APIs are a reach multiplier. They can make data and applications programmatically accessible across the extended enterprise or the wider Internet. By making data and application functionality open, they have transformed how programmers and machines access information. Gone are the days of monolithic applications with dedicated data sources. Today APIs enable application functionality to be broken into atomic micro-services that can reused across different business processes, on-demand. Simultaneously they have freed data access from any infrastructure or protocol dependency making information io (input output) both universal and flexible.
Identity APIs, A Brief History
In the world of identity, APIs have played several important roles to date. Firstly, they have simplified integration to and from identity services like authentication or login management thus eliminating the need for cumbersome agents. Secondly, they have eased the orchestration of various Identity and Access Management (IAM) services amongst one another so that one login management service can be integrated with another authentication services in mix and match fashion. Thirdly, and perhaps most importantly, they have upended how user credentials can be accessed and consumed from a central credential store or vault. APIs have made access to credentials easier to engineer while simultaneously isolating the underlying credential store from direct access making audit and security more tractable. These so called “attribute” services enabled the idea of access-as-a-service while simplifying developer access to critical identity data.
Privacy By Design: Architecting Identity Data Protection
If personal data protection and privacy is to be looked upon as an identity data problem, then it’s easy to see a possible parallel between the role of APIs in IAM and Identity Data Management. Firstly, APIs afford the potential to scan data sources without cumbersome agents. BigID’s data protection and privacy software does just that. That means data sources can be analyzed without expensive integration and new data sources or applications can be easily instrumented via the BigID connector API.
Secondly, orchestration between data protection and privacy services can be greatly simplified. Already invested in an encryption or tokenization product? No problem. The output findings from BigID can be programmatically used as input to an existing API enforcement tool. In API-first cloud services like AWS this means that any granularity of data enforcement can be easily orchestrated from location, access and risk findings made by BigID.
A Future of Identity Data Services
Thirdly, developer and application access to identity data can be greatly simplified and secured through the use of BigID’s data access API abstraction layer. Attribute services regulate developer and application access to credentials. BigID takes it one step further providing a central place to access and integrate identity data in all its permutations and distributions. Using BigID organizations can centralize the programmatic access management of identity data access while simultaneously tracking when, where and how developers consumer the sensitive data. In addition to bringing order to a typically disorderly process it also helps secure all the sensitive data stores by isolating them from the outside except for the single interface. For organizations looking to protect and assure the privacy of their identity data, isolation helps establish an effective moat with only a single drawbridge in — privacy by design. So while BigID’s identity data APIs provides a springboard to identity data as-a-service, it simultaneously promotes a future of enhanced identity data protection and privacy.