Forrester has recommended the use of a zero-trust security approach in API security to curb data breaches, according to VentureBeat.
Organizations should implement zero trust to scale API governance and implement policies ensuring attack protection for the appropriate API-level trust, which could not be easily achieved through a perimeter-based security framework, said Forrester.
Forrester also urged the use of least privileged access and microsegmentation in every software development life cycle phase, as well as the continuous integration/continuous delivery process. Implementation of least privileged access and microsegmentation could enable DevOps to accomplish API security testing across the process of deploying executable code, according to Forrester.
Organizations have also been urged to integrate zero-trust security in API lifecycle management.
"Whether your application is API-first, a classic client/server model, or a combination of both, follow the tried-and-true rules: Default deny, and don't trust client-supplied data," said Forrester, which also called on DevOps leaders to implement universal authentication.