Home
Solutions
How It Works
Blog
Differentiators
Terms of service
About
Privacy Policies
SolutionsHow It WorksUnique FeaturesProductBlog
Contact us

Articles about

API Security

Small, Fast-moving Targets

Containerized workloads are the basic building blocks of modern day applications and services. And Application Programming Interfaces (APIs) are the code that stitches the workloads together to build a scalable application or business process. They are attractive targets for sophisticated adversaries that have time and skill to bypass traditional perimeter defenses and gain access to enterprise resources such as workloads, then they can easily move laterally and attack APIs. A moving-target defense (MTD) is a great strategy for protecting sensitive workloads and data. This article describes three components of an MTD for containerized workloads and data.

Tom McNamara

October 12, 2022

A Moving Target Defense for the Cloud

Moving business services to the cloud offers enterprises significant benefits, but it include some big risks and challenges for security and data privacy, too. The marketplace offers many solutions for protecting business systems and data, but many of them were built before the cloud when the systems and data were on-premises. Data on cyber attacks to the software supply chain and APIs indicates that traditional solutions aren't performing too well in the Cloud. A "lift-and-shift" approach to digital transformation won't work and may be very costly. Operating in the cloud requires new thinking about security and a moving target defense is a great "cloud-native" security strategy to consider.

Tom McNamara

October 12, 2022

Four Dilemmas of Keeping Secrets

Secrets are essential to security in cloud operations. Digital Transformation, new cloud and software architectures, and new technologies such as docker and kubernetes are producing an explosion of secrets and APIs. The secrets and APIs are a popular vulnerability path for data theft. The conventional options to manage secrets for humans and monolithic apps in a data center cannot meet the scale, reach, speed, and protection needed in the cloud. In fact, they create four dilemmas for enterprise security and risk professionals: Secrets Chaining, Secrets Leakage, Machine Secrets, and Secrets Injection. In addition to describing the how and why behind each of these secrets dilemmas, the article also presents three principles to solve all four dilemmas with a single innovative approach.

Tom McNamara

October 12, 2022

Vanishing Secrets

Not all secrets need persistence and storage. There are times when encryption secrets can be ephemeral. It's been estimated that 80% of Internet traffic is due to APIs, and nearly every API requires a secret to prove identity and establish trust of the machine making a request. These secrets should be vaulted if they're static. But this requires yet another API and more secrets. We think ephemeral secrets are a better choice for APIs and we invented a novel approach to create secrets that vanish and don't need to be stored.

Tom McNamara

October 12, 2022

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SolutionsHow It WorksUnique FeaturesProductBlogContact usAboutPrivacy policiesTerms of service
Strengthen API ProtectionXTRA ProtectionSecurity

Never Miss Updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Hopr provides a moving target defense that protects workloads, APIs, and the data they exchange.

Our solutions perform in real time and in all cloud environments (on-premises, commercial, and hybrid).
copyright 2021-2022 | hopr corporation