CHEQUING OUT
entries , and additional security incidents that could lead to reputational damage and financial losses .
Solving the lack of visibility in API security
A lack of API visibility and inconsistent processes are common challenges . API development tends to lack centralisation , with developers scattered across various
cloud providers and operating outside the enterprise security team ’ s oversight .
Additionally , APIs are often developed in silos within different business units . Many of these APIs are not integrated into the company ’ s API management solution , missing out on basic protections such as rate limiting and authentication .
Standard API management tools often fall short in meeting insurance companies ’ security and visibility requirements . API gateways and web application firewalls ( WAFs ) are limited to capturing managed API traffic , leaving vast numbers of unmanaged APIs , including shadow and
Andre Kerstens , Principal Solution Architect , Noname Security zombie APIs . Moreover , depending on the business unit responsible for their design , APIs may not undergo testing against common attack methods .
Today ’ s threat landscape calls for insurers to adopt a comprehensive API security approach encompassing four critical areas :
• API discovery
• Posture management
• Runtime protection
• API security testing
Many insurers lack visibility into a significant portion of their API traffic . Without a complete and accurate inventory , they are exposed to a variety of risks . As part of API discovery , insurers can proactively locate and inventory all APIs regardless of configuration or type ;
68 www . intelligentfin . tech