What's the most dangerous part of your enterprise? How about your developer's desktop? There are few things with more ability to negatively or positively impact your enterprise security than developers. Infosec must empower them with knowledge and security tools they need to get the job done. Intel is rolling out integration with Mashery for enhanced API security management. Why is this a big deal? Back in February I did a Security > 140 Conversation with Craig Burton (emphasis added):
GP: Your work on the API economy has many implications, as a security guy I am particularly interested in the security and identity bits. What do you think changes in the security architect's world when they're defending an API (and the data and functionality behind it) versus normal IT Security defending an enterprise?
CB: I think the biggest change is in the area of token and key management. If an organization wants to make sure that its API(s) are not being abused, well managed keys and tokens are essential. Managing developer's with keys is probably not something most organizations have ever done. This will be new and will require focus, education and vigilance. This is why finding the right partner for managing an API or API suite is essential.
The dichotomy of purpose is also going to be a challenge. In the enterprise, the job is to plug any and all holes as much as possible.
In an API economy, it is essential to have elegant managed access to core competency.
This is not only a technical challenge with keys and tokens, but a political and position challenge that goes against the grain of the past.
Web services gateways started to gain steam with SOA, SOAP and the like, but Gateways are vital today. They play a fundamental role in Cloud and Mobile security. We can expect that the security capabilities will be there for most products, but equally important is how they are able to empower developers to get the job done.