API Security , Video

Essential Steps to Building a Robust API Security Program

Gartner's Dionisio Zumerle on API Security Challenges, Risk Assessments and Trends
Dionisio Zumerle, vice president analyst, Gartner

In the past year, several high-profile breaches resulting from API attacks are "just the tip of the iceberg," said analyst Dionisio Zumerle, vice president at Gartner. Many companies - including banks, which now have about 1 billion API calls a month for money transfer apps - are highly dependent on APIs, he said.

See Also: Webinar | Securing Cloud Architectures: Implementing Zero Standing Privileges

"What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating," he said. "The very first thing to do when you set up an API security project is to set, define and communicate the scope of the program and set expectations properly," he said.

Zumerle emphasized the importance of "good design from the start," for which he recommends threat modeling. "That allows you to identify possible exposures and decide the mitigations that you can put in place," he said. Deploying tools that "find, assess and monitor" APIs is essential.

On current API security innovation trends, Zumerle said, "There is a lot of overlap between newer API protection startups, what incumbent web application and API protection tools offer and also a newer category, another buzzword: cloud-native application protection platforms." He believes there are merits in all of those approaches but expects consolidation in the market.

In this video interview with Information Security Media Group, Zumerle discusses:

  • Organizational and technical API security challenges businesses face;
  • Practical steps security and risk management leaders can take to protect their APIs;
  • API security technology innovation to watch in the year ahead.

Zumerle, who is currently focused on application and mobile security topics, covers API security, mobile application security, DevSecOps and mobile threat defense for Gartner. His research interests also include emerging technology areas, such as application security posture management, and broader trends, such as the consolidation of cybersecurity platforms.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.