New Cloudentity CEO Jason Needham Talks API Attacks and the Importance of Automation & Governance

Cloudentity recently announced the appointment of Jason Needham as chief executive officer and member of its board of directors. Needham brings over 25 years of leadership experience across application networking, IT automation, cloud security and SaaS solutions to his role at Cloudentity, where he will lead the company during its accelerated growth period.

Most recently, Needham served as senior director of multi-cloud security at VMware, where he oversaw engineering, product and marketing of emerging cross-cloud security and management services after the company acquired CloudCoreo, a startup he co-founded two years prior.


We sat down with Jason to discuss his new role, the dangers of API attacks and what makes automated authorization governance critical to secure API breaches.


Tell us about your background and what led you to become the CEO of Cloudentity.


I have 25+ years of leadership experience across application networking, IT automation, cloud security and SaaS solutions. I was drawn to Cloudentity because of the great potential and value proposition of the company. Cloudentity meets the rapidly growing need for modern identity, authorization and consent solutions in the market across all different industries. I’m excited to lead the company during this accelerated growth period. Before joining as CEO of Cloudentity, I served as senior director of multi-cloud security at VMware, where I oversaw engineering, product and marketing of emerging cross-cloud security and management services after the company acquired CloudCoreo, a startup that I helped co-found two years prior.

Gartner predicts that by 2022, API attacks will become the most frequent attack vector, causing data breaches for enterprise web applications. Why is this such a major issue today?


APIs are essential for driving new digital business revenue growth for enterprises and transforming decade-old business models. However, APIs can actually create more risk for enterprises because they are vulnerable to a broader and more complex series of threats than web apps typically face. Major API breaches such as those at Capital One, Walgreens and T-Mobile are prime examples illustrating how perimeter-based approaches to securing web applications are not scaling well for APIs.

There’s another side of the API security story as well which is more about an organization's ability to extend access and target the data that they want to share. It’s not just about keeping the bad guys out, but also about how to enable the business and deliver a seamless customer experience by targeting the information we need to share. How do companies distribute, control and manage an increasingly complex set of policies across a growing number of API endpoints? This growing complexity is also conspiring against security as customers need a simpler, less error-prone way to define and manage their data access policies.


Can you explain why modern application authorization and consent are critical for keeping enterprises secure from API breaches?


Two-thirds of cloud breaches, according to an IBM Security X-Force Report, can be attributed to misconfigured APIs. As data-sharing through APIs increases exponentially, organizations must ensure that all entities, including users, services and APIs, are continuously identified and authorized. However, traditional IAM solutions weren’t designed for the new sophistication of identity-related API vulnerabilities. To prevent these vulnerabilities, security-first organizations are adopting a modernized approach to identity authorization and governance, so that users have secure control over who has permission to access what data.

Today, cybercriminals can easily bypass tools like multi-factor authentication (MFA), pose as a user and access data shared through an API. Therefore, enterprises must implement solutions that provide fine-grained authorization with the intelligence to understand the specific conditions and parameters in which data can be shared. Modern authorization technologies and techniques can securely verify both user and service identity while mitigating inconsistencies and errors associated with traditional IAM solutions. A Zero Trust approach is also critical to determine the “who, what, where, when and why” of each transaction and to define each policy and user permissions based on their context.


Why are application authorization and consent solutions needed for companies to bring modern apps and services to market quicker?


Recent data reveals that 44% of enterprise IT practitioners report experiencing substantial API security/privacy issues in the last 12 months, and as a result, 97% experienced delays in releases of new applications and service enhancements. To overcome these delays, many enterprises are adopting pre-built solutions to automate application authorization and consent, which speeds up deployments and time-to-market for new services. With a modern application authorization and consent solution like Cloudentity, enterprises have increased visibility and control over where API data is shared and how it flows between APIs and distributed services, whether it’s on-premise or in the cloud. In turn, this improves the organization’s development agility, mitigates risk and enables faster delivery of new applications and enhancements.


###