Tie a metaphorical string to your digital transformation and
give it a yank. It could be a string or you may need a rope depending on how far you've transformed. Its girth determined by the volume, value, and sensitivity of the underlying data.
Either way, APIs are probably attached to the far end. Way out there close to where users and partners are. Mobile apps, third
parties, whatever, and wherever you’ve got data and information to share via APIs.
The strength of the line represented in strength of the security bargain upheld with your API secrets.
A bargain, a potentially fragile agreement, may be in place that requires trusting the holders of your API secrets to keep
those keys properly secured. More precisely, trusting them to keep their access
and your data secured. And, there is a lot to that of which you aren’t in
control.
Will you be able to keep the security of your API secrets reigned in? Or will the line break?
Will you be able to keep the security of your API secrets reigned in? Or will the line break?
API secrets aren’t hard to find.
Plaintext files.
Or in code.
Or uploaded to Git.
When unmanaged, secrets can last almost forever. How secret
is a secret that lasts almost forever?
So, you may have some work do.
Establishing API developer
standards.
Managing and rotating API
secrets
Implementing compensating
controls.
Do these and you'll be able to maintain control of APIs with a stronger security bargain that matches any girth required.
More firmly governed.
Less fragile.
Less risk of breaking.
Less risk of breaking.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
The Problem With Cyber Security Being Everyone’s Job
No comments:
Post a Comment