Security Overview

 

Download the full data sheet here - Security Overview.pdf

With our best-in-class API management and distribution platform, we provide you a highly secure service that allows you to safely get to market quickly.

At Mashery, we realize that highly sensitive information introduces special challenges, as issues of privacy and security of information traversing the cloud come into play. We have therefore invested heavily in security across multiple fronts, allowing you to rest at ease and focus on your API development, not your network or management layer, to support your business growth. We have incorporated data security into all stages of our technology development, implementation, infrastructure, and ongoing management, in order to ensure that sensitive information is protected at all times. We welcome you to learn more about the unique aspects of Mashery’s security posture that differentiates it from other providers.

Platform Architecture and Features

Mashery has implemented many API administrative and technical controls with security and privacy in mind. Mashery’s distributed API platform features a number of key elements designed to support a data-sensitivity approach to security.

With our “secure API tagging” feature, you can identify API calls that may interact with sensitive data that you wish treated with extra care. When an API is tagged, it alerts our system and staff to enforce a number of controls designed to protect sensitive data. This gives you the flexibility to deploy both data sensitive and non-data-sensitive API calls on the same platform.

Our platform never stores sensitive information from tagged API calls as it traverses our systems, even temporarily, and does not inspect payloads. It automatically enforces SSL encryption to the inbound application for tagged calls, and similarly to your back-end systems. Real-time monitoring and rapid response to malformed call requests enable our platform to provide alerts of attacks directed at the API. As a result, your own systems are protected from exposure to data-related breaches.

Software Development Life Cycle

Our software development process incorporates security in every stage of design from planningto implementation.

Mashery developers are trained in secure coding techniques and avoidance of potential hazards in software development. Such training goes beyond the generic, and is performed in conjunction with a code review, allowing our developers to gain valuable insight about our code base. Our code review process ensures that no segment of code enters the application without being examined for security best practices. Our change control process ensures that changes go through a rigorous testing process before being deployed. We check for security, reliability and ability to withstand production loads. 

Every new feature is examined during the design phase and throughout the SDLC, and evaluated for risk to platform and data. Our annual risk assessment further ensures that we continually examine and improve upon our security posture.