Don't Let APIs Be Your Weakest Link
Akamai's Richard Meeus on Securing APIs and Balancing Innovation and ProtectionSecurity professionals are struggling to combat the security challenges associated with API-driven applications. Many organizations are inadvertently exposing sensitive data through APIs without realizing the full extent of vulnerabilities.
See Also: Building Better Security Operations Centers With AI/ML
"APIs are exposing too much information with very little authorization, and this creates a massive risk in terms of PII, GDPR and other regulations," said Richard Meeus, director of security technology and strategy for the EMEA region at Akamai.
Another challenge for security practitioners is that "organizations often fall into the trap of assuming that API attacks are similar to the attacks that you see on a normal website," he said. This is a major cause for concern because traditional website security measures are ineffective against these threats.
To address this growing challenge, Akamai has developed tools and processes to help organizations implement microsegmentation. This approach helps businesses understand their assets better and integrate them into a zero trust ecosystem, encompassing zero trust network access, multifactor authentication and DNS security. Akamai also provides technology to analyze APIs within an organization, collecting telemetry from various sources such as API gateways, Akamai websites, other content delivery networks and firewalls, Meeus said.
In this video interview with Information Security Media Group at Cybersecurity Summit: London, Meeus also discussed:
- The importance of visualizing and identifying all APIs within an organization's infrastructure;
- Strategies for balancing rapid innovation with robust API security measures;
- How Akamai is helping customers strengthen resilience against API attacks.
Meeus is responsible for building solutions and ensuring customer satisfaction at Akamai. He has nearly 30 years of experience in designing secure solutions, deploying DDoS protection for multinational organizations such as Oracle, Mirapoint and Prolexic.