According to F5's State of Application Strategy Report, as organizations struggle to respond to a growing threat landscape—and as they work to secure their apps and APIs—multi-cloud complexity and difficulty enforcing consistent security top the list of challenges.
A Sweeping Collection of API Sprawl Challenges
To help app developers and security teams join forces to successfully address API security challenges, Google Cloud and F5 came together for a special webinar event, Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem. The conversation uncovered several relevant and actionable answers to the hard-hitting questions organizations have—or should have—about API sprawl, management, and security.
If you couldn’t attend the live session, don’t worry; you can catch a few of the highlights in this blog post and also access the on-demand recording.
The event, which ActualTech Media’s Jess Steinbach moderated, also included distinguished presenters Joshua Haslett, Strategic Technology Partner Manager at Google Cloud, Ian Dinno, Senior Product Marketing Manager at F5, and David Remington, Director of Product Management at F5. Together, they sat squarely on the API security hot seat to provide attendees with expert advice and practical guidance on adopting a more holistic app and API security strategy across the organization.
Finding the Path to Secure APIs
One of the main points made during the discussion revolved around finding the right path to a holistic approach, which has become even harder to tackle as the number of APIs utilized throughout an organization’s application ecosystem continues to grow at an unprecedented rate. As highlighted by one of the attendee’s questions, the security, governance, and efficiency challenges introduced by API sprawl are only compounded by the increased adoption of hybrid cloud infrastructure and the slew of microservices that make complex multi-app business processes work.
To address the risks associated with API sprawl—such as data breach, account takeover, and fraud—an organization's application security program must include API protection technologies that deliver continuous discovery and monitoring, runtime protection, and real-time posture management. The program must also be supported by a process that keeps the CI/CD pipeline moving by easily integrating security methodologies and code testing earlier in the software development lifecycle in a way that doesn’t delay releases, negatively impact the user experience, or introduce application downtime.
The Path to Security Must Adapt and Grow with the Business
Chances are, when you think your team has a suitable picture of what APIs are running and where they are running, a new app or API endpoint is added, or updates are made to an existing one. This could be a new third-party service, or multiple new or updated APIs that may not be visible to the teams responsible for security, and that adds new vulnerable entry points and exposure for an organization. It’s a never-ending battle to stay on top of the sprawl, making it even harder for security teams to assess and protect these services individually and as part of a fully functioning application.
Speaking to the increased risk of the threat landscape concerning the expanding complexities of the application infrastructure, Ian and David took a firm position on how AI and machine learning will have significant roles to play in API security, both in the scope and scale of attacks and in the protections required.
Another critical factor that the panel discussed during the webinar is the need to gain visibility into the state of API security. One attendee, for example, described to the panel how they’ve recently begun to see performance issues and other disruptions in some of their systems and applications. However, they couldn’t easily ascertain whether they were seeing signs of API sprawl being exploited by active attacks. This appears to be a common problem that many teams are struggling with.
Google and F5 Help Deliver Safe, Fast, and Seamless User Experiences
The conversation also presented several best practices for adopting a proven approach to employing good API security practices. One key element in this regard includes augmenting existing app security infrastructure to protect an ever-growing number of APIs.
This is where F5 web app and API protection solutions come into play, helping organizations like yours reduce complexity in hybrid and multi-cloud environments, making it easier for your teams to deliver secure digital experiences at scale. Google Cloud and F5 allow you to maintain safe, fast, and seamless user experiences in your current infrastructure while preparing the environment you aspire to evolve your business into.
Again, we appreciate your interest in this important topic and invite you to experience the discussion firsthand by accessing the full on-demand recording of the webinar, Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem.
If you have any questions, we welcome a follow-up conversation with you by contacting one of our API protection experts in our F5 Distributed Cloud team.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...