Zero Trust for APIs: Securing Userless APIs with Multi-Factor Authentication

Anusha Iyer, Corsha

Cyber attacks against APIs are accelerating. Much of the cybersecurity focus has been on protecting APIs that back applications used by humans. However, a large segment of API traffic is between machines, where no human is involved. Security solutions for this userless API segment have proven difficult, but a new security approach has emerged leveraging cybersecurity lessons learned in the human user context. Corsha has developed a method for dynamic, fully automated multi-factor authentication (MFA) for userless API traffic. In this session, we will explain the security principles involved, how MFA can be implemented in connection with modern automated pipelines and how Corsha is working with Kong to make this security solution available to enterprises.