bp Launchpad, the in-house business accelerator for bp, has selected Salt Security as its technology solution for API security.
The business accelerator aims to strengthen energy resilience by aiding in the growth of global startup companies within the renewable energy sector. The companies involved are digitally-led and help deliver cleaner, more affordable, and reliable energy.
bp Launchpad supports its associates by sharing its expertise, including in building technology infrastructure, across multiple business functions. Technology solutions are provided in an attempt to bolster capabilities and drive growth.
Tom Salmon, Head of Cyber for bp Launchpad, recognised immediately the importance of API security for their startup companies. These digital business are all dependent on APIs as the foundation for their applications and services.
“If an attacker exploits a Broken Object-Level Authorization (BOLA) flaw to manipulate API requests and alters an energy device, if they make a change to an asset that they shouldn’t have access to, that has real human impact – physical, real-world impact – and that’s our biggest concern,” Salmon said.
BOLA flaws occur when API calls include an identifier of a resource and the API grants access to that resource without checking caller permissions.
Tom and bp Launchpad recognise the risks inherent with APIs:
“We work alongside several digital companies going through a transformation to utilising hardware and other physical tech. The connectivity and data sharing core to their business requires data to pass through a central control, which poses a huge threat. If an attacker were to breach the central control they could cause significant disruption to business function.”
Companies are increasingly recognising that dedicated API security is critical to securing platform services. Gartner reinforced this last year when, for the first time, it added a separate pillar for API discovery and protection to its security reference architecture.
As the API attack surface expands, companies need more context to provide adequate protection. Tom believes that security teams have an obligation to provide solutions that reduce risk without complicating processes or slowing down business processes. Security is responsible for giving cross-functional teams the answers and dedicated solutions that make it easy to deploy and detect the growing number of APIs.