How Informatica obtained 90% visibility and total API protection

Download Case Study
INDUSTRY
Software & Technology
REGION
North America
Pathik Patel
Cloud Security Leader Informatica

As Head of Cloud Security, Pathik Patel develops the strategic and long-term goals to establish a risk-based approach, solving for security and compliance. Working with leadership to help understand business impact of cloud security challenges, Pathik leads a team of security engineering, security incident response, and compliance functions across 3 countries and is responsible for security control evaluation along with multiple compliance deployments/monitoring.

Executive Summary

Informatica is a top provider in enterprise and cloud data management that needed to solve for API sprawl and to gain visibility into sensitive data flows, and sought a consolidated API security platform to deliver API discovery and risk posture management and Threat Protection at enterprise scale.

The company identified the need for a solution that would support three clouds and two environments. “Informatica itself is a multi-cloud company. So, we are in AWS, Azure, and Google as of today. We needed a single tool that spans all three clouds, while integrating with both our Kubernetes (K8s) environment and legacy VM based environments.”

Informatica made adoption of an API Security platform a top priority to solve for these concerns.

Now, we don’t have to worry about sending that data to our log management system. We can rely on Traceable to help us find API abuse and bad actors while also giving us an API catalog spanning all three of our clouds and both our environments.

Case Study Highlights

Company

Informatica is an American software development company providing Enterprise Data Insights. Its core products include Enterprise Cloud Data Management and Data Integration.

With < 5,000 customers, 84 of which are Fortune 100, Informatica processes over 44 trillion transactions/month.

Challenge
  • Drastic API Sprawl meant security engineers could neither discover nor validate API changes or data flow in order to assess attack surface risk.
  • Solving for complex infrastructure across GCP, AWS, and Azure clouds along with legacy and K8s environments.
  • High cost of infrastructure and labor based on legacy WAF tools did not provide the security coverage needed for full API protection.
Results
  • 60+ FTE hours saved weekly
  • 70% greater API visibility
  • 100k/year security development costs saved

Life at Informatica Before Traceable

API sprawl: Struggling to maintain APIs

API sprawl creates complexity in securing and managing data for Informatica’s Cloud Security team. API data flow management blindness introduced risk in managing and securing their APIs. To solve for API sprawl and to gain visibility into sensitive data flows, Informatica sought a consolidated API security platform.

The security engineers were challenged with validating information, such as what changes have occurred in APIs, what assets we use, what data flows through those APIs, and how to immediately protect them.
Internal WAF solutions were cumbersome and inefficient

Facing the pains of managing their dynamic cloud security in an agile environment, the Informatica cloud security team developed makeshift methods using WAFs to gain visibility. However, the WAF approach was inefficient, expensive, and time-consuming: spending ~80 hours weekly.

According to Patel, “Covering the OWASP Top 10 using a SIEM tool was a labor intensive, needle-in-a-haystack situation. We have huge data sets coming in, our log monitoring system records roughly one terabyte of web application logs daily. It’s a labor pit.”

API catalog and protection across multi-cloud required

Informatica needed full API discovery and protection that would span three public clouds: AWS, Microsoft Azure, and Google Cloud Platform (GCP). According to Patel, “One of the major differentiating factors in favor of Traceable was the ability to support many different environments, rather than operating as a point solution. The ease of deployment across all the clouds and all the environments was a major selling point.”

Other API Security solutions fell short of the mark

Informatica evaluated Akamai, Radware, Imperva, Signal Sciences, and Traceable. The company determined Akamai only “informed them of external APIs and lacked detailed API intelligence.”. Imperva was an appliance based approach, and Patel found that it “is not a true SaaS experience.” AWS and Radware only offered point solutions, such as supporting only legacy environments or Kubernetes, or existing only in AWS. Said Patel, “Signal Sciences offered insufficient protection, with limited WAF coverage and zero API Protection.

Life After Deploying Traceable for complete API Security and Protection

Informatica now catalogs and protects their entire API infrastructure with unprecedented confidence and speed with Traceable’s API Catalog. Discovering all APIs, sensitive data flow, and enabling protection of data across multiple clouds from a variety of threats, Traceable’s API discovery and attack protection are key to not only understanding their API risk and evaluating their attack surface – but also to ascertain the scope of data usage across three clouds.

Informatica found the level of deep insights on data flow to be a boon. “The data we got from Traceable blew our minds! It was super-detailed information about which APIs are communicating and the data flow,” he said. “What really impressed us was the ability of Traceable to crunch the data.”

Reducing infrastructure and labor costs with an API Security Platform

Processing a large amount of data daily, Informatica suffered a high cost of infrastructure and labor. However, Traceable negates much of the cost. According to Patel, pointing the data at Traceable “nullifies and replaces our previous infrastructure and labor investment with our log management system.”

Once Informatica deployed Traceable, overhead was drastically reduced, saving 60 hours of labor weekly. Patel clarified that “as of right now, we only have one engineer responsible for managing WAF rules and evaluating quality assurance (QA).” By saving 75% of the hours they used to spend on inefficient security measures, Patel is able to better allocate his team’s time.

Patel was also impressed by the ease of visibility into his API infrastructure. Prior to Traceable, he estimates that he had 20% visibility, at best, and with Traceable he estimates his visibility at over 90% and increasing as the Traceable deployment expands. Patel said, “The visibility that Traceable provides was previously difficult to create. We now have that visibility all through our Traceable dashboard.”

The visibility that Traceable provides was previously difficult to create. We now have that visibility all through our Traceable dashboard.   Pathik Patel, Head of Cloud Security, Informatica
Minimizing multi cloud security risk with API data

Informatica prioritizes risk management, and finds in Traceable “a system readily available to protect us.” Perceiving ROI even during their proof-of-concept, Informatica had Traceable deployed in their QA environment when Log4j occurred. “Traceable reached out to us and showed us all the Log4j-related events that they saw.”

According to Patel, it made an immediate impression of value. “Traceable’s dashboard eliminated labor costs. In the future, we won’t have to spend 24+ hours digging into our data. We will rely on our Traceable dashboard.”

Above and beyond – a frictionless experience

In addition to solving their multi-cloud API security concerns, Traceable’s ability to overcome obstacles was a major selling point for Informatica. “All of our vendors had to support us for Enterprise Risk Management (ERM). Other vendors estimated six months to support this.”

“Traceable estimated one month, then delivered the fix within three weeks,” he said. Such flexibly-provided solutions offer the Cloud Security team a sense of “transparency with the Traceable team [that] we are very impressed with. Traceable provides a capable team which quickly understands our problems and gives answers.”

With Traceable, Deployment was easy. That was positive for our security engineers, because typically security engineers suffer many cycles in determining how to deploy new software. Traceable keeps the development team happy.