Ep. 222 Securing Federal Systems: How API Management Transforms Digital Security

The federal government is transforming from on-premises and private cloud systems to a hybrid cloud.

What most listeners do not realize is that the linchpin to this transition is the Application Program Interface (API). It has been hiding under the radar for so many years that malicious actors use this perspective to attack the API.

Info Security Magazine reports that 99% of organizations struggle with API security. Where to start? First, get an inventory of how many APIs you are dealing with.

Stephen Ringo emphasizes the need for discovery tools to identify rogue and shadow APIs, noting that passive discovery methods are preferred to avoid network disruptions.

He also points out that API security is often overlooked, even in cloud-native solutions, and that misuse, rather than malformation, is the primary threat. Ringo advocates initiative-taking measures to secure APIs and prevent data breaches.

• Three main ways to protect APIs:
• Educate and raise awareness about API security risks among federal CIOs and IT leaders.
• Discover and inventory all APIs, including rogue or shadow APIs, within the organization.
• Evaluate API security capabilities of cloud providers and ensure proper security controls are in place.