News KrakenD EE v2.8 released: Configurable logging, Redis-backed rate limits, Lua, YAML encoding and more

Tutorials & How-TosSecurity

3 min read

Securing Your Microservices and APIs: The KrakenD Way

by Albert Garcia

post image

In today’s world, where everything is going digital, we can’t overemphasize the importance of keeping your APIs and microservices safe. Cyber threats are an everyday reality, and they don’t care how big or complex your infrastructure is. They just want a way in. This is where KrakenD, a leading API gateway company, steps in. We’ve got your back with our robust solution, built around a zero-trust policy, OWASP guidelines, and a bunch of other cool stuff to bolster your API security.

The Importance of API Security

APIs act as the gateways to your microservices, making them potential points of attack. Real-world API deployments face daily threats, even if unnoticed. Thus, API security should be a top priority in your software architecture design. With the rise in microservice architecture, the number of APIs has increased exponentially, amplifying potential attack vectors.

A Paradigm Shift: Zero Trust Policy

Traditional security models assumed a secure network perimeter. However, this approach is becoming obsolete. With the proliferation of remote work, cloud computing, and BYOD policies, the secure perimeter is dissolving. This is where the concept of zero trust comes into play. Zero trust is an architectural design choice that denies by default unless explicitly allowed, verifying all requests, regardless of origin.

KrakenD incorporates the Zero Trust security model into its API gateway, evaluating and enforcing rules based on three pillars:

  1. Explicit declaration: There should be no pass parameters, headers, or query strings unless explicitly declared.
  2. Principle of least authority (PoLA): Only essential privileges are assigned to users for their intended function.
  3. Assume breach: Expect that users’ credentials might be stolen and servers compromised. This drives efforts to minimize the attack surface by segmenting access and using end-to-end encryption.

OWASP Recommendations and HTTP Security

KrakenD adheres to the Open Web Application Security Project (OWASP) recommendations, implementing multiple security strategies to prevent potential threats like Clickjacking, MIME-Sniffing, and Cross-Site Scripting. It incorporates a host of HTTP security measures including, but not limited to, restricting connections by host, enforcing HTTPS, and OAuth2.

Robust Authentication and Authorization

Authentication and authorization form the backbone of API security. KrakenD offers a comprehensive suite of authentication and authorization options based on JSON Web Tokens (JWT), API keys, and Basic Auth. JWT is an industry standard to securely represent claims between two parties. In the KrakenD ecosystem, when JWT shields a set of endpoints, requests to the API gateway must provide a token.

Securing Connectivity

KrakenD offers secure connectivity between the gateway and the backends using mutual TLS (mTLS), OAuth2, and custom authentication for Google Cloud Storage (GCS) or NTLM, among others.

Autonomy and Data Privacy

With a stateless design, declarative config file, and no external dependencies, KrakenD operates autonomously, ensuring maximum data privacy and easing compliance.

Powerful Security Policies

KrakenD’s powerful Security Policies engine allows the implementation of various validations and user access control, from parameter compliance to Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) strategies.

KrakenD: An Open Source, Community-Driven Product

Being open source, KrakenD benefits from a vibrant, collaborative community. It’s battle-tested software, with more than 2 million servers running each month, ensuring its reliability and robustness. The KrakenD Enterprise Edition, built atop the Community Edition, enjoys these benefits, enhancing its feature set and support.

KrakenD’s Commitment to Security

KrakenD is a CVE Numbering Authority, authorized to assign CVE Identifiers to vulnerabilities affecting products within its distinct area of responsibility. This showcases its commitment to security and dedication to providing a secure environment for its users.

In conclusion, KrakenD API Gateway provides a secure, reliable, and efficient solution for managing and securing APIs in a microservices architecture. It is a robust tool equipped to meet the complex demands of today’s digital environment, with a focus on a zero-trust policy, robust authentication, and adherence to OWASP recommendations.

Scarf

Stay up to date with KrakenD releases and important updates