Industry Observations

Securing the APIs and Microservices Essential to Digital Transformation

microservices api

Last week, I happened upon an article on TMCnet.com that talked about Microservices and APIs, and how companies like AT&T, TIBCO, and BroadSoft are using these concepts to drive digital transformation.  According to the author, Paula Bernier, Microservices and APIs are driving “agility, flexibility, resiliency, and scalability” as these organizations not only look to build new functionality, but also drive to replace monolithic software with more modern architectures. 

After reading the article, I reflected on conversations I’ve had with some of WhiteHat’s customers recently about how Microservices and APIs are allowing them to achieve the level of transformation that’s required for businesses to succeed in the digital economy.   There are many examples I could give, but here are just a few:

  • One of our large insurance customers is driving disruptive technology solutions by opening up their APIs to developers.
  • A large West Coast finance customer is using Microservices and APIs to adopt a cloud-first mentality to provide more robust banking services to their customers.
  • Another customer leverages APIs to help bring life-saving diagnostic testing solutions to market faster to improve healthcare outcomes.
  • Here at WhiteHat, we use APIs and Microservices that allow us to deliver new capabilities to our customers on a weekly release cadence.

What customers are telling me is that the combination of Microservices and API is, in fact, the fabric of applications.  And applications are the foundation of our digital lives.  AT&T realizes it.  TIBCO realizes it.  BroadSoft realizes it.  Our customers realize it.  And we at WhiteHat realize it too! 

But this fabric needs to be protected from cybercrime, and right now, customers are struggling with how to do that.  Application Security Testing for APIs and Microservices requires a different approach.  You can’t simply point to an application and start scanning. 

For APIs, the biggest challenge is the discovery of the API operations.  Because there are no clear standards in the API space, customers struggle to maintain clear, concise, complete documentation, which hinders the ability to test the applications.  Our API solution discovers API operations, allowing customers to get full API scans with minimal set up effort.

For Microservices, we’ve created a licensing model that allows our customers to predictably purchase and consume the Static Application Security Testing capabilities they need to cover their expanding Microservices footprint.  Adoption of this approach has been explosive, and we foresee additional growth in the coming year. 

At WhiteHat, we believe that everyone has the right to live a safe digital life, but to do that, we have to secure not just the applications that drive our digital experiences, but also their essential building blocks:  APIs and Microservices.