The conundrum of API Security and Zero Trust

Twenty years ago, we went to work and the work at the office. We didn’t take our laptops, smartphones, tablets… home. We didn’t work from a coffee bar or a hotel lounge. It was enough for our organisations to rely on perimeter protection. But these days with all kinds of hybrid environments and the growth of cloud storage, this simply isn’t enough anymore. Now, we need ‘zero-trust’ architecture. Zero trust advocates building trusted environments to host applications, systems, and data that operate with the least privileged access. However, this architecture tends to make APIs quite difficult to operate. API, or application programming interface, is a way for two or more computer programs to communicate with each other. Here are three examples of how zero trust methodologies have difficulty protecting APIs:

APIs enable business applications: All your applications need to run together smoothly and for that you need APIs. Without those, you would have no business to run.

Unknown APIs can’t be protected with zero trust: APIs are being developed so quickly and changed frequently. You simply can’t track them all manually.

Many API attacks stem from authenticated users: And that’s the bummer. Even when all users have been authenticated by zero trust, API security incidents still occur. Breaking into one application, can lead to breach in the others.


The Salt Security API Protection Platform can help protect you critical services and data.

Learn More