Page 102 - Cyber Defense Magazine for August 2020
P. 102
Is API Usage Putting Your Organization Out of
Compliance?
By Matt Keil, Director of Product Marketing, Cequence Security
APIs (“Application Programming Interfaces”) are increasingly being used as the conduit for data
exchange between applications, infrastructure, and IoT devices. The recent explosion in cloud usage and
the urgency around digital transformation and creation of mobile apps has caused a steep increase in
the dependence of APIs as a way to speed and simplify development efforts. Today, most organizations
expose multiple APIs to customers and partners, published from different product teams, different
application stacks, and following various DevOps and security procedures, oftentimes, without consistent
security or compliance oversight. According to Gartner, by 2021, 90% of web-enabled applications will
have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019.
When secured, APIs are a smart way to interconnect endpoints and systems to transmit data and deliver
critical features and functionality. But, when published outside of your normal process (if you have one),
and left unprotected or misconfigured, they give hackers easy access to large volumes of data, and make
it easier to commit fraud and expose private data by automating actions normally done by humans
through web forms. In the end, the API provides the same benefits – ease of use, efficiency and flexibility
– to both developers and bad actors.
It’s important that compliance, privacy, and risk professionals dig deeper to understand the usage of APIs
across the organization, and gain insight into the vulnerabilities that exist so that risk can be measured
Cyber Defense eMagazine – August 2020 Edition 102
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.