News

Jul 07, 2023

Why Identity Is Key to Baselining API Security Programs

API Security

API Security , Video

Having an API change management process is a critical component of a robust API management program, said Shaam Farooq, who is vice president of technology at Atlas Energy Solutions. Team members must review and approve changes as they happen and then communicate those changes across the IT and OT security teams, "to make sure everyone is aware," he said.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn't Start at 3pm

Identity management is also important for monitoring and logging abnormal activity happening on the API. "If you have proper identification management, priority access management developed behind an API, as well as what things it's accessing and what things it cannot access, that's where the baseline comes into place," he said. "At the basic level, all APIs should work on a service account, not a user account. Those type of basic things matter."

In this video interview with Information Security Media Group, Farooq discusses:

Farooq has over 25 years of global technology leadership experience in oil and gas, technology, manufacturing, and automotive industries. He has led technology functions for startups, Fortune 100 companies and privately owned entities, also overseeing cybersecurity and digital transformation. He previously served as CIO and CISO at Hyliion, CTO at New Fortress Energy, and CIO at Jonah Energy.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership