Globe taps Traceable AI to strengthen API security

Globe said it has partnered with Traceable AI to enhance its API security capabilities.

File photo: Globe Telecom logo

Importance of API security in today's time

These days, some providers in the global telco industry have reported large-scale data breaches due to exposed APIs. 

Globe’s partnership with Traceable showcases the value of cybersecurity in an important but vulnerable field, the telco said in a statement.

One of the country's leading telco companies said it relies on APIs in many aspects of its businesses. Aside from providing internet connectivity for its over 87 million customers, the Globe Group also delivers health and financial services via mobile applications, it noted.

APIs are the backbone of the Globe Group’s business and growth strategy. For our telco and non-telco businesses such as our fintech arm GCash, our customers are getting habituated to using mobile applications, making it easier to transact with us. However, the use of APIs comes with a substantial number of related and inherent risks that could result in damaging data breaches, said Anton Reynaldo Bonifacio, Globe Group Chief Information Security Officer.

Jyoti Bansal, CEO at Traceable, also expressed they are thrilled to work with Globe in helping the telco protect its APIs and customer data.

APIs are now the universal attack vector. They are dangerous because they expand the attack surface across all vectors, and therefore, present the largest attack surface we have ever encountered in the industry. In the past, hackers had to find ways of bypassing existing solutions, such as WAFs, DLP, API Gateways, and other solutions, in order to find data and disrupt systems, he said.

Now, they can simply exploit an API, and obtain access to sensitive data, and not even have to exploit the other solutions in the security stack. This is why more organizations need to take API security seriously, and make it an integral part of their broader cybersecurity strategy, Bansal added.

With Traceable's API security platform, Globe said it will be able to strengthen its security infrastructure, gaining valuable insight through API discovery and security posture, protection against sensitive data exfiltration, and threat management.

Bonifacio said for the company to address the risks, Globe is "implementing a Zero Trust approach for API access."

This strategy ensures that we eliminate implied or persistent trust for APIs, which adds an additional layer of security to our system. This is a part of our proactive approach to protect our customers better, he explained.

Globe's proactive approach to cybersecurity reflects a larger trend in the Philippines on improving cybersecurity measures. Other industries including banking and financial services have already implemented stricter risk management protocols as it pertains to API security.

The Bangko Sentral ng Pilipinas (BSP) has also released Memorandum No. M-2022-016 for API security controls including the adoption of good practices for API management.

What do you think about this?