Onegini: Avant-garde Mobile Security Platform

With the rallying cry around API economy, more companies today are undergoing digital transformation opening up their data and services, exposing themselves to a wide array of sophisticated cyber attacks. Today, threats such as man-in-the-middle attacks, cross-site scripting and SQL injection attacks are resulting in the theft of identity of authentic users, exposing business critical data to unauthorized apps that endanger brands’ credibility and business prospects, putting their API initiatives in jeopardy. The current API security vendors are struggling to secure businesses due to the narrow API security approach and lack of consistent, comprehensive, and secure API architecture with combative security components. Helping businesses to excel in the digital era is Onegini with overarching security approach to secure not just the APIs HTTP endpoint but the interactions between the client and end user devices– including IoT devices–and APIs with provisions for auditing and non-repudiation throughput. “Onegini brings an added layer of security on top of API security infrastructure to protect end-to-end interactions between the business and the end-users’ mobile device,” says Denis Joannides, Founder & CTO, Onegini.

At the core of Onegini is the Mobile Security Platform (MSP). With an Application Security Framework, Token Server, and Security Gateway, and API Management, MSP provides a well-secured conduit for end-users to interact with business applications on mobile platforms, browsers, and desktop applications through validated APIs. MSP prevents identity theft with its Consumer Identity Management (CIM) functionality that protects the consumer identity by limiting the exposure of user credentials to trusted applications. This functionality takes standards-based authentication approach for efficient orchestration of APIs making them scalable and extensible. The Token Server manages the identity of users and devices by generating access credentials with appropriate permissions. The Security Gateway works in liaison with MSP to allow access to APIs granted for a client application and given identity. The gateway contributes for end-to-end API security by aligning the external security protocols with the internal ones.