Cybersecurity needs an API-first Revolution

By Patrick Coughlin

cybersecurity online accounts

While software is eating the world, it’s also siloing data along the way, stifling progress and innovation in the enterprise. Cybersecurity is woefully behind other industries in embracing an API-first mentality and it’s finally reached a breaking point.

In the last year, research compiled in the Cloud Security Alliance’s on Cloud-based Intelligent Ecosystems and the Ponemon Cyber Resilience Study states:

  • Enterprises deploy, on average, 47 different cybersecurity solutions and technologies. 
  • 69 percent report their security team currently spends more time managing security tools than effectively defending against threats
  • 53 percent say their security team has reached a tipping point where the excessive number of security tools in place adversely impacts security posture.

The enterprise demands from digital transformation combined with “unprecedented levels” of venture capital investment in cybersecurity over the last several years have created the perfect storm of tool proliferation for the modern enterprise cybersecurity leader. 

Other major departments, like financial services and sales and marketing technologies have certainly seen similar levels of supply and demand, so why is enterprise cyber security still so siloed? 

One common explanation, particularly at this time of year, is to point to the skills gap in cybersecurity. Every year, a barrage of statistics comes out from the usual industry rags and we collectively lament the lack of talent in the industry and the seemingly unstoppable growth in the number of open positions in cybersecurity. Late last year, ISC(2) put the number of open positions at over 4 million for an industry with about 2 million professionals. 

We seem to be caught in a vicious cycle of buying more tools to cover the gap in people only to find we don’t have enough people to operate the tools. This is what Chase Cunningham and others would call a “self-licking ice cream cone of misery”.

After two decades of user interface demo duels on conference floors and asking derivatives of “how do I get alerted?” is it any wonder that we have too many user-dependent products creating too many alerts? Do we have a skills gap or is it a data integration gap?  

Looking at other industries, is it possible that cybersecurity is just so unique? In other industries, there is a class of products that are the glue for the tools or applications. In cybersecurity, we are desperately lacking in these. 

Phantom Cyber and its fast followers were the first forays into this in security. Like Zapier, these stand-alone cybersecurity ‘Orchestration’ platforms are useful, but they are what Dave McCombs in The Data-Centric Revolution: Restoring Sanity to the Enterprise would call “IFTTs” – they can mimic human behavior by sequencing automated actions on top of APIs. They are API-first, but they lack a data-awareness that is critical for success in integration and automation. 

In other industries, we have seen a surge of successful API-first companies that are also data-centric, referring to an architecture where data is the primary and permanent asset, and applications (tools) may come and go. Unlike Zapier or Phantom which take data as an input and action as an output, at their core, these API-first data-centric platforms have data as an input and data as an output. And, by simply focusing on data transformation and normalization through a robust API, they bring integration, order and automated outcomes to their industry.

Takeaways – How do I know if it’s the right API-first product?

  • Language – Is it about the data? Or is it about the tool? Is this product trying to be the “one-ring-to-rule-them-all” weaving in words like “single pane of glass”? Or is it a decoder ring to help stitch data across your various products claiming to be a “single pane of glass”? 
  • Inputs & Outputs – Data-centric workflows where data is the input and data is the output. Will work off-the-shelf with your core detect and respond tools/apps and standalone orchestration tools.
  • Business Model – Not priced by the user, always a different lever, data processing units or numbers of integrations.

And, if you still can’t tell, get a product demo, if the whole demo takes place in their UI, the product is not API first, will require human cycles to manage and while it may add new capability, it will not augment other investments you’ve made or create efficiencies in your stack.

About the author

Patrick Coughlin

Patrick Coughlin is the Co-Founder & CEO of TruSTAR, a cyber intelligence management platform. Before TruSTAR, Patrick worked at the intersection of technology and national security for the U.S. and allied governments, as well as global Fortune 500 enterprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.