From Z to A - Extending Zero Trust to APIs

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journeys, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

At the upcoming New York CISO Executive Summit on June 26, Steve Winterfeld, Advisory CISO at Akamai, will tackle this question. Steve is leading a boardroom discussion with C-level community members on “From Z to A - Extending Zero Trust to APIs.”

Their discussion will focus on how CISOs can break the kill chain by stopping infection vectors and protecting against lateral movement, as well as data protection and increasing visibility for stakeholders. 

Ahead of the session, Steve is sharing insights on the topic and why CISOs should consider API-based access as they are implementing ZTA. 

Steve Winterfeld is Akamai’s Advisory CISO. Before joining the team, he served as CISO for Nordstrom Bank, as Managing Director of Incident Response and Threat Intelligence at Charles Schwab, and as Cybersecurity & Defense Group CTO at Northrop Grumman. 

He has a strong background in building operational and compliance driven security programs. He has also published a book on cyber warfare and holds CISSP, ITIL and PMP certifications.
 

Tell us a little bit more about your session, “From Z to A - Extending Zero Trust to APIs.”

As more senior cyber leaders are moving to both better protect access and minimize dwell time, they are implementing a Zero Trust Architecture (ZTA). However, many of them overlook the rapidly growing use of API-based access to sensitive application functionality and data. This session aims to facilitate collaboration between peers on the key principles to develop and deploy an integrated API strategy to ensure security from the network layer to the application layer. 
 

What are some of the challenges CISOs face in this area?

The group will focus on sharing best practices and advice around these challenges:

• How teams are using the MITRE ATT&CK kill chain to disrupt infection vectors and protect against lateral movement
• Shielding sensitive data and limiting how APIs interact with data
• Increasing real-time visibility across the business to mitigate threats

Why is it critical for Evanta’s CISO community members to have this conversation now?

We all understand the importance of getting cybersecurity right early, and with the tremendous amount of transformation leveraging APIs, now is the time to bake in strong security practices and capabilities. “Baked in” is always better and cheaper than “bolted on” – let’s help each other get this right. 
 

What are you most looking forward to about this session?

This should be a great session as many companies are leveraging APIs as part of transformation efforts, so it is essential to understand best practices our security peers are following. I am a great fan of learning from others’ scar tissue to avoid getting my own. 
 

You can join this conversation with Steve Winterfeld of Akamai at the Evanta New York CISO Executive Summit on June 26. Or, if you are not yet an Evanta community member, apply to join a CISO community to connect with like-minded security leaders on mission critical topics like Zero Trust architecture.
 

Special thanks to Akamai.

by CISOs, for CISOs
 

Join the conversation with peers in your local CISO community.