Event: ISACA Las Vegas Chapter Event - API Security and Legal Risk Management
Speaker: Dr. Baljeet Malhotram Founder & CEO of TeejLab
Topic: API Security and Legal Risk Management
Title: ISACA Las Vegas Chapter Event - API Security and Legal Risk Management
Synopsis: APIs are transforming our digital worlds by enabling the next industrial revolution driven by AI/ML and IoT solutions. APIs impact organizations both positively (through innovations, newer business models, competitive differentiation, etc.) and negatively (due to security vulnerabilities, business disruptions, legal and compliance issues etc.). These impacts are growing profoundly with evolving API ecosystems within enterprises as well as globally. Industry Trends: (1) 96% of applications contain some Open Source. Source: Black Duck 2020; (2) 83% of internet traffic is via APIs vs 17% HTML. Source: Akamai 2019; (3) 99% of Open Source applications contain some Web APIs. Source: TeejLab 2021; (4) By 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019. Source: Gartner; (5) By 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. Source: Gartner Research, "How to Build an Effective Security Strategy". Given these trends it is imperative for Security, Compliance and Audit professionals to get a handle on APIs before things get out of control, if not already, by managing API risks proactively. This session will provide an overview of an API governance framework to manage API security and compliance risks. This framework is inspired by the Zero Trust model that enterprises can adopt for effective API Risk Management. We’ll highlight best practices, both manual and automated, with relevant tool recommendations.
Speaker Biography: Dr. Baljeet Malhotra is an award-winning researcher and a global tech leader known for his work in Open Source and API Risk Management. He founded TeejLab in 2019 and steered the team to build API Discovery and Security™, world's first end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys for $565 million). He also served as Research Director at SAP and Senior Software Engineer at MahindraTech. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC. He has given numerous ISACA, ISSA, IIA, ISC2, OWASP talks globally, and published several papers, patents and articles.