What kind of automated catalog do you use for keeping a list of all 3rd party software API integrations exchanging data to external 3rd parties? Additionally, who does the data classification for all these software integrations in your org? A major issue that we are seeing is dependence on 3rd party software services being called from the various code bases is increasing, and declaring all data sub-processors accurately is a challenge in terms of communication between teams and visibility when audits and customer data privacy requests come through.

695 views9 Upvotes4 Comments

Sort by:

IT Manager in Energy and Utilities2 years ago

I agree that one of the first things to do is establishing governance. In my organization, our application architect developed a web based tool to catalogue all applications, their owners, type of data used, APIs, type of APIs, locally developed or 3rd party …etc. The decision to classify the data is governed by our data classification policy which is under Data Architecture team. The security classification is also done by our cybersecurity team.

Associate Director, IT2 years ago

I would start with establishing a API Governance body which will include Lead Developers/Architects. Then start analyzing with the biggest platforms first - Salesforce, AWS etc. You should do it platform by platform. We have very effective IDE's and configuration tools which will give the list of all the end points in the code and metadata with some regular expressions. Once you have the list made, keep adding the new ones to the list as the team identifies them. Let the Governance body act as an SME and guide the future implementations. In parallel run a "Technical Debt" program which will either fix the issues in increasing sprints or re-design the whole thing with some new design pattern (Microservices?). And also, the Governing Body should analyze if you need to consume so much data from the 3rd party applications. If any of it is static or doesn't change frequently (lets say quarterly), batch jobs will help to bring in the data. It will also improve the performance of the application.

Chief Information Security Officer in Healthcare and Biotech2 years ago

put rate limits

IT Manager in Transportation2 years ago

Limit you APIs and depend more on internal solutions.

Content you might like

Do you feel confident in your current process for taking inventory of all your org’s apps?

Completely confident21%

Mostly confident71%

Not quite confident6%

Not at all confident1%

View Results

Looking for a replacement / upgrade to SolarWinds Orion. Its main purpose would be network and telecom monitoring. Prefer something with Ai and NetFlow capabilities. Does anyone have any suggestions or experiences to share?

Shadow IT can increase innovation—agree or disagree? Let's hear the reasons behind your answer.

Strongly agree16%

Agree70%

Disagree12%

Strongly disagree

View Results

What’s your “hot take” when it comes to security questionnaires?

I am looking for an end point DLP solution for our cloud pc (Windows 365) environment. Any recommendations would be greatly appreciated. Our current solution is not scalable for the cloud environment.