Attacks on government IT systems are on the increase. With so much sensitive data and functionality at risk, the threat of cyber-attack is a serious national security concern for governments around the world. Meanwhile, driven by open data and information sharing initiatives, the very systems that are at risk are increasingly exposed for use across organizational boundaries.
To prevent cyber-attack in the open data age, governments need ways to secure IT systems that use technologies like service oriented architecture (SOA), XML and—increasingly—RESTful APIs to enable interoperability across agencies and out into the cloud. The types of systems conventionally used to secure public sector IT have not kept pace with these technologies.
Traditional cyber security solutions are too narrowly focused to be effective in an age where data constantly crosses organizational boundaries. With these solutions becoming effectively obsolete in the context of ever-growing threats, it is clear that a new approach to government cyber security is required—one that focuses on APIs and other information sharing interfaces.
It is no longer enough to apply cryptography, firewalls, access management and auditing on an as-needed basis. What is required is a more centralized, policy-based approach, which makes it possible to consistently secure architectures that use APIs and other interfaces to span organizational and geographical boundaries.
API gateways are ideally situated to fulfill this role. An API gateway acts as a policy enforcement point for applying cryptography, auditing and other measures widely and consistently. Furthermore, API gateways are specifically designed to enable secure interoperable data sharing architectures and to protect against Web and API-level threats.
CA API Gateway provides extremely strong security for SOA Web services, RESTful APIs and cloud-based integrations. The CA API security technology has a proven history of success and is used by leading organizations across the public and private sectors.
CA API Gateway has achieved high-levels of security certification, including FIPS 140-2. In July 2014, CA API Gateway had its Common Criteria certification renewed, making it the only technology of its kind to achieve this “military-grade” security certification.
CA API Gateway continues to deliver industry-standard data security measures, including:
Deploy a SOA Gateway as a lightweight alternative to a conventional ESB.
Integrate a cross-domain solution with an XML firewall for SOA security in government.
Understand the role of identity management in public sector information sharing.