API Security & Identity

Principles for API Security – White Paper Now Available

Image by Gerd Altmann from Pixabay

APIs allow fast and easy access to corporate assets. If you are focused on security this may be a scary thought! But the value obtained using business APIs – easing consumption of corporate assets enabling speed to market, allowing the business to reach more potential customers, and helping drive faster innovation – is significant.  It is the foundation of the “API Economy” and a core component in enabling digital transformation and building digital ecosystems. Because the value provided by APIs is so high, APIs are a target for exploitation by those wishing to inappropriately access your business assets or cause damage to your enterprise. There are many articles that highlight APIs as a new attack point using various techniques, such as “APIs are becoming a major target for credential stuffing attacks”.  Therefore, API security is of paramount importance in gaining the promised benefits without exposure to negative consequences.

Image by Gerd Altmann from Pixabay

Focus on security is an ongoing effort as hackers continue to try new techniques to break into systems. It is not possible to declare security tasks completed nor should you assume your APIs are ever 100% secure. But there are principles, technologies, and techniques that can minimize the risk and provide the highest probability of success in stopping both intentional and inadvertent misuse of business assets.

But how is this accomplished?  To address this topic, we have published a white paper titled, “Principles for API Security”.  The goal of this paper is to focus on a set of security principles to drive the highest possible level of API protection.  Covered topics include:

  • Strategic API Economy Security Principles
  • Basic API Security Principles
  • API Exposure, Scope, and Positioning Principles
  • API Gateway Security Principles
  • Recommendations

Security discussions are often very technical, delving into how to deliver a desired security capability. Rather than focus on how, this paper focuses on why – highlighting the objectives that need to be achieved to have a more secure posture, and why not meeting the principle is a potential security issue. Technology is ever evolving with new technologies emerging all the time. Security principles are longer lasting. While the technical implementation of a principle may change, the principle should remain valid.

Please click here to download the white paper. 

 If you have questions, please let me know.  Connect with me via twitter @Arglick to continue the discussion. 

Alan Glickenhouse
Alan Glickenhouse is the IBM Digital Transformation and API Business Strategist.  Alan assists clients with their business and IT strategy for Digital Transformation and the API Economy.  Starting with an understanding of the business direction, current IT strategy, and existing environment (both business and technical), Alan helps businesses successfully adopt a Digital Transformation and API strategy that fits their environment. He meets clients in all industries, all geographies, and of all sizes and brings knowledge of best practices shared with and by these businesses.  Alan is the author of over 150 papers, articles and videos on these topics.  

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture