Register for our Dec 19th Webinar: Beyond the Perimeter: Achieving Comprehensive API Security

Blog Post

Technical

Protecting Digital Platforms — What I’m Hearing From CISOs

Roey EliyahuRoey Eliyahu
Apr 7, 2020

I’m going to start off this post by pointing out the obvious just to get it out of the way: our way of life has changed permanently.

With much of the outside world off-limits at the moment, we’ve become dependent upon the online world more than ever. But thanks to various digital platforms, I’m able to stay connected with friends and family, keep things moving with my team at work, do a bit of shopping, and manage all my financials. Things I wouldn’t think twice about doing in person, like running by the bank or picking up a few things at the market, are now exclusively done online. The big change here is that we are all quickly having to get comfortable with this digital transformation.

Get the latest API Security report and see how you compare

In light of this accelerated transformation, digital platforms are now a more critical part of our lives and I’m thankful for the companies that continue to provide these services. Had we seen a similar situation 15 or 20 years back I wonder how we would have managed.

Why are digital platforms more critical today?

In my calls with CISOs and companies around the globe, I see many are rapidly shifting to enable remote workforces and subsequently tackling the new challenges that come with securing that transition. The other challenge I see on their priority list is security for the digital platforms that have become even more critical to their business as it is their main way to connect with customers and primary source of revenue today.

These digital platforms are not only the focus of consumers; we’ve also seen increasing focus from security researchers and bad actors, making security for these platforms more imperative than ever. With every consumer shifting to digital platforms, the volume of sensitive data and surface area for attack has expanded.

Security For Digital Platforms

At the core of these digital platforms are APIs which, in recent years, have been used to fuel the explosion of applications and have enabled rapid innovation.  Unlike traditional applications, API-based applications have their own set of unique security challenges, so much so, that OWASP came out with a Top 10 focused solely on API security.

Here are some of the questions that I’m getting from CISOs when I talk to them about securing APIs and protecting their critical digital platforms:

How do I know my exposure?

Most CISOs I talk to know of their primary APIs, but also know that there may be many more unknown APIs in their environment that are exposed publicly, found in development environments or are used to connect with partners.  Beyond that, few CISOs think they really know what sensitive information (e.g. PII and IP) is being exposed through these APIs — this in itself presents unknown risk. Add to that the rapid rate of change as many development teams are adding functionality to keep up with demand and match functionality found in the real world, and this is seen as a moving target for security.

How do I know when my APIs are being targeted by attackers?

Many know that their current security solutions don’t provide enough protection for APIs. These solutions depend on signatures and are architecturally built to look for known attack patterns. Since the digital platforms and APIs each customer builds are composed of unique functionality and logic, known attack patterns aren’t useful to stop attacks targeting their unique vulnerabilities. These solutions were not built for the types of API attacks that we’re seeing today.

How do I identify and prioritize vulnerabilities that need to be fixed?

This has always been a challenge and with attacks on the rise and scrutiny from researchers increasing, efficient elimination of vulnerabilities is needed to protect customers and brands. I see a strong desire to improve workflows between security and development teams who can work together to quickly identify, prioritize, and eliminate vulnerabilities.  Since blocking attacks can be a bit like whack-a-mole, CISOs see eliminating vulnerabilities as giving them the needed edge against attackers and bad press.

These are just some of the common questions that I get as I continue to talk to CISOs across the globe. They know that now, more than ever, their role of securing these platforms is not only essential to the future of their business, but also essential in their customers’ lives.  I’m encouraged by how, in this time of adversity, I’ve seen so many come together to learn, share, and help others. I aim to do my part by sharing my insights. At Salt Security, our mission has always been to make it safe for companies to innovate. These days, I see how important this mission is to so many people.

To you and your families, friends, and employees, stay safe and healthy. Our way of life has changed, but together we will get through this, and in the end we will be stronger from what we have learned and the platforms that we have built.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

November 27, 2024

Eric Schwake
Head of Product Marketing

Industry

Beyond Traditional Security: Addressing the API Security Gap

To safeguard your business from API-specific threats, you need a dedicated solution that offers comprehensive visibility, in-depth contextual analysis, automated governance, robust data protection, and AI-driven threat prevention.

Read more

November 21, 2024

Eric Schwake
Head of Product Marketing

Industry

API (In)security: The Hidden Risk of Black Friday

Learn how, for online retailers, Black Friday represents both a lucrative opportunity and a significant cybersecurity challenge.

Read more

November 5, 2024

Eric Schwake
Head of Product Marketing

Industry

API Security: The Non-Negotiable for Modern Transportation

Airlines and transportation companies heavily rely on APIs to handle sensitive data, from customer information to payment details and flight schedules. While crucial for efficient operations, these APIs are also prime cyberattack targets.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back