The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
This blog and video were co-created by David La Motta (Kong), Ross McDonald (Kong) and Alex Dworjan (Red Hat). Murphy's Law “Anything that can go wrong will go wrong.” To us mortals, that means we should try to prepare for the worst and hope for the best. Disaster Recovery (DR) is crucial to every…
[](/blog/engineering/ansible-automation-platform)
As APIs and microservices evolve, the architecture used to secure these resources must also mature. Utilizing a token-based architecture to protect APIs is a robust, secure and scalable approach, and it is also much safer than API keys or basic authentication. However, token-based architecture…
[](/blog/engineering/token-based-access-control)
Automating digital transformation API deployments can help speed time to market and minimize the resources required for the deployments — if developers can be assured that the automated process meets all necessary security requirements. It's a topic that Kong Senior CustomerExperience Manager Peggy…
[](/blog/enterprise/innovation-security-automation)
As more and more companies move to a multi-cloud strategy and increase usage of a cloud native infrastructure , API providers are under a lot of pressure to deliver APIs at scale in multi-cloud environments. At the same time, APIs should follow each company's security requirements and best…
[](/blog/engineering/api-authorization)
For the DevOps-averse developer, lambdas are heaven. They can focus on writing self-contained and modularized pieces of code, deploying these functions for on-demand execution without being concerned about resource management or infrastructure. Lambda execution , however, can be tricky. Serverless…
[](/blog/engineering/steps-for-aws-lambda-plugin-serverless-security)
Application Programming Interfaces (APIs) and microservices are the foundational pillars of digital transformation initiatives. They simplify the development process for our technology teams, enabling them to innovate faster, increase customer engagement and boost business agility. However, while…
[](/blog/enterprise/minimizing-security-risks-apis-microservices)
In our last Kong and Okta tutorial, we will implement a basic access control policy based on Okta’s groups and planes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 3…
[](/blog/engineering/access-control-policies)
In our third Kong and Okta tutorial, we'll go through the introspection flow implementation. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 4 cover: [iframe loading="lazy"…
[](/blog/engineering/introspection-flow-konnect-okta)
The demand for digital transformation has accelerated, with 62% of technology leaders sharing that they fear they are at risk of being displaced by competitors who innovate more quickly. Enterprises are increasingly transitioning from monolithic to microservices architecture, with the goal to…
[](/blog/enterprise/security-plan-microservices-applications)
President Biden issued an " Executive Order on Improving the Nation's Cybersecurity " (Executive Order 14028) as of May 12, 2021. The order includes numerous actions and mandates to confront the dangers of cyber attacks that are increasing in frequency and sophistication. Cybersecurity has real and…
[](/blog/enterprise/executive-order-14028-cybersecurity-mandate-zero-trust-architecture)
This tutorial will walk through a common use case for the Kong Gateway Key Authentication plugin : using API key authentication to protect a route to an API server endpoint. It’s a simple use case, but it will give you the foundation to deploy and configure the plugin for your own unique project…
[](/blog/engineering/kong-gateway-key-authentication)
Fastly's next-gen WAF (formerly Signal Sciences ) integrates with Kong Konnect to block malicious requests to your services. Kong Gateway provides a robust and secure enterprise API management platform to front web traffic. In partnership, Fastly focuses on Layer 7 application security for that…
[](/blog/engineering/kong-konnect-fastly)
The concept of zero-trust security is relatively simple. In essence, no entity or system should have trust by default. You should assume that any system you are talking to is not trustworthy until you establish otherwise. Within Kong Konnect , one mechanism to apply zero-trust is the OpenID Connect…
[](/blog/engineering/openid-connect-api-gateway)
Imagine you're going through immigration at the airport. The immigration officer says, "I don't need your passport because I trust that you are who you claim to be." Wait, what? That would never happen, right? That's because trust is exploitable. Sooner or later, somebody will try to lie about who…
[](/blog/engineering/zero-trust-service-mesh-security)
Transitioning to microservices has many advantages for teams building large applications that must accelerate the pace of innovation, deployments and time to market. It also provides them the opportunity to secure their applications and services better than they did with monolithic codebases.…
[](/blog/enterprise/the-importance-of-zero-trust-security-when-making-the-microservices-move)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.