Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
CodeLogic 2023 Predictions: API Endpoint Governance Rises in 2023

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

API Endpoint Governance Rises in 2023

By Eric Minick, VP Product, CodeLogic

Application Program Interfaces (APIs) empower developers to deploy applications faster and with more capabilities than ever before. Developers revel in the capabilities from APIs that reduce mundane, repetitive work and ramp up release velocity. Company leadership notices when APIs lead to more productivity and innovation - and so do customers.

While APIs changed the game in many ways for developers, there is an ominous downside. A massive rise in endpoints exponentially expands cyber-attack surfaces. We've all seen the headlines where large companies experienced data breaches-and the serious fallout from the attacks. In today's world, it's more of a matter of when you'll be attacked than if, and companies need to focus on being proactive with their cybersecurity approach.

The Year of Endpoint Governance

In 2023, endpoint governance will rise as a primary cybersecurity strategy. Companies need to manage ALL (i.e., 100 percent of them) endpoints adequately, securing each to the highest standards to fend off the catastrophic (and costly) consequences of exposed, unknown endpoints.

API management technology is available to help from companies like MuleSoft, Google Apigee and Kong. However, it's not uncommon to see codebases so complex that it's almost impossible to inventory and manage every single endpoint.

Think of a large bank. It has critically important software that may be decades old or written by people no longer connected to the organization. It would be difficult to identify all API endpoints within their codebase, even with modern API management tools.

Not only is endpoint governance important from a best practices perspective, but regulation is on the horizon for some organizations.

Regulations Add Pressure

Recently, the New York Department of Financial Services (NYDFS) proposed amendments to cybersecurity regulation 23 NYCRR § 500 that would require a complete, accurate, and up-to-date inventory of all assets, which many interpret to include APIs. Further, many organizations not only have APIs in their proprietary software but also within open source and third-party libraries. Looming regulations could require identification and management for all of the above.

If business leaders aren't already sweating these looming changes, the stiff fines for noncompliance may shift their perspective. Carnival Corporation (along with several subsidiaries), which had multiple cybersecurity events over two years, was fined $5 million and required to forfeit its insurance provider licenses.

Start Planning Now

With stricter cybersecurity regulations on the horizon in New York, companies outside its scope may not have the same sense of urgency for endpoint governance. However, it's important to note that New York has set many precedents for cybersecurity regulation and it is not unrealistic to guess that these or similar regulations will expand to other areas.

Companies should view the new year as an opportunity to get ahead and get their endpoint governance under control. While getting started seems challenging, there are ways to meet pending requirements without a massive organizational overhaul.

An enterprise with a highly complex codebase should start with discovery. I would not be surprised to see that most organizations do not have an accurate inventory of API endpoints-even with API management tools.

The best way to prepare for inevitable regulatory intervention is to continuously scan codebases to build and maintain accurate inventories of API endpoints. Adopting emerging technologies for advanced binary and runtime scanning will help provide a more holistic view of the software architecture. From there, the organization can focus on continuous security and compliance.

New regulations or not, endpoint governance is going to rise as a top cybersecurity initiative in 2023 as companies work to reduce their attack surface and better manage vulnerabilities.

##

ABOUT THE AUTHOR

Eric-Minick 

Eric Minick is an internationally recognized expert in software delivery with over fifteen years' experience with continuous delivery, DevOps and Agile practices. Eric is the author of "Application Release and Deployment for Dummies" and is cited or acknowledged in the books "Continuous Integration", "Agile Conversations" and "Team Topologies". Today, Eric leads the product management team at CodeLogic. He joins the CodeLogic team from IBM, where his team delivered market leading continuous delivery and continuous testing tools.

Published Friday, December 23, 2022 7:33 AM by David Marshall
Get This Featured White Paper: Mind the Gap: Understanding the threats to your Microsoft 365 data
You may also be interested in this white paper: Zero Trust and Enterprise Data Backup
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567