Security News > 2021 > July > Rethinking Application Security in the API-First Era
This means that application security has moved beyond its "Doorman" status of asking "Who's allowed in?" Nowadays, application security should assume that users are already inside the application and focus on asking, "What do we allow them to do?", "What's the expected usage?" and "How do we stop undesirable behavior?".
According to Rob Cuddy, the Global Application Security Evangelist at HCL, the fundamental shift enterprises must make in their approach to application security is that securing the application perimeter from external penetration simply doesn't make sense in the era of APIs.
Learn more on how security professionals are rethinking application security.
To keep security at the forefront, they established a security champion program that puts two people on every team with the responsibility for ensuring certain security standards during development.
This program empowers visibility into application security at the organizational level via monthly meetings that focus on everything that's happening with security within the different application programming groups.
At Mastercard, for example, under the leadership of a CEO that has been focused on security from the get go, their corporate security team is at the heart of their business model and provides security services to all of their customers and to the ecosystem at large.