2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Amid explosive growth, API security a growing concern

apple-touch-icon-144x144-precomposed.pngAmid explosive growth, API security a growing concern>
Tech Target – Security – Arielle Waldman
A rapid digital transformation over the last five years contributed to those challenges, with APIs expanding to cloud services, microservices and mobile apps. The onset of COVID-19 contributed to the growth, according to a Google report titled “A State of the API Economy 2021.” Businesses responded to the pandemic by accelerating digital transformations as they transitioned to remote work.

The report found that out of the 700 IT executives surveyed, nearly three in four organizations continued their digital transformation investments. APIs played a primary role, particularly as the “backbone of digital business ecosystems.”

While enterprise security teams typically know when developers are creating a web application, the velocity at which APIs emerge is taxing. Idan Plotnik, CEO of application security startup Apiiro, said because so many new APIs are being developed daily, it becomes much more likely that a mistake, security issue or exploitable design issue will be created along with those APIs.

The rate of emergence is so rapid that Sandy Carielli, principal analyst at Forrester, said it’s easy to lose track. One of the biggest issues that Forrester customers face with respect to APIs is the inventory. “They don’t know what they have. And it’s very easy to have legacy APIs that are perhaps sitting out there,” Carielli said.

Lack of visibility affects all companies, no matter the size. Carielli said most organizations don’t have a full view of its APIs. Plotnik agreed; whether it’s company with 100 developers, or a large enterprise with 15,000 developers, Plotnik said they don’t know how many APIs they have.

According to Sullivan, the biggest struggle for API security lies with the building blocks of authentication. This has grown in importance with APIs’ increased access to critical data. Over the past six years, Eliyahu observed APIs emerge as one of the most critical attack vectors.

Experts say further effort and prioritization is needed to secure APIs. One area that requires a level of maturation is communication, which Sullivan said is absent in many organizations Mattson agreed that a major challenge today with API security is a lack of communication among stakeholders.
Link: https://searchsecurity.techtarget.com/feature/Amid-explosive-growth-API-security-a-growing-concern

Categories:

Tags: