Why The Focus Is Now On APIs
Professional Security, Monday, February 12th, 2024
Application Programming Interfaces (APIs) have become so integral to modern software architecture and the digital economy that regulators and standards bodies alike are now prioritising their security to keep data secure, writes Andy Mills, VP of EMEA, Cequence Security.
Regulations like GDPR, the Payment Service Providers Directive 2 (PSD2), and the Payment Card Industry Data Security Standard (PCI DSS 4.0) either indirectly or directly require them to be protected and secured. However, as legislation is updated, we can expect regulatory zeal to increase in this area.
Compliance in an API context can mean two things. Initially, it was used to describe the need for APIs to comply with a build specification to ensure APIs are produced to a uniform standard and use the same code, making it more straightforward to manage them. In contrast, regulatory compliance refers to the need to make the API conform to the demands specified in a government or industry standard, particularly in heavily regulated sectors. API governance is often used to describe the oversight of both forms of compliance and the implementation and enforcement of effective security practices.