Our respondents told us that securing data at rest posed fewer challenges than securing data in transit. Data at rest tended to be locked down with encryption and from there secure APIs operated on-top to pull, modify or insert data as required.
06. Encrypting data at rest
We found that large organisations grappled with how much data at rest to encrypt. One option is to encrypt all data at rest but for large organisations this creates a lot of overhead.
Instead of encrypting all their data, we found that our respondents tended to encrypt highly identifiable and highly sensitive data with tokenisation.
Classifying data clearly was commonly cited by our respondents as essential. Data classification outlines how and where data at rest should be stored. This may be on-premise data centres or in a public or private cloud.
Our respondents noted how important it is to stay on top of data classification during periods of digital transformation.
When businesses seek to develop new cuttingedge API functionalities which use data at rest in new ways, we found that this is a particularly high risk time when security errors can creep in.
To tackle this, organisations are turning to API management tools like Tyk’s full lifecycle API management platform to identify and address the most serious and prevalent security and governance flaws and vulnerabilities.
07. Securing data in transit
A key facet of our respondents’ digital strategies involves increasing the exposure of their APIs to the outside world. The leaders we spoke to were carefully considering how to securely manage data in transit to realise this aim.
Our respondents were routinely applying channel-level encryption with HyperText Transfer Protocol Secure (HTTPS), transport level security (TLS) and SSL Secure Sockets Layer. They were also increasingly intefed in exploring new ways to effectively encrypt data in transit.
Service mesh
Service mesh is a technology that was developed to manage communication between different parts of an application primarily in a distributed microservices architecture.
For large organisations, we identified a trend towards using service mesh to manage internal APIs, with an API management solution in place to manage external APIs. For smaller organisations, we found that service mesh is not always feasible as it can be challenging to build and maintain.
It is a technology that comes with a set of prerequisites:
- It needs to be embedded at both the code and infrastructure level
- It requires microservices architecture and Kubernetes
- As a niche technology, service mesh requires a highly skilled team
- As a technology that is evolving quickly, a dedicated team is needed to keep pace with the evolution of the technology and its iterations.
“It’s important to make sure that you’re identifying your data and then encrypting the right data. Otherwise you’re just creating a lot of overhead for yourself.”
BT