Driven by open data and information sharing initiatives, public sector IT assets are increasingly shared across organizational boundaries. This cross-domain information exchange facilitates better interdepartmental collaboration, simplifies access to mission-critical data and empowers governments to make better decisions.
Typically, a governmental organization will employ a cross-domain solution (CDS) to enforce security policies between disparate information systems residing at different classification levels. A CDS will have been certified and accredited to protect the domain from attack and to secure sensitive information from being leaked across classification boundaries.
However, traditional CDS solutions are seldom fully equipped to deal with the technologies and standards associated with the most cutting-edge information sharing projects. These projects require security solutions specifically designed to work with APIs, service oriented architecture (SOA), enterprise services buses (ESBs), XML, cloud computing and—increasingly—mobile apps.
In the private sector, cross-boundary information sharing can sometimes be addressed with a traditional firewall. In the government however, where classification domains are prevalent, the situation is complicated by the need for high-assurance guards, processes and policies as well as the requirement for compliance with strict regulatory requirements.
Therefore, today’s public sector information sharing projects need to retain the high-assurance of a conventional CDS but offload tasks associated with API, SOA, cloud and mobile to dedicated appliances optimized for standards like REST, JSON, SOAP, XML, SAML and OAuth. These appliances must conform to the strict security certifications required by government use cases.
Battle-tested in the most demanding environments, CA API Gateway delivers an exceptional range of security functionality for today’s cross-domain programs. CA Mobile API Gateway adds advanced functionality for the most innovative projects. The pre-integrated OAuth Toolkit simplifies the process of applying strong but user-friendly access management features.
CA API Gateway provides industry-standard security technology for integrations that span organizational boundaries. The CAs gateway technology has achieved high levels of security certification, including FIPS 140-2. In July 2014, CA API Gateway had its Common Criteria certification renewed, making it the only technology of its kind to achieve this “military-grade” security certification.
The CA family of API gateways delivers data security measures that include:
Securely open enterprise and cloud applications to mobile devices.
Simplify authentication and authorization for Web and mobile APIs.
Secure enterprise APIs for mobile, cloud and open Web.