Shining a Light on Hackers’ New Favorite Target: Expert Panel Shares Eye-Opening Security Insights to Risks and Blind Spots of APIs

Press Release

Source: businesswire.com

MIAMI--(BUSINESS WIRE)--Sensedia, the global leader in delivering API and microservice solutions, presents an expert panel discussion, 5 Reasons Why API Security and Governance Matter. This free and informative session is available to stream on-demand here. Industry analysts warn that APIs will become the most commonly targeted attack vector in the enterprise if they aren't already. API security is now a C-suite level discussion.

‍

“Ongoing collaboration internally is critical. And it starts with a little bit of empathy and a little bit of understanding your business and technology goals.”

‍

Filipe Torqueto, Head of Solutions at Sensedia, USA, Chuck Herrin, CTO and Board Director at Wib, and Zoe Strickland, Senior Fellow at Future of Privacy Forum, joined moderator Paul Wilke, CEO of Upright Position Communications, to discuss the importance of ensuring APIs are secure and governed. The panel reviewed five areas on which leaders should focus:

• Scalable and Consistent Execution
• Cost-Effectiveness
• Risk Mitigation and Trust
• Compliance
• Collaboration

As technology teams increase delivery speed to market, APIs are an ideal solution. When technology expands within organizations, APIs can be a blind spot. Many companies don't know exactly how many APIs they have within their platforms accessing their data. Having scalability and consistent execution is critical for companies to stay secure.

"The technology teams need to accelerate delivery. A great way to do that is by embracing APIs and microservices that use them, which changes your architecture, which naturally changes your attack surface. So the attackers adapt," says Herrin. "This puts security and governance teams behind the curve, and we typically and often see our clients underestimate 2X, 5X, how many APIs they actually have. APIs are so much easier to expose and publish than they are to understand and govern. I see this getting worse before it starts to get better."

Torqueto adds, "We don't have a one-size fits all solution. The secret word here is adaptive. We need to know what we're doing, for whom we're doing it, and the risk around it. We're thinking about frameworks, architectures, APIs, everywhere, and we must also discuss the management, the governance, and the security."

Understanding and implementing strong API security and governance saves businesses money and builds trust. According to Strickland, "Costs themselves can be substantial. If you do have an incident, you'll likely need to hire consultants to help you figure out what happened because you've got to get on it right away. I can't even tell you the sense of urgency that needs to happen. You might need to hire lawyers too, depending on how serious the incident is and how much hot water you're in."

During the insightful one-hour webinar, the speakers delved into the relationship between risk mitigation and compliance, sharing that proper risk management supports compliance, and according to Torqueto, we need to understand that regulations are there to protect us and regulators are the good guys, not the bad guys. "We need to detach this regulation and compliance word from the killers of agility," he states.

Collaboration emerged as a key theme in the panel’s discourse. One critical point Herrin makes is how few of our technology problems are actually technology problems. "The security team may not even be aware of what's going on in the development shop. And those internal silos and blind spots wind up manifesting as a weak exterior attack surface." He continues, "Ongoing collaboration internally is critical. And it starts with a little bit of empathy and a little bit of understanding your business and technology goals."

The security experts share many more insights throughout the session. With APIs now the major attack surface for the outside world, it's essential to listen to what they have to say, so leaders can take action and keep their businesses and customers secure.

‍