API Security , Video

Why Identity Is Key to Baselining API Security Programs

Security Expert Shaam Farooq on API Security Governance for IT and OT Programs
Shaam Farooq, vice president of technology, Atlas Energy Solutions, and executive member of the CyberEdBoard

Having an API change management process is a critical component of a robust API management program, said Shaam Farooq, who is vice president of technology at Atlas Energy Solutions. Team members must review and approve changes as they happen and then communicate those changes across the IT and OT security teams, "to make sure everyone is aware," he said.

See Also: OnDemand: 2024 Google Cloud Partner of the Year - Application and Infrastructure Security

Identity management is also important for monitoring and logging abnormal activity happening on the API. "If you have proper identification management, priority access management developed behind an API, as well as what things it's accessing and what things it cannot access, that's where the baseline comes into place," he said. "At the basic level, all APIs should work on a service account, not a user account. Those type of basic things matter."

In this video interview with Information Security Media Group, Farooq discusses:

  • The unique challenges of securing APIs in converged OT/IT/IoT environments;
  • Key elements of an API security management strategy;
  • The barriers to achieving good API security and how to overcome them.

Farooq has over 25 years of global technology leadership experience in oil and gas, technology, manufacturing, and automotive industries. He has led technology functions for startups, Fortune 100 companies and privately owned entities, also overseeing cybersecurity and digital transformation. He previously served as CIO and CISO at Hyliion, CTO at New Fortress Energy, and CIO at Jonah Energy.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.