MuleSoft Launches Policy Kit to Customize Critical API Protections
APIs are the lifeblood of digital business – but also prime targets for attackers. API traffic is expected to surge from 70% of internet requests last year to 95% by 2025, and with over 4,000 APIs exposed per company globally, they require robust governance and security.
MuleSoft recognizes this growing need to lock down business systems amidst spiraling API growth. Their new Anypoint Flex Gateway Policy Development Kit (PDK) allows developers to tailor identity, threat and data protections that govern API flows.
This move strengthens MuleSoft’s offerings, which have been pivotal to Salesforce growth in big enterprises. “Almost every major deal we’re doing has integration at the center of it though our MuleSoft portfolio,” said Salesforce CEO Marc Benioff in a recent earnings call. The custom gateway protection enabled by the PDK are designed to help fuel that growth.
Table of contents
The API Security Gap
Integrating datasets, apps and capabilities through APIs unlocks opportunities for companies striving to become composable enterprises. MuleSoft’s componentized approach with API-led connectivity lets teams mix-and-match modular building blocks to adapt faster.
But the proliferation of APIs accessing sensitive systems can massively expand the attack surface. Web application attacks have doubled over the last five years – often targeting weakly protected APIs that provide backdoor access.
Standard API gateways help mitigate this risk by proxying flows rather than exposing raw endpoints, giving a policy enforcement point. MuleSoft Anypoint Gateway leverages the high-performance open-source Envoy proxy to shield gateways at scale.
Still, off-the-shelf policies often fail to address context-specific risks such as healthcare data regulations. And devops workflows struggle to keep pace as new endpoints get added continuously post-deployment, lacking change control.
Enter API Security Customization
MuleSoft’s Policy Dev Kit helps developers rapidly build and deploy the exact access, authentication and compliance rules needed for their dynamic environments – before vulnerabilities emerge.
It abstracts away Envoy’s complexity by offering templates and an SDK allowing developers to generate policies in the Rust language tailored to their security use cases and infrastructure:
- Data loss prevention for sensitive fields
- Customer-specific access roles and entitlements
- Encryption standards for financial data
- Rate limiting on high demand resources
- Blocking to prevent abuse of APIs
These custom policies are compiled down into specialized WebAssembly code inserted right into the proxy layer itself for maximum performance.
The PDK additionally enables testing policies locally, accelerating edit-debug cycles. And it integrates with MuleSoft’s shared Exchange Asset repository allowing centralized distribution, versioning and governance of codified policies alongside reusable APIs, data models and integration logic.
The result? A 75% faster design-to-implementation cycle for creating and scaling custom policies on the gateway tier compared to makeshift solutions according to internal data.
MuleSoft’s API Gateway Differentiation
The PDK enhancement cements MuleSoft’s standing as a competitor to Kong and other Kubernetes-centric API gateways used by developer teams. Its unique value lies in reconciling developer agility with enterprise policy control needs.
In a SalesforceDevops.net interview, Gary Egan, VP of Products at MuleSoft explained: “Where competitors force proprietary policy formats, Anypoint Flex with PDK lets you develop protections tailored to your business apps that still work with centralized governance and distribution pipelines.”
That balances open extensibility at the edge with consistent policy across hybrid infrastructure. And compiling Rust down to WebAssembly maximizes throughput; Envoy proxies handle 5000+ APIs out-of-the-box.
Egan highlighted how custom policies allow customers to address modern use cases like securing AI/ML data flows in compliance with ethics rules. The templates codify protections rapidly.
Integration Platform Power-Up
Ultimately, the Policy Dev Kit enhances MuleSoft’s broader integration platform – enabling organizations to deliver reusable, well-governed APIs and microservices for accelerated digital performance.
“It drives reuse, scale and consistency across assets organizations invest in composing together – that’s where complexity creeps up requiring a comprehensive lifecycle approach spanning design through runtime,” Egan explained.
Anypoint Platform manages API creation, testing, deployment, and consumption while providing monitoring, access control and versioning capabilities at enterprise scale. New devops tooling ties CI/CD pipelines for infrastructure-as-code right into Anypoint Exchange assets.
The enhanced gateway protections work alongside governance systems ensuring technical, operational and regulatory policy adherence across composable systems. Integration reliability and safeguarded access to modernized IT systems is the focus.
Accelerating Composable Business
MuleSoft has seen surging adoption by CIOs and integration teams over the last three years because this modular approach accelerates transformation: connecting data, apps, and devices across cloud, on-prem and hybrid environments.
The combination of reusable integration assets and templates, API-led connectivity, secure gateway policies and governance capabilities allow organizations to adapt faster while controlling risk – driving competitive advantage.
“With our comprehensive lifecycle approach spanning integration to governance plus new custom policy features, we provide the tools and technologies to securely compose business capabilities in a unified way – and unlock innovation at scale,” said Egan.
As digital ecosystems continue expanding exponentially through external partnerships, internal reuse and multiplication of endpoints, that disciplined lifecycle strategy brings order to the complexity. The Policy Dev Kit gives security and infrastructure teams confidence to move fast without compromising compliance or control.
By making protected assets consumable across the business through consistent interfaces and policy guardrails, next-level automation and intelligence become possible on a governed platform built for innovation, not stagnation.
