APIs truly make the digital world go round. They are the backbone of digital transformation for both digital native and traditional businesses. But this also makes them a prime target for security threats. From API sprawl to Shadow APIs, the challenges are many. And strategies like Open authentication, Zero Trust models, rate limiting, etc. too are discussed widely. But what’s the blueprint of a CISOs strategy to secure APIs? The scale at which Paytm operates and the massive number of transactions processed daily, API sprawl and Shadow APIs can pose significant risks. How does Amit Malhotra, CISO, Paytm Group address this challenge, especially when managing third-party integrations and microservices architectures? Malhotra says, “APIs interact and can communicate sensitive information too- can be financial transactions, personal info too. It’s imperative as a security officer to protect these APIs. We should have an integrated approach of managing both API security and application security together- where we take help from DevSecOps . If you perform all security testing properly, I believe the vulnerabilities that can be exploited through API exploitation cannot happen.” “API sprawl means you have a certain explosion and are not able to manage properly. API sprawl happens due to […]
Click here to view original web page at ciso.economictimes.indiatimes.com
