This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Data Confidentiality / Privacy

Posted on 02-20-2018 10:56 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello Apigee Community

One of our client has raised concerns that their data is confidential and they don't want it to go through an external API Gateway.

Since we provide Apigee with the certificate (including private key) in a keystore. I imagine that you can analyze and decrypt the entire communication. Not just headers etc.
Does this question arise frequently and do you have any documentation we could refer our client to, to reassure them that their data is dealt with carefully.

I would like to know what Apigee does to ensure

a) to keep our transferred data safe

b) what you do so that nobody can access the content of the data transferred through your system, despite you having the keystore

----

We only have a few API's and not that high volume traffic – based on our current usage running Apigee on premise doesn't seem like a viable solution.

Solved Solved
0 1 355
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Roland , Welcome to Apigee Community !!

You can safely use Public cloud to host your APIs just like other Apigee customers including large banks, financial institutions, telcos etc who trust Apigee to expose their APIs. As you know, Apigee is part of Google Cloud where security is critical just like any other Google product that billions use through out the world.

Regarding, Private Keys, They are encrypted with strong cryptographic algorithms at rest. Apigee personal can't read this information directly by accessing cassandra.

Regarding, Transferred data safe, We don't capture any API Request / Response data that is transferred through Apigee Edge Platform. Only meta info of APIs like API Latency, #Traffic etc captured for API Analytics purpose.

Apigee also provides data masking functionality for APIs to restrict visibility of data during trace / debug. You can control who can access your API Management platform with defined roles & permissions.

Hope it helps. Keep us posted if any.

@jwyatt FYI..

-------------------------------

Anil Sagar

5997-screen-shot-2017-11-23-at-75916-pm.png Learn Apigee Concepts in 4 Minutes HandsOn

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Roland , Welcome to Apigee Community !!

You can safely use Public cloud to host your APIs just like other Apigee customers including large banks, financial institutions, telcos etc who trust Apigee to expose their APIs. As you know, Apigee is part of Google Cloud where security is critical just like any other Google product that billions use through out the world.

Regarding, Private Keys, They are encrypted with strong cryptographic algorithms at rest. Apigee personal can't read this information directly by accessing cassandra.

Regarding, Transferred data safe, We don't capture any API Request / Response data that is transferred through Apigee Edge Platform. Only meta info of APIs like API Latency, #Traffic etc captured for API Analytics purpose.

Apigee also provides data masking functionality for APIs to restrict visibility of data during trace / debug. You can control who can access your API Management platform with defined roles & permissions.

Hope it helps. Keep us posted if any.

@jwyatt FYI..

-------------------------------

Anil Sagar

5997-screen-shot-2017-11-23-at-75916-pm.png Learn Apigee Concepts in 4 Minutes HandsOn

Jump to Solution