Apigee (previous CloudAve coverage), the API management company formerly known as Sonoa Systems, yesterday launched PCI-Compliant API management solution in the cloud. As we move into an increasingly platform based world where APIs are the key, the next important issue we, as an industry, have to tackle is security. Already companies like Apigee, Mashery, etc are tackling the problem. When we talk about security, sooner than later, we are confronted with the issue of compliance. Especially, in a world where access to compute resources are available through API for easy programatic access, compliance becomes an urgent problem seeking innovative solutions. Apigee’s announcement yesterday is. probably, the first API compliance solution in the industry, targeting the enterprises.
The new solution is called Apigee Enterprise Cloud PCI and it is a cloud based API Management tool which is meant to ensure full PCI compliance with PCI-DSS (Payment Card Industry Data Security Standard) as organizations increasingly deploy powerful transactional APIs. People who are engaged in ensuring compliance understand how complex and expensive it is to be fully compliant. This solution directly hits at the complexity and cost factors associated with full compliance and offers an easy low cost solution to businesses.
As we increasingly use credit card through various mobile and desktop devices, PCI compliance of APIs is a big problem. With the success of startups like Square and an application ecosystem around such new age transactional devices that interact with the cloud through APIs, an inexpensive easy to deploy PCI solution is the need of the hour. Apigee is right on time to take advantage of this trend.
The new Apigee Enterprise Cloud PCI solution is deployed in PCI-compliant data centers, where cardholder information is protected according to PCI DSS. With Apigee Enterprise Cloud PCI, enterprises can:
- Quickly build and deploy a transactional API — in about a quarter of the time it would take to build it ‘from scratch’
- Maintain PCI compliance and data protection of all API traffic, including encryption and masking for cardholder information, regardless of whether the API is deployed on-premise or in the cloud
- For the first time, take advantage of the virtually limitless, on-demand compute resources of the cloud to dynamically scale APIs to meet traffic demands
For organizations that require on-premise solutions, Apigee Enterprise can also be deployed on site and delivers the same capabilities as Apigee Enterprise Cloud, while fitting into PCI-DSS compliant in-house deployments.
We are going to see more such innovative solutions from Apigee and others in the coming years, making this space very interesting to watch.
Related articles
- Apigee beefs API service for payment card transactions (go.theregister.com)
- Enterprises Get New Guidance On PCI Compliance In Virtual Environments (teamshatter.com)
- Spotlight on Apigee Premium: API Management for Your Size (apigee.com)
- Take that, content. APIs get own delivery network (go.theregister.com)
- New API Management Platform Players (apievangelist.wordpress.com)
- TradeKing Partners with API Leader Apigee (community.tradeking.com)
- PCI DSS in the Cloud … By the Council (chuvakin.blogspot.com)
- PCI Updates Rules for Customer Data in Cloud (informationweek.com)
- PCI DSS Cloud Service Provider Compliance (flyingpenguin.com)
not sure if the claim that “Apigee’s announcement yesterday is. probably, the first API compliance solution in the industry, targeting the enterprises.” is entirely accurate. Others like Layer 7 have had PCI DSS compliance for their API security & management for some time along with FIPS, Common Criteria, STIG vulnerability tested etc.
Dimitri, I was not 100% sure about what others are offering and hence I used probably in the sentence. Thanks for this input.