apidays New York 2022 - Beyond API Regulations for Finance, Insurance, and Healthcare
July 27 & 28, 2022
API Data Protection in Gateways
Sonal Rattan, CTO at eXate
Peter Lancos, CEO at eXate
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
apidays New York 2022 - API Data Protection in Gateways, Sonal Rattan, eXate
1. w w w. e xa t e . c o m
API DATA PROTECTION IN GATEWAYS
2. 2022 SERIES OF EVENTS
New York
JULY
(HYBRID)
Australia
SEPTEMBER
(HYBRID)
Singapore
APRIL
(VIRTUAL)
Helsinki & North
MARCH
(VIRTUAL)
Paris
DECEMBER
(HYBRID)
London
OCTOBER
(HYBRID)
Hong Kong
AUGUST
(VIRTUAL)
JUNE (VIRTUAL)
India
MAY
(VIRTUAL)
APRIL (VIRTUAL)
Dubai & Middle East
JUNE
(VIRTUAL)
Check out our API Conferences
www.a pida ys .globa l
Want to talk at one of our conferences?
apidays.typeform.com/to/ILJeAaV8
3. Our vision is to be the
global standard for the
secure and trusted
exchange of data
PETER LANCOS
CEO & CO-FOUNDER
SONAL RATTAN
CTO & CO-FOUNDER
4. By 2025, less than 50%
of enterprise APIs will
be managed
Multimillion-dollar
security incidents
Privacy being the
differentiator
API security will be a key focus area for most organisations
API DATA SECURITY
5. Gartner: APIs are now
the most frequent attack vector
Data in Motion of organisations
had a security
incident involving
APIs
91%
APIs: FROM THE SOLUTION TO THE PROBLEM
6. of people would not do
business with a company
if they had concerns
about its data security
practices
87%
Regulatory Risk Reputation Risk
COVID has accelerated
the adoption of digital
technologies by 7 years
Pace of Digital
Transformation
of countries are demanding
protection for consumers and
have or are implementing Data
Protection and Privacy
Legislation
80%
Source: UNCTAD Source: McKinsey Source: Forbes
94% of companies provide Privacy Metrics to their Boards
Digital Risk
THE MACRO CONDITIONS DRIVING DATA PRIVACY
7. US DATA PRIVACY REGULATION AT A GLANCE
• US PRIVACY ACT OF 1974:
Rights and restrictions on data held by government agencies
• GRAMM-LEACH-BILILEY ACT (GBLA):
Protects financial nonpublic personal information
• HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)
Healthcare and health insurance personal data protection
• CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA)
Protects the personal information of those 12 and younger
US
PRIVACY
ACT
HIPAA GBLA COPPA
1974 1996 1999 2000
8. California Consumer
Privacy Act (CCPA)
Massachusetts Data
Privacy Law
Colorado Privacy Act
Connecticut Data Privacy
Act
Virginia Consumer Data
Protection Act
Utah Consumer Data
Protection Act
Michigan - Consumer Privacy
Act
New Jersey Disclosure and
Accountability Transparent
Act
Ohio Personal
Privacy Act
STATE DATA REGULATIONS
Statute/Bill In Legislative Process
- Signed
- Active Bills
- Inactive
9. Settles data breach suit for
$1.2 million
“Taking appropriate measures to safeguard clients’
personal information is not just part of a good
business model, it is the law.
This settlement should send a
clear message to companies that
skimp on data security as a cost-
saving measure.” - Acting
Attorney General Matthew Platkin
DATA PROTECTION IS LAW
10. YOU ALSO NEED TO CONTROL WHAT
THE DATA IS BEING USED FOR
Twitter will pay a $150 million penalty for data
privacy misrepresentations:
• In 2019, Twitter admitted to using users' phone numbers,
which were submitted in order to enable two-step
verification, for advertising purposes.
• This violated both EU and US laws.
11. How do you make the your API
programs scalable without
exposing the organisation to
greater risk?
Are your API consumers and
producers compliant with all
global data distribution
regulations?
Do you know who is accessing
data and why?
DEMAND FOR
DATA
1
2
3
5
Are you having to create
different APIs or Interfaces to
service different access
patterns?
DIGITAL INITIATIVES ARE INCEASING THE DEMAND FOR DATA ACCESS
13. API Gateway
US Partners SaaS Products
UK Customers Cloud Services
EU Accounts
Accounts Customer
US Customer
Order Balance
EU Customer
LUX Accounts
…AND IT BECOMES POPULAR…
15. API Consumer
API Producer
API Gateway
Data Governance & Compliance
Data Governance & Compliance
WHAT IF YOUR GATEWAY SOLVED THIS?
16. US Partners SaaS Products
UK Customers Cloud Services
Accounts Customer Order Balance
API Gateway
Data Governance & Compliance
Data Governance & Compliance
SET THE PATTERN, SIMPLIFY, RE-USE
17. Locate and classify your API
traffic
Fast
Continually test for risks
during the life cycle
Test
Automatically solve data risks
Solve
Learn about your data risks
Analyse
F.A.S.T
“By 2022, API abuses will move from an infrequent to the most frequent attack vector, resulting in data breaches for
enterprise web applications” - Mark O’Neill, Gartner
CONTINOUS DATA PRIVACY
19. Cost Reduction
API Data Protection Innovation
As and industry we recognise that we need to be able to be faster and easier to find and
consume data. This means being able to reuse data
By doing it at the gateways there are several benefits
THE FUTURE