The present invention relates to managing data at a system interface level, and more particularly to policy-based management of sensitive data.
Application programming interfaces (APIs) are driving innovation by unlocking data that used to reside in systems protected behind corporate firewalls. The new API economy is changing the way organizations build web applications and mobile applications. Combined with a push towards the Internet of Things (IoT), the world is experiencing a rapid expansion of API usage, where the APIs are increasingly richer and include both structured and unstructured data. The richness of these new APIs is making security control harder to implement and maintain. The drive toward rapid innovation also creates potential security breaches whereby sensitive data can be leaked unintentionally through unstructured data. Traditional security models are not well-adapted to detecting these types of breaches. The traditional security models rely on declarative or static control and the responsibility falls on the developers and administrators to properly define data security rules. Software delivery cycles are increasingly reduced, which leads to a risk that new releases of APIs introduce breaches through exposition of sensitive data, thereby transitioning the core benefit of APIs into a liability.