A Conversation about Zero Trust, APIs, and Mobile Security

complex systems

“The Juicy Data, the Services and the Data that the Bad Guys Are Trying to Get to, Are in the Server. They’re Not in the Mobile App”

Silo Busting 23: Zero Trust, APIs, and Mobile Security with David Stewart and Sam Rehman

May 20, 2021
sam david

The bad guys don’t necessarily want your apps. What interests them? Your APIs. In our latest #CybersecurityByDesign conversation David Stewart, CEO of Approov, tells Sam Rehman, our Chief Information Security Officer and SVP: “The majority of attacks that we see are not done by modified apps but they’re done by scripts which have studied the app to the extent of being able to impersonate traffic and transactions that look like they’re coming from a genuine app instance.” This allows the nefarious actors out there to bypass apps completely. Scary stuff. Stewart and Rehman focus their talk on subtleties of API protection and attribute-based access control in the context of zero trust. Now, for you, keeping the mobile experience safe is important, but it’s Stewart’s raison d'être.“The reason we exist is to tell the back end that the API request is coming from a genuine app instance, and to do that on a very fast refresh so that it makes it impossible for the bad guys to get hold of anything they can use.” Download this conversation and you'll soon be thinking about shifting left while shielding right.

Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon

Silo Busting 23: Zero Trust, APIs, and Mobile Security with David Stewart and Sam Rehman
filed in: complex systems, digital design