Secure by Design – Building Zero-Trust API Architectures in the Cloud

API security goes beyond protecting endpoints—it requires defense across infrastructure, data, and business logic. In this talk, I’ll present a structured approach to implementing Zero Trust security for APIs in a cloud-native architecture.

We’ll cover how to establish a strong foundation across layers—using mTLS, OAuth2/JWT, policy-as-code (OPA), GitOps for deployment integrity, and cloud-native secrets management. The session addresses real-world threats like misconfigurations, privilege escalation, and API abuse, and shows how to mitigate them with layered controls in Kubernetes-based environments on Azure and AWS.

Attendees will walk away with actionable practices to secure their API ecosystem end-to-end— without slowing development teams down.


Sumir Arora

About Sumir Arora

With over 14 years of experience in cloud computing and integration, I am an VP and Sr. Solution Architect at Gemini Solutions, a leading IT services company. I hold multiple AWS certifications, including Solutions Architect Professional, SysOps Administrator Associate, and Solutions Architect Associate, as well as expertise in Azure, DevOps, Mulesoft, and Kubernetes.

I lead a team of engineers and architects in designing, developing, and deploying cloud-based solutions for various clients across industries, using Infrastructure as Code (IaC), GitOps, Azure Kubernetes Service (AKS), MuleSoft Flex Gateway,MuleSoft RTF, and MQ/Kafka. I also collaborate with other teams and stakeholders to ensure the quality, scalability, security, and performance of the solutions, as well as alignment with the business requirements and goals. My mission is to deliver innovative, reliable, and cost-effective cloud and integration solutions that enable digital transformation and business growth.

More About Sumir »