API Security Need to Know: Questions Every Executive Should Ask About Their APIs

API Security Need to Know: Questions Every Executive Should Ask About Their APIs

Using NIST CSF to Reign in your API Footprint


As your digital transformation accelerates, it’s API volume and usage has accelerated in tandem. It is also very likely that your API security efforts have lagged behind your increase in API usage. Unlike other more mature areas of cybersecurity, the API security market is still relatively nascent and fractured. When people talk of API security, they mean lots of different things – securing the API endpoints, implementing web application firewalls (WAFs), bot management, API governance, or monitoring.


Like the market, conversations in your organization about API security are likely happening in a fractured manner, if at all. Without a way to focus the conversation, various development and operational teams may be taking different approaches to manage API security risks. It’s a step in the right direction, but proper API security and governance requires clarity and consistency. One approach being taken by more than 30 percent of U.S. organizations, is to the NIST Cybersecurity Framework as a way to develop a shared understanding of their collective cybersecurity risks.


As you build out your API strategy, the NIST CSF will help you gain a baseline of information about the APIs used across your organization, identifying potential gaps in the operational processes that support them. Your baseline can help you not only communicate where the organization is today but will also help define a publication process that helps to ensure your APIs – and the data flowing through them – are robust and secure.


Below are some questions aligned to the NIST CSF that you can use to help establish the baseline of your API operations while establishing future goals and plans. With this informatio ..