API Security Trends: Government & Public Sector
The API Security Disconnect API Security Trends in…
Over 18 months ago, a small group of us started a program to support the US federal government and the broader public sector with robust API security. Recognizing the major shifts in government cyber security, we focused on Zero Trust early. We wrote about it, talked about it, and evangelized on the importance of including API security in a ZT architecture. An early achievement was a detailed mapping of API security to the pillars of ZT over a year ago. Those efforts became a foundational roadmap for the technology improvements and outreach efforts that followed. We now find ourselves as the only ATO’d API security solution in the federal government. But, we’re not resting on our laurels. We’re continuing to improve and expand. And we’ll continue to educate and work with individuals to meet their specific needs.
In early September, Department of Defense CIO John Sherman announced plans to evaluate zero trust implementation measures. With any new strategy (like the National Cybersecurity Strategy we’ve talked about many times) there needs to be an implementation plan to further define steps to be taken and responsible parties who will take them. As expected, the federal government issued the National Cybersecurity Strategy Implementation Plan in July 2023 (which we’ve also talked about previously). Once implementation plans are in place and responsible agencies have objectives to accomplish, progress needs to be assessed. That’s where DoD’s plans to evaluate zero trust measures come into play. Although we haven’t seen any announcement for the civilian federal agencies yet, I would expect something to come out for them as well.
For all the agencies out there hoping to make progress in your zero trust journey, you should really consider API security. Looking at the pillars of a ZT architecture, we’ve mapped API security across nearly all of them at different levels of maturity. Given the ubiquitous nature of APIs, their security cannot be ignored. The Noname platform not only helps secure your APIs, it protects your data, supports insider threat programs, addresses business logic failures that hardware alone does not, improves security during API development, aids in continuous compliance and governance efforts, and gives visibility for strategic decision making and integration with other security measures. We’ve been leading the pack in the federal space since we started and we’re ready to help any agency that wants to make a real difference in its ZT journey.
One final thought, be cautious of a complete ZT solution in a box. Everyone’s journey is unique and one size may not fit all appropriately. I just saw a report that a data leak by Microsoft AI researchers exposed over 38TB of data. Even big players make mistakes and if you entrust them with your entire strategy from start to finish, you have to hope they never stumble. Noname is focused on each customer and each agency as a unique partner with whom we work to find the right fit for their environment. Give us a call and let’s talk about what you need to make real progress in your ZT journey.
Download the Zero Trust API Security Whitepaper here.