By Chris Pisarkiewicz | Date posted: February 5, 2014
Secure integration has become increasingly important over the past few years. As businesses rely more heavily on applications for conducting transactions and managing personal information, API security has become critically important. When it comes to application security, generally, there are three options: centralized, decentralized and a hybrid of the two. Let’s learn a little bit about each of the three models are setup:
Decentralized API Security
A decentralized security model (figure shown below), also known as a point-to-point integration, where individual applications communicate with specific services through individually coded and configured security policies. As the number of applications and services increases, the number of policies must also increase, putting a heavy burden on the development team to build and maintain new policies.
Centralized API Security
A centralized security infrastructure utilizes a gateway for communication between the applications and services. Rather than coding security policies, developers simply need to configure policies in the gateway, saving them time and resources. Below is an example of what a centralized security model looks like:
Hybrid API Security
A hybrid approach is just that, a mix of the centralized and decentralized models where some requests are made through the gateway and others are made directly between the applications and the services. This model is typically seen when a company is transitioning from a decentralized security model to a centralized approach but hasn’t fully transferred all policies through the gateway.
Now that you understand the differences between the three API security configurations, let’s dive into why a centralized approach is the best.
Configuring policies is easier than coding them
When working with a centralized security model, security policies are created by configuring them in the gateway rather than coding them. Configuration requires less time than coding and configuration doesn’t require a developer. Overall, a centralized approach will provide more secure and stable environment for the organizations’ applications, reduce the amount of time it takes to get a security policy in place and reduce the maintenance needed in the future.
Keeping security policies updated can be a challenging and time consuming responsibility. And, finding an individual or individuals who have the correct skill set and knowledge to maintain all of the different types of security policies can be even harder and expensive. It’s a lot easier and cost effective to work with a vendor solution that focuses solely on creating and maintaining the best and most secure infrastructure possible. They will be able to help implement new policies much quicker because that’s their expertise.
Application growth won’t strain your development team
A centralized API security framework allows your development team to focus on building, modifying and maintaining applications instead of defining and coding security policies. As your company decides to create more and more applications, wouldn’t you rather configure a security policy than code it? It’s critical to factor in how much time you would save by letting a third party manage your security updates through the centralized gateway. If you’re forced to build each security policy, your time to market could be significantly reduced, severely affecting the company’s bottom line.
Centralized security models have significant advantages over decentralized and hybrid models. They reduce corporate risk and provide a centralized team that acts as an extension of your development team. It’s like having your own internal security department. All of these factors will help you get a better night’s sleep!
In the comment section, what are some other benefits of going with centralized API security?