Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development
Navigating API Integration With a Zero Trust Approach
Rohit Rane, CISO of HDFC Pension on the Need to Validate Each ConnectionIT organizations are constantly creating new APIs to link to external services, but how can security teams ensure these APIs will integrate with zero trust principles? The first step is finding out which APIs fit with the architecture, said Rohit Rane, CISO of HDFC Pension Management Co.
See Also: Webinar | Securing Cloud Architectures: Implementing Zero Standing Privileges
"When we are deploying zero trust architecture, it is required to understand what kind of infrastructure we're having, whether it supports such architecture," Rane said. "The typical approach that is taken in APIs is always a token-based approach. When two different applications sitting on two different environments call each other for any data transfer ... you have a token, and on top of that you have static API keys."
To secure APIs, every connection and endpoint requesting access to any data source should not trusted automatically. Zero trust requires validation for each connection, he said.
In this video interview with Information Security Media Group, Rane discussed:
- Feasibility testing for zero trust adoption;
- The importance of a token-based management system;
- Challenges in zero trust API Integration.
Rane is seasoned technology and cybersecurity leader with overall 19 years of experience in securing companies across multiple industry sectors. He has received several industry awards and accolades for key security projects and security industry contribution.