Why Identity Is Key to Baselining API Security Programs
Security Expert Shaam Farooq on API Security Governance for IT and OT ProgramsHaving an API change management process is a critical component of a robust API management program, said Shaam Farooq, who is vice president of technology at Atlas Energy Solutions. Team members must review and approve changes as they happen and then communicate those changes across the IT and OT security teams, "to make sure everyone is aware," he said.
See Also: Building Better Security Operations Centers With AI/ML
Identity management is also important for monitoring and logging abnormal activity happening on the API. "If you have proper identification management, priority access management developed behind an API, as well as what things it's accessing and what things it cannot access, that's where the baseline comes into place," he said. "At the basic level, all APIs should work on a service account, not a user account. Those type of basic things matter."
In this video interview with Information Security Media Group, Farooq discusses:
- The unique challenges of securing APIs in converged OT/IT/IoT environments;
- Key elements of an API security management strategy;
- The barriers to achieving good API security and how to overcome them.
Farooq has over 25 years of global technology leadership experience in oil and gas, technology, manufacturing, and automotive industries. He has led technology functions for startups, Fortune 100 companies and privately owned entities, also overseeing cybersecurity and digital transformation. He previously served as CIO and CISO at Hyliion, CTO at New Fortress Energy, and CIO at Jonah Energy.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.