May 12, 2023
APIs need security, too
I’m still recovering from a fantastic and invigorating RSA Conference. While I was there I had the opportunity to interview several leading minds in the areas of cybersecurity and artificial intelligence. One of the exciting innovations that I learned of is called Zero Trust API Access (ZTAA) and it’s a platform made by Traceable. In plain language, ZTAA is a security solution that helps protect the ways computer programs talk to each other (called APIs) from hackers and other threats.
The system is unique because it constantly adapts to new risks and only grants access to the right users at the right time. It also helps organizations control the number of requests made to their APIs, preventing overloading, potential attacks, and API DDoS.
Dr. Jisheng Wang, Vice President of Artificial Intelligence and Machine Learning and Engineering, emphasized the importance of API security: "With the fast adoption of cloud-native and microservice-based software development architecture, APIs, which are often referred to as the glue that holds the software, applications, and services together, are unsurprisingly becoming the new attack surface of some business-threatening attacks including OWASP threats, abuse and fraud, and data exfiltration." Dr. Wang spoke extensively about the need for preventing fraud and collusion.
One standout feature of ZTAA is its dynamic data access policies. These policies help businesses set specific rules for who can access certain information and when, making it easier to protect sensitive data. Think of it as a digital doorman, checking IDs and only letting approved guests into the party.
Another great feature is its intelligent rate limiting. This helps organizations manage the flow of incoming requests to their APIs, which not only safeguards against potential attacks but also ensures a smoother, more efficient user experience. It's like having a traffic cop directing the flow of requests, keeping things running smoothly and safely. In a nutshell, ZTAA provides a safer environment for businesses to grow and innovate without worrying about their sensitive data being accessed by unauthorized users.