Gaining Trust in APIs and What to Look For

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) Handling personal data within the EU Handling credit card information 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 33

General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) International Organization of Standards (ISO) Handling personal data within the EU Handling credit card information Standards in information security 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 34

Twilio Compliance Security is at the core of our platform FIPS Level 3 ISO/IEC 27001 Twilio has deployed the ability for qualifying Twilio has considered all sections of the ISO 27001 standard customers to request their accounts be in scope and has no exclusions in the ISO 27001 Statement enabled with technology that meets the of Applicability. FIPS Level 3 compliance requirements. ISO/IEC 27017 PCI DSS Level 1 Strengthens Twilio’s ISMS to ensure controls in place are continuing to align with industry best practices ISO/IEC 27018 Twilio has expanded our ISMS to include controls that are Collect credit card data over the phone and/or make payment on behalf of customer applications focused on public cloud Personally Identifiable Information PCI Level 3 Merchant SOC 2 Accept credit cards as a form of payment, The SOC 2 reports provide assurance that controls at a but credit cards don’t enter our service organization relevant to selected criteria are environment operating as designed, either as of a point in time (Type I) or over a period of time (Type II) 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 35

Slide 36

Slide 37

Slide 38

Wear the customers’ shoes When deciding what to build, wear the customers’ shoes. Spend time with your customers and work hard to understand the world from their perspective. Build empathy and build with a spirit of hospitality. Earn trust through every interaction. 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 39

Back to Basics 01. OAuth 04. Limit API requests to limit DoS attacks Authorize with secure protocols like OAuth instead of Basic Auth 02. API Inventory Keep track of all the APIs you are using 03. Rate limiting 05. Limit payload size Don’t provide too much data, in the event of an attack Least privilege principle Each entity can only perform the minimum function required 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 40

Slide 41

Slide 42

Slide 43

Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile More movement Don’t just throw it Take only what is means more potential away necessary leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 44

Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile Trained Pros More movement Don’t just throw it Take only what is Only trained employees means more potential away necessary should handle leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Slide 45

Slide 46

Slide 47