Kerangka Konseptual Keamanan Layanan Sistem dalam Ekosistem Platform Digital Multilapis
DOI:
https://doi.org/10.62671/jikum.v2i1.173Keywords:
Multi-layered security, digital platforms, API security, governance, defense-in-depthAbstract
The rapid growth of digital services and API utilization in multi-layered platform ecosystems has expanded attack surfaces, increasing systemic security risks. Traditional security approaches focusing on individual components are insufficient to address cross-layer vulnerabilities, especially in cloud-native, microservices-based architectures. This study aims to develop a holistic conceptual framework for system service security in multi-layered digital platforms by identifying key layers, analyzing interdependencies, and mapping risks and controls across infrastructure, platform/middleware, applications, and governance layers. Using a qualitative literature review of publications since 2020, thematic and conceptual analyses were conducted to synthesize existing technical and governance practices. The proposed framework integrates defense-in-depth mechanisms, including network segmentation, API hardening, service mesh with mutual TLS, secure software development lifecycle, identity and access management, and governance policies, highlighting cross-layer dependencies and systemic risk propagation. Additionally, it addresses the trade-off between security and system performance, proposing adaptive and contextual strategies such as lightweight cryptography, selective protection, and orchestrated controls. The results suggest that security must be designed end-to-end, considering technical, operational, and governance dimensions, to ensure resilience, service availability, and user trust in complex digital platform ecosystems. This framework provides a theoretical and practical reference for designing robust, adaptive, and measurable security architectures.
References
Akamai. (2025, April 22). Akamai Research: Web Attacks Up 33%, APIs Emerge as Primary Targets. Akamai Technologies, Inc.
Alenezi, A. M. (2023). Digital and Cloud Forensic Challenges. http://arxiv.org/abs/2305.03059
Ali, R. N., Mojtaba, S., Raviz, H., Ali, S., Peng, L., Amir, M., & Valentina, L. (2022). An Empirical Study of Security Practices for Microservices Systems. Journal of Systems and Software. https://kubernetes.io
Ali, S. E. A., Lai, F. W., Hassan, R., & Shad, M. K. (2021). The long-run impact of information security breach announcements on investors’ confidence: the context of efficient market hypothesis. Sustainability (Switzerland), 13(3), 1–27. https://doi.org/10.3390/su13031066
Al-Shatari, M., Hussin, F. A., Aziz, A. A., Eisa, T. A. E., Tran, X. T., & Dalam, M. E. E. (2023). IoT Edge Device Security: An Efficient Lightweight Authenticated Encryption Scheme Based on LED and PHOTON. Applied Sciences (Switzerland), 13(18). https://doi.org/10.3390/app131810345
Ashouri, M., Davidsson, P., & Spalazzese, R. (2021). Quality attributes in edge computing for the Internet of Things: A systematic mapping study. In Internet of Things (Netherlands) (Vol. 13). Elsevier B.V. https://doi.org/10.1016/j.iot.2020.100346
Autio, E., Nambisan, S., Thomas, L. D. W., & Wright, M. (2017). DIGITAL AFFORDANCES, SPATIAL AFFORDANCES, AND THE GENESIS OF ENTREPRENEURIAL ECOSYSTEMS.
Berardi, D., Giallorenzo, S., Melis, A., Prandini, M., Mauro, J., & Montesi, F. (2022). Microservice security: a systematic literature review. PeerJ Computer Science, 7. https://doi.org/10.7717/PEERJ-CS.779
Costabile, C. (2024). Digital platform ecosystem governance of private companies: Building blocks and a research agenda based on a multidisciplinary, systematic literature review. Data and Information Management, 8(1). https://doi.org/10.1016/j.dim.2023.100053
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022a). Cyber risk and cybersecurity: a systematic review of data availability. Geneva Papers on Risk and Insurance: Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022b). Cyber risk and cybersecurity: a systematic review of data availability. Geneva Papers on Risk and Insurance: Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6
Hein, A., Schreieck, M., Riasanow, T., Setzke, D. S., Wiesche, M., Böhm, M., & Krcmar, H. (2020). Digital platform ecosystems. Electronic Markets, 30(1), 87–98. https://doi.org/10.1007/s12525-019-00377-4
Hund, A., Wagner, H. T., Beimborn, D., & Weitzel, T. (2021). Digital innovation: Review and novel perspective. In Journal of Strategic Information Systems (Vol. 30, Issue 4). Elsevier B.V. https://doi.org/10.1016/j.jsis.2021.101695
Hutasuhut, N. R. P., Amri, M. G., & Aji, R. F. (2024). Security Gap in Microservices: A Systematic Literature Review. International Journal of Advanced Computer Science and Applications, 15.
Jovanovic, M., Sjödin, D., & Parida, V. (2022). Co-evolution of platform architecture, platform services, and platform governance: Expanding the platform value of industrial digital platforms. Technovation, 118. https://doi.org/10.1016/j.technovation.2020.102218
Lestari, M., Entina Puspita, M., & Fritz Wijaya, A. (2025). Model Tata Kelola TI Terintegrasi untuk Keamanan Informasi di Sektor Fintech. Jurnal Teknologi Dan Manajemen Industri Terapan (JTMIT), 4(3), 766–776.
Newswire. (2025, May 28). CDNetworks’ State of WAAP Report Reveals 887.4 Billion Web App and API Attacks in 2024, a 21.4% YoY increase. CDNetworks .
Ohm, M., & Stuke, C. (2023, August 29). SoK: Practical Detection of Software Supply Chain Attacks. ACM International Conference Proceeding Series. https://doi.org/10.1145/3600160.3600162
Oluwatobiloba, A. (2025). Security Challenges in Cloud-Native Microservices: A Risk Assessment and Mitigation Framework.
Peng, H., Lu, Y., & Gupta, S. (2023). Promoting value emergence through digital platform ecosystems: Perspectives on resource integration in China. Technological Forecasting and Social Change.
Poniatowski, M., Lüttenberg, H., Beverungen, D., & Kundisch, D. (2022). Three layers of abstraction: a conceptual framework for theorizing digital multi-sided platforms. Information Systems and E-Business Management, 20(2), 257–283. https://doi.org/10.1007/s10257-021-00513-8
Qazi, F. (2023). Application Programming Interface (API) Security in Cloud Applications. EAI Endorsed Transactions on Cloud Systems, 7(23), e1. https://doi.org/10.4108/eetcs.v7i23.3011
Reed, J., Martinez, A., Thompson, D., Chen, E., & Esther, D. (2021). Comparative Study of mTLS vs. API Gateway-Based Security in Kubernetes Microservices.
Soni, A. A., Dhenia, R. N. K., & Parikh, M. (2025). Edge Vs Cloud Computing Performance Trade-Offs for Real-Time Analytics. International Journal of Science and Engineering Applications. https://doi.org/10.7753/ijsea1406.1007
Theodoropoulos, T., Rosa, L., Benzaid, C., Gray, P., Marin, E., Makris, A., Cordeiro, L., Diego, F., Sorokin, P., Girolamo, M. Di, Barone, P., Taleb, T., & Tserpes, K. (2023). Security in Cloud-Native Services: A Survey. In Journal of Cybersecurity and Privacy (Vol. 3, Issue 4, pp. 758–793). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/jcp3040034
