Announcing the Trapize Secure Digital Services Broker for Simplifying Enterprise API Security

API security is a hot topic across enterprises of all types in the digital economy. Understanding what data is authorized to go where is not enough to address data loss prevention. It is critical for security administrators to know what data is being passed internally and with business partners, particularly as malicious ‘bad actors’ get more sophisticated. The next step in the evolution of this market is a turnkey product that can manage API security in real-time that is independent of platform (cloud, hybrid, premise), and simple for security administrators.

The team is excited to announce the release of the Trapize Secure Digital Services Broker (SDSB) that offers security administrators a single turnkey product that simplifies API and microservices security. While there are many disparate API security tools on the market, Trapize has productized and improved the functionality into a complete cohesive product.

Until today, API security tools fell into three primary market categories:

  1. Cloud Access Security Brokers (CASB) – focus is on API security between an enterprise and cloud hosted services such as O365, SFDC, ADP. They rely in part on the cloud providers API security capabilities. A few examples of CASB vendors include Forcepoint and Skyhigh.
  2. API Management Platforms – focus is on creating, publishing, and protecting an API. Development teams who create APIs that are consumed both internally and externally rely on these tools as they write their applications. A few example API management vendors include Apigee, CA, and Mulesoft.
  3. Proxy Management – focus is on decrypting all enterprise traffic, scanning, and reporting on any anomalies. Different solutions are typically used for different types of traffic – web, email, chat. A few examples of proxy management vendors include Symantec/Bluecoat, Barracuda, and Zscaler. 

While each of these tools has their strengths, no single tool does it all until now. Figure 1 below compares the functionality of each of these tools against the new Trapize SDSB.

Key features of the Trapize Secure Digital Services Broker:

  1. Complete Product – plug & play installation and a simple, but effective product to be used by security administrators
  2. Real-time – ensuring that all data performance, governance, and compliance requirements are done in real-time
  3. Analytics – discover, map, and classification of data is done automatically, and this intelligence leads to the effectiveness of this solution
  4. Security Enforcement – while an API call may include 100s of different data fields, instead of denying the entire call, the data that needs to be tokenized or redacted can be done in real-time without breaking or modifying the application

Deployment scenarios, where we bring value to our customers:

  • API security on all external connections. Many enterprise security groups struggle managing shadow IT, for example managing all AWS accounts. AWS has tools such as Macie for API management, however, Macie must be turned on first for these tools to work.  Enterprises can have hundreds of test/dev accounts that can leak data that the security team is not aware of. The Trapize SDSB provides immediate value by delivering API security on all external connections.
  • Real-time security enforcement with analytics. Containers and microservices are all the rage and TLS connections are established between them, but this approach is lacking. The Trapize SDSB provides immediate value by delivering a turnkey API platform across the entire environment that can do real-time security enforcement — with analytics and monitoring — that empowers security administrators to control where what data goes.


Keep your enterprise in the fast lane with proactive digital service alerts

As a daily commuter and an engineer, I have often thought there is some parallel that can be drawn between traffic on the roads and the digital services being used in corporate networks.  Speed, congestion, accidents and any number of factors could impact your trip. Unlike the traffic helicopters reporting to help a driver steer clear of hazards, many in IT are caught by surprise when slow traffic or a problem is ahead.

Let me explain, I live in state where most residents view the speed limit as a suggested starting point, when the traffic is moving along at steady pace of 75MPH, everything is flowing smoothly.   However, when a few drivers decide to obey the speed limit of 65MPH, then the rhythm of the commute becomes as congested as the coffee shop line on free donut day.

Today’s most modern applications use more than one digital service.  These services are tightly choreographed to achieve whatever ultimate goal the business needs to keep running smoothly.  Like with an accident on the highway, when one service completely fails it is pretty apparent what the issue is.  Yet, when a service – or set of services – simply starts to slow down, the root cause of the failing infrastructure is harder to determine.

As digital services are consumed in an enterprise, there is an implicit service contract between the application and the external services.  Application developers often assume that if no error occurs on an external transaction, then everything is working correctly. Simply slowing down services over a small period of time can cause a catastrophic failure of an application ecosystem.  This applies to a single service slowing down or a set of services slowing down sporadically which unfortunately is occurring as more and more systems and networks become overloaded or under attack.

At Trapize, our digital services broker monitors all the services that your enterprise is using, think of us as your traffic helicopter reporting on the health of your digital traffic. We provide sophisticated monitoring of external services providing key performance metrics across a wide range of functionality. Alerts can be passed to the enterprise infrastructure or triggered in-band to the applications when services start to misbehave.

Like Sammy Hagar, I will freely admit, “I can’t drive 55”.  Enterprises need a way to ensure their services aren’t as well.

