Software Defined Perimeter

  • 1.  API Gateway for access

    Posted Apr 13, 2021 07:22:00 AM
    Hello
    Can anyone tell me if an SDP controller can be configured as an API gateway or to allow API gateway services?
    Thanks

    ------------------------------
    Keith Patterson
    President
    Malpaso Consulting
    ------------------------------


  • 2.  RE: API Gateway for access

    Posted Apr 23, 2021 11:31:00 AM

    Hello Keith,

    Great question! @Juanita Koilpillai, @Shamun Mahmud, @John Yeoh, @Junaid Islam, or @Bob Flores can you help with this question?

    "Can anyone tell me if an SDP controller can be configured as an API gateway or to allow API gateway services?"

    ​​​​​​​​

    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    aschorr@cloudsecurityalliance.org
    ------------------------------

    Original Message


  • 3.  RE: API Gateway for access
    Best Answer

    Posted Apr 25, 2021 01:04:00 PM
    Hi Anna, Keith - interesting question - the answer is yes, with some caveats. 

    If we think about it - an SDP system can definitely handle access control to API endpoints - the SDP Gateway would be acting as a proxy for the actual API endpoint. Like all SDP connections, the Gateway needs to be SPA-protected, so that the calling agent (the Initiating Host) has the ability to generate a valid SPA packet prior to establishing the mTLS connection. Which means that the calling agents will need to be a properly onboarded Initiating Host. The benefits are that the SDP Gateway is securely hidden from unauthorized agents.

    (Note that your question asked about an SDP Controller, but actually the SDP Gateway is what's handling the data plane traffic, which is where these API calls would take place).


    ------------------------------
    Jason Garbis
    Co-Chair, SDP Zero Trust Working Group
    SVP Products, Appgate
    ------------------------------

    Original Message


  • 4.  RE: API Gateway for access

    Posted Apr 25, 2021 02:23:00 PM
    Thanks Jason. Appreciate it  very helpful. 




    Original Message


  • 5.  RE: API Gateway for access

    Posted Apr 26, 2021 05:07:00 AM
    Yes. It is the best way to implement the SDP Controller so that multiple endpoints can be assigned to share/receive data to/from other enterprise data sources. 


    ------------------------------
    Juanita Koilpillai
    CEO/Founder
    Waverley Labs
    ------------------------------

    Original Message


  • 6.  RE: API Gateway for access

    Posted Apr 26, 2021 07:08:00 AM
    Hi Keith,

    Yes, indeed an SDP Controller can be configured to provide access to API gateways.
    One option is to use SPA as mentioned by @Jason Garbis.
    Another option is to use a client-less SDP solution, some of them support REST based access, to the API based client, could send a REST token as the authentication request, and following validation of the REST token, access can be granted to the API server.
    Hope it makes sense.

    Eitan​

    ------------------------------
    Eitan Bremler
    Co-founder and VP Corporate Development
    Safe-T
    ------------------------------

    Original Message


  • 7.  RE: API Gateway for access

    Posted Apr 26, 2021 03:25:00 PM

    Thank you @Jason Garbis, @Juanita Koilpillai, and @Eitan Bremler! This was very helpful and interesting insight.

    Best,​​​



    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    aschorr@cloudsecurityalliance.org
    ------------------------------

    Original Message


  • 8.  RE: API Gateway for access

    Posted Apr 26, 2021 03:35:00 PM
    Yes thanks for all of the responses. Very helpful and appreciated. 





    Original Message