Traceable AI, the industry’s leading API security company has announced the industry’s first API security Reference Architecture for a Zero Trust World. This can be utilised by security leaders as a guide for integration of API into Zero Trust Security initiatives. Zero Trust is a cybersecurity framework to highlight continuous verification and helps to reduce the attach surface. This has acted as a solid step in enhancing security for many organizations, including many large enterprises and US Government.
The regular Zero Trust approaches ignored the API layer which is very crucial and focused mostly on the network-level controls and identity access management. The Security Reference architecture is aligned with the NIST Zero Trust Architecture, a widely accepted, vendor-neutral framework that is used by governments as well. It is a trusted and reliable solution because of assurance of compatibility, interoperatbility and adherence to industry standards.
The detailed list provides information how to have a working Zero Trust for APIs:
- The document gives detailed information on how to have advanced API security measures that are specific for APIs and robust.
- It recommends on having a detailed risk management for APIs like user authentication, authorization, asset risk assessments, and how to manage/mitigate risks.
- It also looks into the reasons for organizations to have better visibility and control, i.e monitoring and recording all API transactions for a better analysis, threat detection and incident response.
- With the categorization of data, compliance and data protection is improved, and becomes more compliant with HIPAA, GDPR, PCI-DSS, reducing the reputational damage for the company.
- The reference also recommends having an integration with XDR, SIEM, and SOAR solutions to improve the security posture, streamline security operations and automate response actions.
- A scalable and flexible architecture can be achieved by having a flexible distribution model for PEPs and data collection points.
- Align also with the NIST Zero Trust Architecture to ensure compatibility, interoperatbility and the ability to evolve
The reference architecture is available to organizations for evaluation and implementation
News source: Traceable AI