Decoding vendor conferences

“Developer Conference,” two words that should alarm all enterprises as they begin looking for solutions to manage their growing digital transformation investments. Having been around the high-tech industry for many years, this is vendor code for: “We have built a product that is so complicated that we need to teach you how to use it before you to get any value out of it.”   There is also the slightly less daunting “Users Conference” – just a notch below the Developer Conference – where it’s unlikely you’ll be writing any custom software to effectively use a vendor’s product, here you should expect to spend a lot of time learning to configure said product correctly.

The team here at Trapize is dedicated to solving the hard problems facing businesses undergoing their digital transformation. So, if you’re looking to get a free conference vacation in a balmy location this year to learn our product, you should stop reading now. If your enterprise has $100K+ in budget surplus to get some developers working on securing each digital service you need for your digital transformation, look somewhere else. If your IT department loves the intellectual challenge of spending weeks tweaking complicated configuration, we here at Trapize do not have the product you are looking for. But, if your enterprise is looking to add compliance, governance and monitoring of the digital services you are using with a single click of the mouse, then we should definitely talk.

As we enter our public beta in the early fall, the Trapize API proxy currently supports over 2,000 of the most popular digital services in use by businesses today. We have profiled thousands of digital services and provided a powerful set of one-click controls for an enterprise to quickly control and monitor digital services crossing their perimeter.

If you would like to see a demo, reach out and let us know. It’s really, really brief – unlike those Conferences – so you can get back to enjoying your busy afternoon (golf, baseball, kid’s soccer, we won’t tell).

Overcoming ‘analysis paralysis’ to achieve digital transformation of your business

Time is the true enemy of most businesses.  This has never been more apparent than when a business begins the transformation to becoming a digital enterprise.

Cloud-based services allow businesses to pick best-in-class APIs and components for building out their digital enterprise.  However, as the shift of services transitions from being hosted within the enterprise to the cloud, legal requirements like the compliance and governance of data must still be met regardless of the location of the enterprise’s perimeter.  Unfortunately many businesses have become paralyzed as they struggle to understand the implications of bringing a digital service into the enterprise. This paralysis then amplifies the time it takes to safely on-board any digital service and results in added cost for this transformation while potentially losing opportunities to their more nimble competitors.

The Trapize Digital Services Broker (DSB) enables businesses of all sizes to quickly and safely make this transition.  The Trapize DSB includes pre-built service profiles for the most popular digital services used by businesses today.  Each profile is available for download and installation for a low annual subscription fee.  The service profiles allow businesses to transparently add compliance, governance, and performance controls in minutes.  The DSB is designed to support thousands of digital service profiles in a single distributed proxy ensuring common compliance and governance controls across the enterprise.

While we don’t have a flux capacitor – or a custom built DeLorean – to go back in time, we can help businesses catch up to their competitors by beginning their digital transformation today rather than in a distant future.

Is Shadow IT going to sink your enterprise?

We’ve all heard the saying “loose lips sink ships” and now imagine how that translates to enterprise data, where sometimes exchanging sensitive data with a partner is a good thing, sometimes not so much.

Today we’re finding that corporate infrastructures at most large enterprises have sprung more than a few leaks.  This situation has been driven by the rise of cloud-based digital services, where corporate IT is under increasing pressure to open ‘pin holes’ in a firewall or add DNS exceptions to satisfy business needs.

Unfortunately, this is a risky approach that could compromise the safety and integrity of the enterprise network, particularly since the term ‘pin hole’ implies a small, manageable exception to the otherwise rigid controls that a firewall supplies.  In reality, this couldn’t be further from the actual risk introduced with this approach.

With every pin hole or exception added, a ‘digital waterway’ is created where data can flow in and out of the enterprise.  Adding another layer of complication, this data is often encrypted so centralized compliance and governance solutions have no visibility into these streams.  This has given rise to the popular term “shadow IT”, where core IT has ceded control of previously protected corporate data to the line of business application using cloud-based digital services.  All in all, a pretty perilous situation and unacceptable to regulators who provide oversight.

While some cloud security solutions gaining in popularity today think that scanning for data that has left your enterprise gives you control, we think having the right tools – a sound strategy and navigational instruments – is a safer approach.

So why are enterprises putting their data at risk?

At Trapize, we have built an in-line proxy that not only decrypts this data, ours has a packet-by-packet deep understanding of the data in an application flow.  So, as data enters or leaves the enterprise perimeter, Trapize can apply policies on a service-by-service basis.  It’s a better approach to keep your enterprise afloat.

