API security goes beyond protecting endpoints—it requires defense across infrastructure, data, and business logic. In this talk, I’ll present a structured approach to implementing Zero Trust security for APIs in a cloud-native architecture.
We’ll cover how to establish a strong foundation across layers—using mTLS, OAuth2/JWT, policy-as-code (OPA), GitOps for deployment integrity, and cloud-native secrets management. The session addresses real-world threats like misconfigurations, privilege escalation, and API abuse, and shows how to mitigate them with layered controls in Kubernetes-based environments on Azure and AWS.
Attendees will walk away with actionable practices to secure their API ecosystem end-to-end— without slowing development teams down.
Sumir Arora is a Senior Solution Architect with 15+ years across cloud, integration, and platform engineering. His recent work sits at the intersection of platform engineering and AI—building agentic systems that bring autonomy to operational workflows like change management, troubleshooting, and API testing.
He designs for the hard part: letting automation scale without losing control. That means governance, guardrails, policy-as-code, and clear architectural boundaries—the things that make autonomous systems safe to run in production.