The Top Five Myths in API Security

Learn more

Helping bp Launchpad Re-imagine Energy by Enabling API-based Innovation

Jennifer Dignum
May 17, 2022

Having pioneered API security, the Salt Security team is always gratified to have the caliber of our solution validated through a customer’s vetting and selection. We are honored to be chosen as bp Launchpad’s technology solution for API security and also find it meaningful to support a business that is working to re-imagine energy for people and our planet.

bp Launchpad, the in-house business accelerator for bp, strengthens energy resilience and generates sustainable change by growing global startup companies within the renewable energy sector. Its portfolio of digitally-led companies help deliver cleaner, more affordable, and reliable energy.

bp Launchpad supports these companies by sharing its expertise across multiple business functions, including building best-in-class technology infrastructure. By providing technology solutions to its companies, bp Launchpad bolsters their capabilities and drives growth.

According to Tom Salmon, Head of Cyber for bp Launchpad, API security is a non-negotiable requirement for their startup companies. As digital businesses, these incubator companies all rely on APIs as the foundation for their applications and services.

“If an attacker exploits a BOLA flaw to manipulate API requests and alters an energy device, if they make a change to an asset that they shouldn’t have access to, that has real human impact – physical, real-world impact – and that’s our biggest concern.” Tom Salmon, Head of Cyber, bp Launchpad

In this short video, Tom explains why bp Launchpad knew that API security had to be part of their API programs:

Like bp Launchpad, more and more companies are recognizing that dedicated API security has become a critical component in securing platform services. Gartner reinforced this need last year when it updated its security reference architecture to add – for the very first time – a separate pillar for API discovery and protection.

The sheer number of APIs being used and the different ways that they are being used have changed security requirements. With an expanding API attack surface, companies need more context to provide adequate protection.

With its cloud-scale big data-based architecture, the Salt Security platform delivers the context that security teams need to spot deviations from normal API behaviors. Unlike traditional security solutions, the Salt platform can capture a breadth of API traffic interactions over an extended period of time that spans the full API lifecycle. Salt can store hundreds of attributes about millions of APIs and users over time. Leveraging artificial intelligence (AI) and machine learning (ML) algorithms, Salt Security provides a baseline of normal API traffic and enables bp Launchpad’s companies to:

  • Instantly see which APIs are exposing sensitive data
  • Identify API attacks in real-time
  • Provide remediation details to harden APIs in development

According to Tom, security teams have an obligation to provide solutions that help reduce risk without making the process more difficult for developers or slowing down business programs. Security is responsible for giving cross-functional teams the answers and dedicated solutions that make it easy to deploy and protect the growing number of APIs. In the case study, Tom states:

“When we find an anomaly, Salt gives us a specific remediation. That’s the kind of information developers need.”

Salt Security has a proven record of success as the leading API security solution in the market, with the most customers and deepest penetration among Fortune and Global 500 enterprises.

If you would like to learn more about the Salt Security API Protection Platform, we invite you to sign up for a personalized demo.

Go back to blog

Learn everything you need to know to keep your APIs secure

Sign up for blog digest