Banks can struggle with fine-grained data access control (ABAC) and protecting its API data from providers and consumers consistently, predictably, and with confidence.
It is expensive and time consuming to consistently implement and manage data privacy in heterogeneous and legacy systems.
In addition, banking secrecy and data localisation laws and cross-border regulations are continuously changing, making it challenging for banks to stay on top of an evolving landscape.
eXate addresses these challenges by providing an end-to-end solution for financial institutions looking to fully protect data flowing through their APIs.
eXate’s software allows organisations to apply data security, privacy, and governance policies to any data flowing between systems. APIgator operates between the client’s additional core systems and Vault Core.
Improved risk mitigation and data leakage discovery
Vault Core comes with a standard set of APIs that enable unparalleled levels of control and granularity. Combining this with eXate gives banks the ability to quickly deploy rules that remediate data risks within APIs and services. This makes it easier for banks to discover data leakage and improve risk mitigation.
Improved visibility
eXate and Vault Core’s real-time data feed gives clients an ability to deploy real-time organisational data visibility controls within any service. Clients can also quickly and easily allow or revoke access to datasets or individual dataset attributes.
Improved control over data
Embedding eXate alongside Vault Core’s APIs allows banks to better share and protect 3rd party data – even beyond a bank’s operational borders. This gives instant visibility on who is accessing data and for what purpose. This all serves to easily demonstrate a bank’s compliance with business or geographical regulations.
The integration is designed to operate using the APIgator APIs, which are configured to run against the eXate SaaS cloud implementation. It has been delivered as a Postman collection which can be quickly imported and immediately used to test the platform capabilities. Our collection implements core calls to Vault Core to retrieve customers’ accounts and balances. A user can execute the APIgator APIs to apply pre-configured data policies that will restrict access based upon the users rights.
All the data in each interaction between a customer’s systems and Vault Core would have policies applied centrally and consistently. This ensures that the data user can only see the information they are entitled to access when it is returned from Vault Core. APIgator removes the need for any security customisations to either Vault Core or a bank’s systems.