SPECIALIST INSIGHT
Additionally , we leverage a data lake , which allows us to understand API ’ s behaviour over its life cycle and once it starts doing things it ’ s not meant to do , we can inform the customer on how to act and respond .
The Edge is also where we ’ re able to collect information on APIs . The Edge is extremely important because many companies have landed data centres , cloud service providers and third-party hosting providers . All of these components are transacting traffic internally and externally , all over the place . So , we have to be able to capture that information across multiple databases and technologies – wherever the APIs are . solutions where needed . We also can help people in the early stages of API management , we can take information from them in their chosen format and help them where possible . Having the capability to manage across a diverse landscape is a huge differentiator for us because we can meet companies at various maturity levels and deploy a pattern that is right for their stage in the API journey .
What advice would you offer decision-makers looking to improve their cybersecurity posture ?
My first piece of advice is if regulators have determined that APIs are a risk and threat to your organisation , recognise that they ’ re already five years too late . If banking regulators are saying API security is a problem , then it ’ s a problem , so stop trying to explain away API threats , act and move quickly . If you ’ re not moving already , you need to move fast , and if you ’ re already moving , you need to move faster .
My other piece of advice is don ’ t reinvent the wheel . Use previous approaches to rapidly address this threat ; use the patterns that we know from the past to be successful in addressing this issue . Also , define your inventory , understand your exposure , step next into risk assessment and then risk mitigation . �
We have to accommodate a wide range of API security management . For example , it ’ s fairly common to see a customer ask for an understanding of APIs and their activities during application usage , but not for the whole organisation . This is usually concerning quite sensitive information so we have to be flexible and adjust our
The FFIEC serves as a ‘ regulatory clearing house ’ for banks . www . intelligentfin . tech
51