How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

Security Strategy & RoadmapThreat & Vulnerability Management
2.2k viewscircle icon2 Comments
Sort by:
Senior Director Of Technology in Softwarea year ago

We do internal vulnerability testing of 3rd party APIs like we do for ours.

Lightbulb on1
Director of IT in IT Servicesa year ago

We evaluate third-party API security through comprehensive risk assessments, focusing on authentication protocols, data encryption, and vendor compliance.

Content you might like

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

Excellent (more than enough)11%

Good (we have enough to reach our goals)52%

Acceptable (could be better but we make do)34%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

View Results

Are software engineering managers at your org required to complete training on DevSecOps/secure development?

Yes - managers must complete training47%

No - training is available but it is not required 40%

No - training is not available and not required for managers12%

Other

View Results

Our company deeply entered in the Microsoft world (EntraId, M365, Azure).  Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?

How have you dealt with employee pushback on the addition of new controls, especially for monitoring? Do you address their concerns around privacy, etc, proactively to get their buy-in?