APIs Are a Massive Problem - We Just Don’t Know How MassiveCyberEdBoard Panelists Call for Reallocation of Budgets, More DevOps Accountability
API vulnerabilities are the largest unmitigated security risk not being addressed despite the size and scale of API breaches being described as "staggering," according to CyberEdBoard panelists Chase Cunningham, the Doctor of Zero Trust and ISMG global content contributor, and Richard Bird, chief security officer at Traceable AI.
People know there's a serious problem but are not moving fast to fix it, the panelists said. Among the challenges: siloed software developers and security professionals and no real budget for API security across the stakeholders of IT teams, developers, business units and security.
Developers need to implement API security technology, including using zero trust approaches, the two said. They also advised repurposing part of the budget from other layers of the technology stack to API security.
- The criticality of quantifying API security risk;
- Who owns API security in the organization;
- How to prioritize budgets and security structures to mitigate API risks.
Cunningham, aka the Doctor of Zero Trust, serves as the advisory board member of Akeyless. Prior to Akeyless, he was the chief strategy officer at Ericom Software, where he shaped the company's strategic vision, road map and key partnerships. He also served as vice president and principal analyst at Forrester Research, providing strategic guidance on zero trust, artificial intelligence, machine learning and security architecture design for security leaders worldwide.
Bird is a cybersecurity and IT operations industry veteran with nearly 30 years of experience. He has been a CIO and a CISO and he is also the former global head of identity for JPMorgan Chase. Bird has held multiple C-level roles advising organizations of all sizes, while serving as the chief customer information officer for Ping Identity, building security solutions for the market as a chief product officer.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.