is an ever-increasing array of acronyms that businesses need to worry about.  From FISMA to HIPAA to GDPR, they all have one thing in common: they typically consume large amounts of mindshare across an organization – but none more than IT departments.

For many enterprises, they are struggling to understand how regulations impact their business and whether they have the internal controls and sound business systems to proactively address potential risks.  If your company has custodial care of personal or private data, or processes that data on behalf of your customers then you need to protect it.

Gone are the days when consequences are only applied when a breach occurs. As the modern enterprise shifts to the use of cloud-based digital services to conduct business, they have opened new paths for exposure. Think about it, nearly every business – especially those in financial services or healthcare – has custodial care of some type of private data.  Everything from social security numbers to drug prescription information to bank account numbers.  All this data falls under the purview of one regulation or another.

Keeping pace with compliance mandates is challenging, especially since the regulations simply lay out a set of ‘consequences’ that businesses are subjected to if they don’t take the necessary steps to safeguard customer data.  The regulations aren’t prescriptive, so it forces businesses to handle a customer’s private data using the same process used to store and protect its own sensitive corporate information.

At Trapize we were founded because we recognized there is a compliance and governance gap when the enterprise needed to consume services exposed within their networks. Trapize offers a new approach to keep your business safely out of the alphabet soup.

APIs help digital services ‘talk’ but does IT know what’s being exchanged?

For the last several years businesses have been on a digital transformation journey and today APIs are proliferating. Last year alone, estimates show that a typical enterprise required integrations with over 1,400 unique cloud services. It’s clear that businesses are consuming multiple services from multiple sources.

But businesses face compliance and control challenges in their shift to digital services driven by APIs: cloud-based traffic is traversing firewalls with little IT visibility or control, there’s increased areas for threat as your organization adds/consumes services, and there’s a lack of existing tools to address this exposure when consuming these services. Gartner predicts that “through 2020, 95% of cloud security failures will be the customer’s fault.”

Consequently, IT is caught in the middle trying to address core business functions – controlled stability, internal platforms, service-oriented architectures – while navigating pressing requirements like agile innovation from their line of business stakeholders. But with more than 150,000 third-party APIs available today, business leaders are faced with not only a blind spot but also the discovery of ‘shadow IT’ teams when trying to secure and manage company-wide APIs.

This has led to a critical need for brokered intermediation and digital services governance to monitor usage and protect data. Some questions to consider:

  • Who has access to API-driven business services?
  • When, where and how they are being used?
  • What type data is being exchanged that may be bypassing your existing security controls?

If there is a gap in oversight, Trapize provides the missing piece. Trapize is a digital service broker that gives your IT organization real-time visibility and control into the behavior and value of the digital services that drive your business. There is no other solution available today that provides compliance, governance and security for the API-based microservices your enterprise consumes. Trapize alerts you of potential risks, ensures compliance requirements like FISMA and HIPAA are met, and acts as a control point to enforce data security policies, protecting your enterprise against threats.