The global research firm, Forrester, recently published its latest Forrester Tech Tide™(1) focused on twenty technologies that underpin Zero Trust threat prevention. By analyzing business value and maturity of each technology , Forrester zeroed in on six in which they recommended businesses invest. Forrester ensured each recommended technology met three criteria: 1) it was an important contributor to Zero Trust threat prevention; 2) it was commercially available at scale; and, 3) it had sufficient market maturity to be a viable solution. We at Noname are happy to see API security was prominent on the list of technologies in which to invest. And that Noname Security was specifically listed as an identified vendor.
As I previously wrote(2) about the efforts of agencies to implement Zero Trust, the “outcome [of those efforts] will be less than expected if API security is not included.”2 Forrester confirms this notion as they stated, “APIs are the building blocks of modern applications, and security leaders cannot ignore the prevalence of application attacks through APIs.”1 Clearly, there is a growing recognition that API security should be part of any Zero Trust architecture. APIs are an important part of every organization’s IT systems and they are used for all manner of data exchange. But they have been given a degree of trust that is unwarranted for the significant role they play in driving business activities. Especially when you consider that many organizations have not kept API security on par with the growth in their applications.
Securing APIs is a major challenge. Organizations can have tens of thousands of APIs spread across multiple environments. This makes it incredibly difficult for them to know where their APIs are routed, how they are configured, what sensitive data they are moving, and what risks they pose to the enterprise. And new applications and APIs are being rapidly developed and added into production, continually expanding an already complex environment. As a result, APIs present a substantial attack surface and have become an attractive attack vector for malicious actors.
Unfortunately, current defensive measures are costly and insufficient to handle the increase in API deployment without dedicated API security. Organizations need to think about API security differently and utilize a more vigorous means of securing APIs across their entire lifecycle to better protect critical assets from cyberattacks while developing and delivering secure applications and APIs at speed. Don’t just trust that your APIs are secure. Use a dedicated solution to identify and mitigate vulnerabilities, monitor and document activity, give granular detail on data movement, and test your APIs before you release them into your environment. Noname Security can support your Zero Trust journey with a comprehensive picture of all API activities throughout your entire ecosystem.
1 The Forrester Tech Tide™: Zero Trust Threat Prevention, Q4 2022, October 21, 2022, Figure 4, p. 11
2 Application Programming Interfaces (APIs): The Soft Underbelly of Zero Trust, April 25, 2022, Application Programming Interfaces (APIs): The Soft Underbelly of Zero Trust (nonamesecurity.com)