Globe, a telecommunications company, will be working with Traceable AI, an API security company, in strengthening its application programming interface (API) security capabilities. This is in response to the increasing incidents of data breaches because of exposed APIs.

Many of Globe’s businesses, apart from internet connectivity, are provided through mobile and web applications. Through Traceable’s API Security Platform, Globe will be able to strengthen its security infrastructure and gain insights through API discovery and security posture, protection against sensitive data exfiltration, and threat management.

“APIs are now the universal attack vector,” said Jyoti Bansal, CEO at Traceable. “They are dangerous because they expand the attack surface across all vectors and present the largest attack surface we have ever encountered in the industry.”

Globe seals P5.4 billion tower deal with Aboitiz-backed firm
Globe corporate data revenues up by 15% in Q1

Bansal explained that in the past, hackers had to find ways of bypassing existing solutions, such as WAFs, DLP, API Gateways, and other solutions, to find data and disrupt systems. 

“Now, they can simply exploit an API, and obtain access to sensitive data, and not even have to exploit the other solutions in the security stack,” he said. “This is why more organizations need to take API security seriously and make it an integral part of their broader cybersecurity strategy.”

Zero Trust

“APIs are the backbone of the Globe Group’s business and growth strategy,” said Anton Reynaldo Bonifacio, chief information security officer of the Globe Group. “For our telco and non-telco businesses like as our fintech arm GCash, our customers are getting habituated to using mobile applications, making it easier to transact with us.”

Globe noted that the use of APIs comes with a substantial number of related and inherent risks that could result in damaging data breaches.

“To tackle these risks, we are implementing a Zero Trust approach for API access,” Bonifacio said. “This strategy ensures that we eliminate implied or persistent trust for APIs, which adds a layer of security to our system. This is a part of our proactive approach to protect our customers better,”