Product vs toolkit: API and IAM security

Marketing departments are great at capitalising on the latest industry trends. Whether it's slapping the ‘cloud’ badge onto their product or putting ‘security’ in their verbiage to appease their customers, it is a common marketing approach to reposition a product in a way that will improve sales. In the current era of conglomerate-acquired technologies, large-scale marketing departments will pay top dollar to get air cover from analysts (such as paying for a dot on the Gartner Magic Quadrant) to claim universal capabilities in niche market segments. The term ‘security’ when used in the context of application programming interface (API) and identity access management (IAM) solutions doesn't always mean what you might expect. Many frameworks aimed at these areas are often little more than increasingly large collections of features built on a baseline that is inherently insecure, argues Jason Macy of Forum Systems. Security products are built with a locked-down architecture with self-integrity checks to ensure that the product itself cannot be compromised. And the two functions are being combined in technology known as an API security gateway. © 2019 Elsevier Ltd