On the horizon, a new approach for digital transformation

Yesterday I wrote about my meetings with a diverse group of IT leaders who often ask “Are ESB’s dead?”. Today I’d like to continue that topic and review the complications many are experiencing on their digital transformation journey.

At the very foundation is the need to safely exchange data and services across their organization with agility. Yet today many IT organizations are experiencing some principled headwinds – and obvious blind spots – as their cloud-based digital traffic is traversing firewalls with little IT visibility or control of the digital services being used, consumed and exchanged.

Covered in an earlier post, IT is caught without the required tools necessary to address core business functions, yet is on the hook for agile innovation from the line of business stakeholders. So, what’s an enterprise to do?

Based on my conversations, there are three clear options but all that entail some cost or risk:

  1. add connectors to external services for the ESB;
  2. write custom middleware to wrap the services;
  3. or just ignore the problem.

From experience, most organizations are doing some version of all three.  So, let’s ‘pro/con’ the opportunity cost when putting those three options in practice.

To remain compliant to the mandatory regulations, the enterprise must write a connector for each API or develop middleware wrappers for the APIs in use. The cost estimates that I’ve seen range from $200K for each connector, to $400K for middleware wrappers.  We also can’t forget the hidden cost to your organization which typically drives a 12-18 month delay in deploying new services.  Sadly, the cost in both dollars and time have led many lines of business to simply take option three, poke a hole in the corporate firewall, and assume the business risk.  Probably not a good idea.

There is a new approach on the horizon, Trapize offers an in-line proxy that provides positive control on a request-by-request basis. This approach – not only quick and affordable – is the only way to achieve true enterprise compliance.   Trapize is a digital service broker that supports many of the most popular services enterprises are using today.

Is the sun setting on Enterprise Service Bus?

I frequently meet with a diverse group of IT leaders and I’m often asked “Are ESB’s dead?” The short answer is, it’s complicated.

Since the 1990’s ESBs have played a critical role for companies by providing a ‘walled garden’ to protect access to core business functions. ESBs have delivered assurances that business applications were communicating with legally required compliance and governance.

However, as a business’s critical services have shifted from proprietary applications deployed inside an enterprises perimeter to cloud-based applications and services, the role of the ESB is being called into question. As those mission-critical applications have moved outside of the ‘circle of trust’ that the ESB provided, enterprises have struggled to keep the same level of control mandatory to meet industry regulatory requirements.

These technology shifts have fundamentally changed the way a modern enterprise conducts its business today.  Lines of business inside an enterprise are more often relying directly on Google, IBM, Microsoft and others for digital services rather than accessing core IT functionality.  Studies have shown the average enterprise uses over 1400 unique cloud services in the normal course of its day to day business.

So, while new best-in-class services arise almost daily – and are necessary to remain competitive in this agile environment –  businesses need to quickly adapt. Particularly since the same confidential enterprise data is being used and exchanged by those services – which gave rise to the ESBs in the first place – yet without the necessary regulatory requirements.

Well, what’s an enterprise to do?  From my conversations, there seem to be three options: add connectors to external services for the ESB, write custom middleware to wrap the services, or just ignore the problem.

Over here at Trapize, we have a better idea. We provide ESB-level compliance and governance while enabling the enterprises continued use of cloud-native APIs.  Our high performance in-line proxy gives the same level of tight control in minutes and at a fraction of the cost that an enterprise is spending.

So, is the sun setting on ESB’s?   No, of course not, we believe they’re just reaching retirement.

The ABC’s of regulatory Alphabet Soup

There is an ever-increasing array of acronyms that businesses need to worry about.  From FISMA to HIPAA to GDPR, they all have one thing in common: they typically consume large amounts of mindshare across an organization – but none more than IT departments.

For many enterprises, they are struggling to understand how regulations impact their business and whether they have the internal controls and sound business systems to proactively address potential risks.  If your company has custodial care of personal or private data, or processes that data on behalf of your customers then you need to protect it.

Gone are the days when consequences are only applied when a breach occurs. As the modern enterprise shifts to the use of cloud-based digital services to conduct business, they have opened new paths for exposure. Think about it, nearly every business – especially those in financial services or healthcare – has custodial care of some type of private data.  Everything from social security numbers to drug prescription information to bank account numbers.  All this data falls under the purview of one regulation or another.

Keeping pace with compliance mandates is challenging, especially since the regulations simply lay out a set of ‘consequences’ that businesses are subjected to if they don’t take the necessary steps to safeguard customer data.  The regulations aren’t prescriptive, so it forces businesses to handle a customer’s private data using the same process used to store and protect its own sensitive corporate information.

At Trapize we were founded because we recognized there is a compliance and governance gap when the enterprise needed to consume services exposed within their networks. Trapize offers a new approach to keep your business safely out of the alphabet soup.