Informatica Customer Story:
Tackling API Sprawl, Head on.
Here at Traceable, we have the privilege of working with some of the most innovative, API-driven companies in the world. Informatica, a large enterprise software development company headquartered in Silicon Valley, is no exception. In this blog, we summarize Informatica’s journey with Traceable, and provide highlights about how they were able to quickly discover and secure thousands of APIs in multiple cloud environments, while also bridging the gap between developers and security engineers.
For Informatica, the rapid development of APIs was causing what is becoming a well known phenomenon across many enterprise organizations – API sprawl. API sprawl is a situation in which the company has way too many APIs of too many different kinds, in too many different locations. This can make it nearly impossible to get a proper handle on them. When organizations need to rapidly develop APIs in order to service their customers, this can become a huge problem very quickly. You simply can’t secure what you can’t see.
Highlights from the Informatica Case Study
60+ FTE hours saved weekly
70% greater visibility of APIs
100k/year dollars saved by eliminating security development costs
Deployment spanned into multiple cloud environments – AWS, Azure and Google Cloud
Now, we don’t have to worry about sending that data to our log management system. We can rely on Traceable to help us find API abuse and bad actors while also giving us an API catalog spanning all three of our clouds and both of our environments.”
– Pathik Patel, Head of Cloud Security, Informatica
End-to-End API Security with Traceable
To solve for API sprawl, Informatica needed an end-to-end API security solution that included API discovery and the ability to identify sensitive data flows to prevent the possibility of sensitive data exfiltration. Suffering from not only API sprawl, but also friction between their developers and security engineers, Informatica sought a solution that would create a frictionless experience while solving for their API Security requirements.
A convoluted toolchain is often the result of disparate departments seeking out point solutions to their immediate needs. In the case of Security Engineers, the resulting solution is historically used by their department exclusively. These discrete tools create an ever increasing burden on Security Engineers, and may also inadvertently increase the burden on Developers.
Developers, suffering from both multi toolchain alone and technical debt, have little time to spare to resolve issues that arise based on the point solutions brought in by other departments.
“Security engineers and developers are often in a friction mode,” Pathik Patel, Cloud Security Manager at Informatica, points out. Applications that are negatively affected by firewall protections create a frustrating user experience, and one that is difficult for developers to pinpoint. Ultimately, it’s the developers who are in the hot-seat. Security solutions such as web application firewalls (WAFs) often introduce new challenges and bottlenecks that are experienced by the end-user and require remediation by the Developers. Patel says that “WAFs are put in between an application and its users, and are often operating in ways not transparent to developers. When it causes slowdowns or bottlenecks, these issues will fall to developers to identify and resolve.”
The industry need for API security solutions that bridge the gap between Dev and Sec has found little relief – point solutions typically address the needs of one team, but not both.
Additionally, traditional security measures such as WAFs are not the solution they once were considered to be. With the global use of APIs exponentially increasing year over year, WAFs do not adequately secure your data – not only are they are not identifying the true security issues that abound thanks to API sprawl and management struggles, but they are also simply insufficient measures against API data exfiltration and vulnerability. As outlined in this case study, for comprehensive security over the flow of data, many organizations require an API Security and Protection solution.
The Bottom Line
Traceable’s API Security solution offers the insight that Security Engineers teams need to properly secure their API data flows and to catalog APIs, but the right API security solution also creates a rare opportunity: a platform for Developers and Security Engineers to work together.
Traceable’s API security platform provides a dashboard that supports frictionless collaboration and communication between multiple teams – development, security and compliance. The Informatica cloud security team found that, prior to adopting Traceable, solutions brought by the Security Engineers often frustrated Developers. Patel says that “many times, security engineers would identify a new tool that provided security value. But developers found it to be a bothersome tool, and they would not support it, and this causes friction.” Patel says that “Traceable provides a platform where Developers and Security Engineers can work together, creating a bridge between the developers and security engineers.”
When the Cloud Security team at Informatica presented Traceable to their developers, the developers felt “quite happy that Traceable has 2 different modules, one for the web server and one for the agent.” Based on this, Patel says they found the deployment simple, and deployed Traceable quickly: “Deployment was easy. That was positive for our security engineers, because typically security engineers suffer many cycles in determining how to deploy new software. Traceable keeps the development team happy.”
Traceable is the industry’s leading API security platform that identifies and tests APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient. Learn more at traceable.ai.