Shine a Light on Shadow APIs Lurking in Your IT Infrastructure
Discover and manage shadow APIs with Konnect Service Catalog, a single source of truth for all your services and APIs
The service catalog is an essential tool that all organizations invested in effective IT management should own and maintain. Without an up-to-date system of record of all services and APIs, organizations run the risk of having what we call “Shadow APIs” — or APIs that are undiscovered, unmanaged, and pose significant security risks to the entire company.
So, why is gaining visibility into these services and APIs such a big deal?
Among the tens of thousands of API endpoints that might be running in an organization’s infrastructure, every single one can be thought of as a unique attack vector, especially if left unprotected without authentication, authorization, and rate limiting.
According to Security Magazine, over 50% of organizations experienced at least one API-related breach in the last year, a reflection of how difficult it is to ensure API security at scale. And it looks as if the trend will only increase. Kong forecasts the number of annual API attacks will grow 548% by 2030.
In addition, API deployments have noticeably increased in complexity over the last several years. As organizations continue to break down their monolith, they’ve struggled to deal with a variety of API implementations — REST, GraphQL, gRPG, to name a few — across both hybrid and multi-cloud environments.
Finally, APIs can be expensive liabilities when left unmanaged. ITIC found that a staggering 81% of organizations reported that experiencing just one hour of unplanned API downtime often costs them upwards of $300,000.
Enter the service catalog!
We know APIs are mission critical. So, what exactly can organizations like yours do to protect themselves? It may be worth your time to invest in a service catalog.
An effective service catalog serves as an all-encompassing repository for an organization’s services and APIs. Managing and maintaining this asset can have tremendous benefits across different teams.
For example, the service catalog not only provides Platform Teams with the ability to retroactively secure existing APIs, but also enables them to proactively enforce rules and regulations, so that moving forward, newly-created APIs are properly governed as well.
The service catalog also has the potential to boost developer productivity across Application Teams. This tool is meant to aggregate dispersed information about an organization’s services: their code repositories, CI/CD pipelines, dependency trees, API specs, documentation files, lists of recent incidents, and so on. The ability to search across the entire catalog and view a quick 360 summary on any given entry can improve Application Teams’ productivity across a variety of use cases — identifying upstream/downstream dependencies when triaging incidents, and leveraging existing code to save development time, just to name a couple.
The Konnect Service Catalog is now available in Public Beta
Our team at Kong has been working diligently to deliver a product that thoughtfully addresses all the points described above, and more.
Today, we're excited to announce that the Konnect Service Catalog (or simply, “Service Catalog”) is now available in Public Beta!
Comprehensive visibility to help secure the entire service and API ecosystem
Out of the box, Service Catalog comes with pre-built integrations designed to identify live services and APIs running in an organization's infrastructure. Service Catalog’s discovery engine ingests these services and APIs from sources such as Kong Gateway and Kong Mesh — with more to come soon, such as Kubernetes, Apigee, and AWS Lambda.
Leverage the Traceable integration to discover and manage “Shadow APIs” in your infrastructure
We’re also thrilled to announce that we’ve joined forces with our Premium Technology Partner, Traceable AI — an API security and observability platform that empowers Platform Teams to discover "Shadow APIs" at the kernel level through its formidable array of discovery mechanisms, including bleeding-edge eBPF technology. By integrating Traceable and Service Catalog, we're able to transport previously undiscovered services into the Kong Konnect ecosystem.
Once these services are ingested into Konnect, users can begin protecting their related APIs by configuring Kong Gateway to serve as a reverse proxy. From here, authentication, authorization, and rate limiting can easily be enforced via Kong Plugins. The end result is that joint customers of both Kong and Traceable have a slick end-to-end experience whereby they can easily identify and subsequently mitigate risky APIs that exist in their infrastructure.
This combined solution ensures you can confidently secure your entire API and service ecosystem, reducing the risk of data breaches and other security incidents.
Boost developer productivity with a 360-degree view
Service Catalog aggregates critical information from systems like PagerDuty and Datadog — with upcoming support for Jira, Slack, Snyk, and SonarQube — into a single, comprehensive view. Its integrations with various observability, incident management, and issue tracking systems mean that Application Teams can have a unified interface whereby they can easily search for all services in the organization across different dimensions: by team owner, engineering department, Jira board, and Slack channel. Without leaving the Service Catalog UI, they're able to view more details about a given service: upstream/downstream dependencies, API specs, and documentation files.
Having this information accessible at their fingertips allows Application Teams to be more productive in their day-to-day activities, including when identifying the root cause of a recent service failure or when searching for the API of an existing service that they might want to integrate with.
Coming soon: Enforce policy and governance with Scorecards
Ensuring that all teams across an organization adhere to the company’s maturity standards and industry-defined best practices can be challenging initiatives to drive for Platform Teams, especially those who work at large enterprises. These initiatives typically involve kicking off huge cross-functional processes spanning multiple teams, each with its own cultures, timelines, and priorities. Given both its breadth and depth of understanding of an organization’s service ecosystem, Service Catalog is well-positioned to solve this problem for Platform Teams.
By codifying these guidelines, represented in the form of a Scorecard, Platform Teams are able to identify which services fail to adhere to their custom-defined standards and industry best practices. They're then able to view a list of service owners whom they should follow up with to implement change. Ultimately, Service Catalog’s Scorecards feature imparts Platform Teams with confidence when quantitatively tracking improvement in company-wide compliance.
Here are some examples of criteria that a Platform Team can embed into their Scorecards:
- All Kong Gateways have the OIDC plugin installed
- All Kong Meshes have mTLS enabled
- All API specs must be properly linted
- All GitHub repositories must have 5 or fewer open pull requests
- All PagerDuty services must have 2 or fewer incidents triggered in the last 7 days
- All Datadog monitors are configured and enabled
And much more!
Secure and control your API infrastructure today
Take control of your API infrastructure with Service Catalog today! Check it out, either by logging into Kong Konnect or by registering to get started in Kong Konnect Plus.
Want to learn more? It's not too late to register for API Summit where we’ll discuss all things Service Catalog with Traceable. Or, dig into Service Catalog’s documentation for more technical details.
If you have any questions about Service Catalog or API Summit, reach out to us at konnect-feedback@konghq.com.
As you explore Service Catalog, don’t forget to vote for which Integrations you’re most looking forward to!