1 Introduction
Forum Systems is a privately held independent engineering company based in Needham, Massachusetts, USA. Founded in 2001, the company provides gateway-based security solutions for APIs in multiple areas including B2B, Mobile, Cloud and IoT. Since the very beginning, the company has focused on mission-critical large-scale solutions with a heavy emphasis on “security by design”. Among the customers of Forum Systems’ security solutions are US federal agencies, governments and large international enterprises, and the company is proud of consistent 100% deployment success rate. Forum Systems’ product portfolio comprises a broad range of security, access control and network performance solutions for various usage scenarios. However, all these solutions are integrated into a single security platform, the company’s flagship product Forum Sentry API Security Gateway.
Thanks to the ongoing Digital Transformation, the Application Programming Interface (API), once an obscure technical term reserved for developers, has become one of the key opportunities for businesses to establish new relationships with partners and customers, to create new business models and, in the end, to increase their revenue and brand engagement. Mobile applications and cloud services have become major channels for business transactions, and the emerging technologies like the Internet of Things (IoT) clearly indicate the enormous scale of challenges that businesses have to address, if they want to become a part of the global API economy.
Because of the explosive growth of APIs, a whole new market for API management solutions has emerged in the recent years, addressing such challenges as publishing standard-based APIs, ensuring availability, enforcing access policies and, last but not least, analytics and monetization. However, like many other developer-centric tools, API management solutions tend to overlook numerous security challenges related to exposing enterprise services beyond the corporate perimeter. The need to support multiple identity types, to provide flexible dynamic access control, to secure the interfaces against hacker attacks and other threats, to address compliance issues regarding sensitive information, and last but not least, to ensure continued availability and scalability of the service – all this makes the supposedly straightforward task of publishing an API increasingly complex. Another common misconception is to think of APIs only as of simple and lightweight REST APIs, completely ignoring enormous challenges of modernizing and opening legacy backend systems. Integrating and securing other communications protocols, such as those used by IoT devices, in industrial networks or in industry-specific solutions, is also becoming an increasingly growing part of API Management.
Although most modern API management tools include basic security features, more often than not they are added as an afterthought and rely on third party products or even open source libraries. Nowadays, when an API gateway is quickly evolving into one of the key part of enterprise critical infrastructure, this approach is no longer feasible. When KuppingerCole reviewed Forum Sentry back in 2015, we have declared it the only truly “secure by design” API gateway available on the market. Later Forum Systems has been recognized as the Overall Leader in our Leadership Compass on API Security.
Two years later, with multiple new security features and new deployment models adapted for the newest business requirements, the product maintains its strong “security first” focus and can be recommended for evaluation by any organization looking for the highest grade of security and reliability for their API infrastructure.