APIs accelerate agility, empower developers, and enable innovative business strategies. But how do you ensure the security of your API architecture as you expose your corporate data to mobile apps, developers, and partners? Does your API security framework enable DevOps agility and a scalable security model for IT?
In this webcast, Apigee’s Tim Mather and Subra Kumaraswamy discussed API security considerations for DevOps, CSOs, and security professionals.
As customers move between the web, mobile devices, and sensors in the IoT, APIs are critical to your enterprise and your IT organization. A challenge for IT organizations is securely exposing functionality to be consumed by developers and partners, some who you don't yet know. At Apigee, we’ve built deep expertise and understanding of IT security strategies and we are pleased to announce that Robert (Bob) Lentz, the former Chief Information Assurance Officer (CIAO) for the U.S. Department of Defense, has joined the Apigee advisory board.
Apps update all the time as developers fix bugs and add features. Every so often, an app's feature growth will require a new permission. Users might be asked for new personal information, like a request for permission to “read calendar events plus confidential information.” Requests like these can cause heartburn among users.
With the explosive growth in API use in every sector, CEOs and business unit leaders at enterprises that are undergoing digital transformations are calling upon their chief security officers and chief information security officers to ensure the security of APIs. With this in mind, our new eBook, Securing the Digital Enterprise, provides a framework to help CSOs and CISOs consider API security.
Perhaps information security practitioners believe there’s more hype than reality in big data analysis, but, for whatever reason, they have largely tended to focus on log files generated by security sensors (devices or applications that collect and report on threats in near-real time). They’ve all but ignored non-security or operational sources of data. This is particularly true of API data. And this omission is a mistake.
There are still companies out there that create software that assumes a “perimeter” where the software can be installed, or requires a company “agent” to be installed on all mobile devices.
These kinds of companies need to rethink their strategies. Today's mobile-first digital world has driven huge changes in how enterprises connect with their customers and has changed the nature of the software we build.
The recent negative publicity for Snapchat's API is a real-life demonstration of what can go wrong when a few important things are overlooked. This episode offers an opportunity to remind ourselves about some aspects of security that API teams often overlook.