Services communicate through APIs and since APIs are on the public internet, they are vulnerable to attacks. Organizations need tools that provide security and more visibility of their APIs.
In this episode of TFiR: Let’s Talk recorded at the KubeCon + CloudNativeCon in Detroit, Swapnil Bhartiya sits down with Viktor Gamov, Principal Developer Advocate at Kong, to discuss the current state of APIs and what Kong has in its pipeline of products and projects to help developers protect their APIs.
Key highlights of this video interview:
- KubeCon provides a great opportunity for people to share and discuss real-world use cases. Gamov focuses on how people are dealing with protecting their APIs and authorizing the right people. He explains how people also want to ensure the applications that run inside public clouds are also secure.
- Kong equips developers with the tools they need to protect their APIs against things like multiple requests. Gamov describes the Rate Limiting plugin, one of Kong’s most popular tools that prevents attacks.
- Security is very much a company culture issue as well as a technological one. Gamov says if you don’t track it, you cannot control it. Therefore, it is essential to enable users to integrate with different monitoring solutions.
- With Kong Gateway 3.0, they introduced the integration with open telemetry. It is built into the product and users can use it out-of-the-box and start monitoring Gateway overhead, services latency, spikes in traffic, etc.
- At the Kong Summit, they announced the Kong Incubator, a platform for adventurous users to contribute to and give feedback to some of the projects that Kong engineers are currently working on.
- Kong Incubator projects current in development projects are: Koko (Kong’s next-generation control plane that will simplify Gateway deployments), Gateway Operator (runs inside Kubernetes clusters and manages configuration changes and Kong upgrades), and WasmX (enables users to write WebAssembly packet filters and deploy them to Kong).