Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development

Navigating API Integration With a Zero Trust Approach

Rohit Rane, CISO of HDFC Pension on the Need to Validate Each Connection
Rohit Rane, CISO, HDFC Pension Management Co.

IT organizations are constantly creating new APIs to link to external services, but how can security teams ensure these APIs will integrate with zero trust principles? The first step is finding out which APIs fit with the architecture, said Rohit Rane, CISO of HDFC Pension Management Co.

See Also: ESG Research Report: Securing the API Attack Surface

"When we are deploying zero trust architecture, it is required to understand what kind of infrastructure we're having, whether it supports such architecture," Rane said. "The typical approach that is taken in APIs is always a token-based approach. When two different applications sitting on two different environments call each other for any data transfer ... you have a token, and on top of that you have static API keys."

To secure APIs, every connection and endpoint requesting access to any data source should not trusted automatically. Zero trust requires validation for each connection, he said.

In this video interview with Information Security Media Group, Rane discussed:

  • Feasibility testing for zero trust adoption;
  • The importance of a token-based management system;
  • Challenges in zero trust API Integration.

Rane is seasoned technology and cybersecurity leader with overall 19 years of experience in securing companies across multiple industry sectors. He has received several industry awards and accolades for key security projects and security industry contribution.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.