Zero Trust Security - Updated
Download as PPTX, PDF0 likes94 views
The document discusses the importance of API security and introduces the concept of Zero Trust Security (ZTS) as a strategy to improve API protection. It outlines how organizations can implement ZTS through a layered security approach, leveraging tools and best practices to enhance security and governance for APIs using the MuleSoft Anypoint Platform. Key takeaways include the necessity of centralized management and the promotion of secure API development and integration to ensure robust security measures.
Zero Trust Security - Updated
- 1. All contents © MuleSoft, LLC Zero Trust Security for your APIs By Akshata Sawant, Developer Advocate at MuleSoft @sawantakshata02 /akshata-sawant-192a3a121
- 2. About Me ● Developer Advocate at MuleSoft ● 5+ yrs - MuleSoft, APIs & Integrations ● Author and blogger ● Love travelling & photography ● Big time foodie! <3 @sawantakshata02 /akshata-sawant-192a3a121
- 3. Agenda ● Need for API Security ● What is Zero Trust Security(ZTS) ● How to implement ZTS for your APIs ● QnA
- 4. Forward-looking statements This presentation contains forward-looking statements about the Company’s financial and operating results, which may include expected GAAP and non-GAAP financial and other operating and non-operating results, including revenue, net income, earnings per share, operating cash flow growth, operating margin improvement, expected revenue growth, expected current remaining performance obligation growth, expected tax rates, stock-based compensation expenses, amortization of purchased intangibles, shares outstanding, market growth, environmental, social and governance goals, expected capital allocation, including mergers and acquisitions, capital expenditures and other investments, expectations regarding closing contemplated acquisitions and contributions from acquired companies. The achievement or success of the matters covered by such forward-looking statements involves risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, the Company’s results could differ materially from the results expressed or implied by the forward-looking statements it makes. The risks and uncertainties referred to above include those factors discussed in Salesforce’s reports filed from time to time with the Securities and Exchange Commission, including, but not limited to: risks associated with our ability to successfully integrate Slack Technologies, Inc.’s operations; our ability to realize the anticipated benefits of the Slack Technologies, Inc. transaction; the impact of Slack Technologies, Inc.’s business model on our ability to forecast revenue results; disruption from the transaction making it more difficult to maintain business and operational relationships; the impact of, and actions we may take in response to, the COVID-19 pandemic, related public health measures and resulting economic downturn and market volatility; our ability to maintain service performance and security levels meeting the expectations of our customers, and the resources and costs required to avoid unanticipated downtime and prevent, detect and remediate performance degradation and security breaches; our ability to secure and costs related to data center capacity and other infrastructure provided by third parties; our reliance on third-party hardware, software and platform providers; the effect of evolving domestic and foreign government regulations, including those related to the provision of services on the Internet, those related to accessing the Internet, and those addressing data privacy; current and potential litigation involving us or our industry, including litigation involving acquired entities such as Tableau; regulatory developments and regulatory investigations involving us or affecting our industry; our ability to successfully introduce new services and product features, including any efforts to expand our services beyond the CRM market; the success of our strategy of acquiring or making investments in complementary businesses and strategic partnerships; our ability to compete in the market in which we participate; the success of our business strategy and our plan to build our business; our ability to execute our business plans; our ability to continue to grow unearned revenue and remaining performance obligation; the pace of change and innovation in enterprise cloud computing services; the seasonal nature of our sales cycles; our ability to limit customer attrition and costs related to those efforts; the success of our international expansion strategy; the demands on our personnel and infrastructure resulting from significant growth in our customer base and operations; our dependency on the development and maintenance of the infrastructure of the Internet; our real estate and office facilities strategy and related costs and uncertainties; fluctuations in, and our ability to predict, our operating results and cash flows; the variability in our results arising from the accounting for term license revenue products; the performance and fair value of our investments in complementary businesses through our strategic investment portfolio; our ability to protect our intellectual property rights; our ability to develop our brands; the valuation of our deferred tax assets and the release of related valuation allowances; uncertainties regarding our tax obligations in connection with potential jurisdictional transfers of intellectual property; uncertainties regarding the effect of general economic conditions; and risks related to our debt and lease obligations.
- 5. API Security is a major concern 41% of organizations suffered API Security issues in the last year JML Servers Clients (Users & Apps) API
- 7. Zero Trust Security Never trust; always verify Never Trust; Always Verify Least Privilege and Default Deny Full Visibility and Inspection Centralized Management
- 8. How to achieve ZTS for your APIs? Layered security approach
- 10. Process layer Experience layer System layer Illustrative Order Management system Rate-Limiting CORS Basic Auth- LDAP Header-injection Rate-limiting JWT Basic Authentication Header Injection CORS OAuth MFA Basic-Authentication Header Removal JWT Policy Custom Policy Rate-limiting SLA Based
- 11. Process layer Experience layer System layer Illustrative Layered security with API-led connectivity Line 1 Line 2 Basic Auth- LDAP Line 1 Line 2 Line 1 Line 2 JWT Line 1 Line 2 Line 1 Line 2 OAuth MFA Line 1 Line 2 Line 1 Line 2 JWT Line 1 Line 2
- 12. Unlock and unify data anywhere Integrate systems wherever they reside — on- premises, cloud, or hybrid Securely empower your business with APIs Allow API discovery and reuse with centralized management and governance Create seamless digital experiences, faster Easily apply proven assets and best practices from an API and integration marketplace MuleSoft Anypoint Platform World’s #1 integration and API platform Source: MuleSoft customer case studies 3x faster with reuse vs. custom code
- 13. 14 Universal API Management on Anypoint Platform Build new APIs from scratch Manage APIs to consistent quality and security Maxie API developer Dan API owner
- 14. 15 Demo 1: Build APIs following security standards Build new APIs from scratch Maxie API developer ❖ Build API Specification (Design first!) ❖ Catalog APIs from existing repository ❖ Implement and test business logic ❖ Deploy application & monitor performance
- 15. Let us head over to Anypoint Platform
- 16. 18 Demo 1: Build APIs following security standards Build new APIs from scratch Maxie API developer
- 17. 19 2: Manage and Secure APIs Manage APIs to consistent quality and security Dan API owner ❖ Proxy APIs built by developers ❖ Add security & SLA policies ❖ Manage & approve contracts ❖ Monitor services & diagnose issues ❖ Ensure specifications conform to governance standards
- 18. Let us head over to Anypoint Platform
- 19. Security and governance by default Start with a secure foundation Build on a platform with ISO 27001, SOC 1 & 2, HIPAA, PCI DSS and GDPR compliance Protect your deployment environments Enforce threat protection at each edge perimeter automatically using Anypoint Security Secure each service consistently Secure and manage any individual API, groups of APIs, or Kubernetes based microservices with API Manager and Anypoint Service Mesh Follow a zero-trust model by applying security in layers
- 20. ● Need for API Security ● What is zero trust security ● MuleSoft Anypoint Platform and it’s capabilities ● How to apply policies and achieve layered security Key Takeaways
- 21. Next Steps https://www.mulesoft.com Join the Community Watch us on LIVE on Twitch Try Anypoint Platform for free
- 22. Available on amazon.com and Packt Publication MuleSoft for Salesforce Developers Amazon: https://amzn.to/3KeI5kX
- 23. QnA? You can also reach out to us on for further queries https://www.mulesoft.com @sawantakshata02 /akshata-sawant-192a3a121
- 24. Thank you