Tech companies building cloud-native applications face a set of unique and rising data protection challenges. At Bearer, we had the chance to speak with 100+ data security and privacy professionals including Chief Information Security Officers, Directors of Security Engineering, Application Security Engineers, Data Protection Officers, Privacy Engineers, and many more. Here are the top concerns that keep them up at night.

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

End of summer 2020: Bearer takes the decision to pivot. We have been building an API monitoring & debugging solution for engineering and DevOps teams. We have a stable product and dozens of users onboard. Even so, after months of iterations product adoption is still low and our positioning with all-in-one monitoring solutions is disadvantageous. Product-Market-Fit (PMF) is definitely not in the line of sight.

Bearer has partnered with Trace to help companies leverage the best of services and software and build a connected compliance program. Bearer is innovating data risk assessments to build intelligence and stack visibility at scale, while the Trace team brings decades of client-led professional services experience in privacy and data security. Together, the two companies bring the best blend of human and tech capabilities to shape the future of compliance.

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.

Our product has been through many changes over the years. Both from a market standpoint, but also technically. Over the last year we’ve simplified our architecture and moved away from a traditional Javascript single page application (SPA) and gone back to our Rails roots. Here’s the story of why we chose Hotwire, what it’s allowed us to do, and where we hope to see it in the future.

The engineering organization of companies building modern cloud applications can get incredibly complex. Security teams are caught between the explosive growth of engineering teams and the fragmentation of software architecture. As a result, it can be a challenge to get a clear, complete and up-to-date view of engineering components. Bringing clarity about the software architecture is the first step to enable you to assess and remediate data security risks properly.