Forrester has identified API security as an important technology category in a zero-trust architecture.

Global research company Forrester recently published its latest news Forrester Tech Tide™(1) Zero Trust focused on twenty threat prevention technologies. By analyzing the business value and maturity of each technology, Forrester zeroed in on six it recommends for businesses to invest in. Forrester ensured that each proposed technology met three criteria: 1) it made a significant contribution to preventing Zero Trust threats; 2) was widely available for sale; and, 3) there was sufficient market maturity for a viable solution. We are pleased to see that API security is high on the list of technologies to invest in at Noname. Noname Security is also specifically listed as an identified vendor.

For me written earlier(2) Regarding agencies’ efforts to implement Zero Trust, “results [of those efforts] If APIs don’t include security, they’ll be less than expected.”2 Forrester confirms this notion, saying, “APIs are the building blocks of modern applications, and security leaders can’t afford to ignore application attacks through APIs.”1 Of course, here There is a growing recognition that API security must be part of a Zero Trust architecture. APIs are an important part of every organization’s IT system, and they are used for all kinds of data exchange. especially considering that many organizations have not kept API security at the same level as their usage growth.

Securing APIs is a major challenge. Organizations may have tens of thousands of APIs spread across multiple environments. This makes it very difficult to know where their APIs are directed, how they are configured, what sensitive data they are carrying, and what risks they pose to the enterprise. And new applications and APIs are rapidly being developed and added to production, continuously expanding an already complex environment. As a result, the API exposed an attack surface and became an attack vector that attracted the attention of malicious actors.

Unfortunately, current security measures are expensive and insufficient to scale API deployments without dedicated API protection. Organizations need to think differently about API security, develop and deliver secure applications and APIs faster, and adopt stronger API lifecycle protection tools to better protect critical assets from cyberattacks. Don’t trust your APIs to be secure. Use custom solutions to identify and mitigate vulnerabilities, monitor and document operations, provide detailed data traffic, and test your APIs before deploying them to your environment. Noname Security can support your Zero Trust journey with a comprehensive picture of all API activity across your entire ecosystem.

1 Forrester Tech Tide™: Zeroing in on Trust Threat Prevention, Q4 2022, October 21, 2022, Figure 4, p. 11

2 Application Programming Interface (API): The Soft Underbelly of Zero Trust, 25 Apr 2022, Application Programming Interface (API): Soft Underbelly of Zero Trust (

*** This is a syndicated blog of the Security Bloggers Network Noname API Security Blog the author Dean Phillips. Read the original post at:

Source link

Leave a Comment