Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

What the CPRA Means for the CCPA

In the fall of 2020, voters in California approved the California Privacy Rights Act (CPRA). Touted as California Consumer Protection Act (CCPA) 2.0, the CPRA is more an addendum and expansion of CCPA rather than an entirely new law. Think of it as an update that fixes unclear parts of the previous law and adds new systems to better handle the existence of the law itself. As there are a few “breaking changes”, the 2.0 moniker is pretty apt for those in the software world.

Understanding CCPA Compliance

The General Data Protection Regulation (GDPR) set a huge precedent in modern digital privacy regulation. We've seen regions throughout the world adopt similar data protection laws in the time since its inception, and the financial liabilities are only part of the story. Customers and users of software products are now savvier than ever when it comes to understanding the importance of data privacy rights.

API Security in a Digitally Transformed World

One unexpected consequence of the global pandemic is the acceleration of digital transformation across organizations of all sizes. With so many employees working from home, organizations realized they needed to upgrade to a cloud infrastructure to support everyone working remotely. As applications moved from on-premises to the cloud to support these new remote users, organizations needed to think about the APIs and microservices that connected users to essential applications.

The Essentials of Personally Identifiable Information (PII)

Modern privacy regulation is centered around the concept of personal information. The General Data Privacy Regulation (GDPR) popularized it, but since then similar initiatives—like the California Consumer Privacy Act—have expanded on the definition of "Personal Information." If your application collects any kind of information about your users or customers, it is important that you track when, how, and for what purpose you are collecting their data.

Top 7 API Security Risks (including prevention tips)

In this app-driven world, APIs are the infrastructure providing highways for ensuring smoother transport of sensitive data. Insecure APIs add to top security risks faced by web applications and act as an easy invite for hackers. Just because APIs deal with data at the backend does not mean they are hidden from the plain view and are safe. This article provides you an API security checklist that can be used as a basic benchmark before the release.

ISO 27001: Should You Expect it From Your API Vendors?

ISO 27001 is a way for companies to prove a certain standard of security to their customers. You may recognize ISO as the standards body that issues international standards and classifiers for all kinds of products and services, including date and time standards, country and currency codes, and structural systems—like the ones we’ll be discussing in this article.

SOC Reports and Why Your API Vendors Should Have Them

Your business relies on third-party APIs to operate. Sometimes they enhance your capabilities, and other times they bridge the gap between your business and where your customers are through integrations. Either way, the intermingling of data and services between your business and these third-party vendors can put your business at risk. When it comes to ensuring these providers are handling data securely, SOC 2 has become one of the most common security frameworks for tech companies.

Understanding an API Provider's Privacy Policy

Regardless of what industry your company belongs to, you are obligated to think about the privacy of your customers. Not only is it good business, but privacy expectations have been set through regulations like the EU’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and many others across the world.