API Security: Separating Truth from Fiction
- LANGUAGE: English DATE: Thursday, March 14, 2019 TIME: 4:00pm CET, 11:00am EDT, 8:00am PDT
APIs (application programming interfaces) have undergone a truly amazing transformation in recent years. From an obscure technical term only software developers were familiar with, they have developed into one of the foundations of today’s digital business. Nowadays, APIs are everywhere – they enable business communications with partners and customers, make applications from different vendors work together seamlessly, power large IoT networks and the whole cloud. For many companies, APIs have even become the very foundation of their business models and the primary source of income.
Unfortunately, the rapidly growing need to expose and consume various APIs as quickly and easily as possible has led to various compromises often made at different stages of architecting modern IT systems. Notably, for many businesses, the very notion of API security is still something completely foreign or an afterthought at best. There are quite a few common misconceptions surrounding this topic, such as the idea that existing security tools like web application firewalls or antiviruses are perfectly capable of securing APIs or that the whole issue can be avoided by simply not exposing an API to the world.
As the latest high-profile security breaches where APIs were used as the primary attack vector indicate, this cannot be further from the truth. Securing your APIs properly should always start with a strategy that incorporates both existing tools as well as specialized API security solutions that can analyze, harden, monitor and defend your APIs across their full lifecycle. And don’t forget that 3rd party APIs that your business relies upon must be protected just as carefully as your own.
Join this KuppingerCole webinar where we’ll discuss the following topics:
- The extent of API proliferation in modern businesses and the risks of not having them under control;
- Modern API standards (and lack thereof) and specific security challenges APIs are facing;
- Common misconceptions about securing APIs and how to separate truth from fiction;
- The scope of API security and the evolution of API security tools and solutions;
- Designing a comprehensive API strategy that involves every responsible party;
- Practical recommendations that you can start implementing right after this webinar.
In the first part of the webinar, Alexei Balaganski, Lead Analyst at KuppingerCole, will provide a general overview of the recent developments and security challenges for the API economy. He will talk about the importance of a proper API security strategy that combines not just tools, but people and processes across multiple business units of your company.
In the second part, Isabelle Mauny, co-founder and Chief Product Officer of 42Crunch, will present the alternative approach towards API security that spans across the whole API lifecycle and ensures continuous protection during development, deployment and production runtime of any business-critical API. She will offer practical recommendations and talk about concrete API security policies based on industry best practices.
The 42Crunch platform offers a set of integrated services that can be leveraged as part of the APIs’ DevSecOps cycle:
* API Contract Security Audit: An exhaustive security audit of the OpenAPI definition, with detailed security scoring that helps developers define and strengthen their API contracts.
* API Contract Conformance Scan: A scan of live API endpoints that discovers potential vulnerabilities and discrepancies in your API implementation against the API contract.
* API Protection: A straightforward and easy way to protect APIs and apply policies that can be deployed in our lightweight, low-latency, API-native micro firewall. API Firewall automatically enforces traffic based on your API contract and applies security policies to protect API endpoints wherever they are.
Access Governance-Tools sind in der heutigen Business-IT ein unverzichtbares Element. Sie dienen dem Management von Benutzer- und Berechtigungsworkflows, der Vergabe von Zugangsrechten, der Durchführung von Kampagnen zur Zugriffszertifizierung und der Implementierung und Prüfung von Controls für die Funktionstrennung (SOD). Mit einer wachsenden Zahl von Business-Applikationen, gerade auch aus der Cloud, und ihrer Vernetzung wächst die Herausforderung, Access Governance übergreifend und automatisiert umzusetzen.