Apigee Launches First PCI-Compliant API Management Solution in the Cloud

(December 6, 2010) Apigee, a leading provider of API products and services which was formerly known as Sonoa Systems, announced their PCI-compliant Enterprise API management solution in the cloud. APIs are key in IT today and there are several organization competing for the lead on API management like Mashery, 3scale, Stratus Security or WebServius.

The new offering by Apigee enables organizations to deliver API interfaces that can be quickly and securely deployed on a public cloud. Apigee claims that their Enterprise Cloud PCI is the only cloud-based API management tool on the market that supports full compliance with the Payment Card Industry Data Security Standard (PCI-DSS). “With Apigee, businesses can, for the first time, easily tap the vast, affordable compute resources of “the cloud” to support their transactional API traffic with the confidence that all sensitive customer data remains protected.” Other players in related fields like Layer 7 have also PCI-DSS compliance for their API security & management suite as well.

“To fully protect critical customer credit card information, there’s an increased focus on compliance, especially as more e-commerce services shift to cloud computing and APIs,” said Chet Kapoor, Apigee CEO. “But the extensive time and resources necessary to comply with industry regulations has prevented many forward-thinking retailers from extending their e-commerce strategies with APIs. The Apigee Enterprise Cloud API also protects and screens sensitive data flowing between an application and an API residing on a public cloud, so businesses can now confidently broaden their e-commerce network with transactional APIs.”

Businesses today are increasingly relying on APIs to enable the development of rich third-party applications that utilize their data and services. APIs help organizations reach customers across thousands of platforms through a network of apps, and increasingly, smart APIs are replacing websites as the conduit for commerce. However, due to the high cost and other challenges associated with building and supporting scalable, secure PCI-compliant APIs, the vast majority of APIs offered today are for catalog-type applications that enable viewing data, but not transacting with it.

PCI compliance is becoming increasingly important as credit cards are being used more often. APIs as the interface between many systems are therefore required to be PCI-compliant as well. The payments and transaction space is getting more crowded (fortunately) as many new start-ups are entering the market – see e.g. Square that we reported about earlier . We are glad to see Apigee taking the lead here.

The new Apigee Enterprise Cloud PCI solution is deployed in PCI-compliant data centers, where cardholder information is protected according to PCI DSS. With Apigee Enterprise Cloud PCI, enterprises can:

  • Quickly build and deploy a transactional API — in about a quarter of the time it would take to build it ‘from scratch’
  • Maintain PCI compliance and data protection of all API traffic, including encryption and masking for cardholder information, regardless of whether the API is deployed on-premise or in the cloud
  • For the first time, take advantage of the virtually limitless, on-demand compute resources of the cloud to dynamically scale APIs to meet traffic demands

For organizations that require on-premise solutions, Apigee Enterprise can also be deployed on site and delivers the same capabilities as Apigee Enterprise Cloud, while fitting into PCI-DSS compliant in-house deployments.