Why must APIs be replaced with zero trust?

Why must APIs be replaced with zero trust? ...

API breaches increased by 681 percent in the last year, compared to a 321% increase in overall API traffic, according to Salts State of API Security Q1, 2022 Report. API attacks are bypassing these controls, as do web application firewalls.

API breaches are stifling innovation, according to Gartner. For example, 62% of enterprises have admitted to rescheduling new product launches and application rollouts due to API security concerns in the last twelve months. In addition, 95% of devops organizations said their businesses have no API security plan while developing APIs in production.

Keeping API sprawl under control

Devops teams are required to complete digital transformation projects on time and on budget while developing and fine-tuning APIs at the same time. API sprawl happens rapidly when all devops teams in an enterprise don't have the API Management tools and security they need.

More devops teams require a solid, scalable approach to manage API sprawl and ensure that only those with the least privileged access can get them. In addition, devops teams must transition API management to a zero-trust framework to help reduce the amount of breaches happening today.

Six Stages Required for API Protection, hosted by Ameya Talwalkar, founder and CEO of Forrester, provide valuable insights into how devops teams can safeguard APIs, as well as highlighting ways that devops teams can improve API management and security.

During the webinar, Sandy Carielli, principal analyst at Forrester, said that in the largest organizations, hundreds of applications expand and soon tens of thousands or hundreds of thousands of APIs will be required.

Cequence Security's approach to addressing the challenges of API protection begins with Discovery or identifying all public-facing APIs first, and progresses to inventory, compliance, detection, prevention, and detection.

During the webinar, Sandy Carielli, the principal analyst at Forrester, will tell you that when I first received calls about API security, you know what question number one almost always was, or problem number one always was.

The webinar demonstrates the need for APIs to be managed as they emerge as the most vulnerable, unprotected open threat. Cybercriminals recognize how unprotected APIs can be, resulting in triple-digit growth rates. APIs must be managed in a zero-trust framework.

The API issue emerges without any trust.

Capital One, JustDial, Panera Bread, the United States Postal Service, and others have discovered that thousands of APIs are left unprotected, making them one of cybercriminals' favorite attack surfaces. APIs require the least privileged access and must be managed using a more microsegmentation-based strategy. Additionally, using least privilege, microsegmentation, and IAM will reduce the number of internal tests that are left open for internal testing.

Devops leaders must embed explicit trust into every step of API lifecycles.

Devops leaders and their teams need help balancing their businesses' ever-increasing need for APIs to support new digital transformation projects versus the need to remain in compliance. Devops teams accelerate business benefits first and attempt to catch up on compliance, security, and privacy as development schedules allow. There must be a shift to API-level trust, with security context defined for each type of API produced.

Zero trust must be core to continuous integration/continuous delivery (CI/CD) and SDLC devops frameworks and processes, according to SolarWinds-level attacks that successfully change core executables of an application and then infect an entire supply chain, making zero trust an urgent issue for devops teams today. Security would cease to be a bolt-on process pushing code to the end of a project, improving governance while doing so.

Devops team leaders rush through release cycles for their APIs in order to get large-scale digital transformation projects out, often recognizing security as a roadblock to getting done. Everyone on the devops teams is pressured to meet or exceed code release deadlines, contributing to API sprawl.

When zero trust becomes a design objective for APIs and devops processes, security is designed and strengthened throughout the SDLC. In addition, IAM and microsegmentation will dramatically reduce the danger of rogue or forgotten APIs bringing an entire platform or company down with a cyberattack.

You may also like: