For many companies, APIs (application programming interfaces) allow them to more easily share data and streamline app development. This software go-between provides accessibility for applications to interact with one another. Whether you’re accessing work software from a mobile device, sending a message or checking your social media, you’re – even unknowingly – using an API. Many businesses employ this technology to make information and functionality more available to internal staff, partners and third-party developers, allowing them to seamlessly communicate across multiple applications. The problem, unfortunately, lies just beneath the surface. According to recent data, instances of API-based attacks have outpaced actual API traffic growth. Salt Labs recently noted that – despite a three-fold increase in using them – API attack instances increased by 681 percent, year-toyear (2021), with a staggering 95 percent of businesses experiencing some form of dangerous incident. “We moved from a model where tracking APIs and swagger files was enough,” said Curtis Simpson, the chief information security officer for IoT security company – and Salt partner – Armis. “We needed to continually build APIs in a rapid manner, monitor those APIs to ensure that they were protected [and] being used in a sound capacity … and to safeguard those APIs against potential exploitation.” In today’s climate, the demand for such WAAP (web application and API protection) functions has become huge, with Gartner noting that 40 percent of companies believe that “advanced” API will be their top concern in selecting third-party services by 2026. While there are many convenient benefits to using this technology, it is increasingly apparent that the dangerous potential for security incident should not be ignored. How, then, can your organization move to ensure data remains safe, despite the very necessary reality of having to rely on APIs every day? Stay Proactive Like most forms of security, success is contingent on remaining aggressive rather than reactionary. Options such as web application firewalls and malware scanners can play a hand in helping to keep your information safe, but they can also at times fall short. “Traditional security solutions only scan traffic … looking for anomalous behavior,” noted Filip Verloy of SC Media in a recent report. “Organizations should invest in modern API security solutions that identify API misconfigurations and also leverage AI (artificial intelligence) and ML (machine learning)-based models The API Dilemma SECURITY rwsmagazine.com By Brady Hicks How to secure what you may not even see 12 REMOTE WORK SOLUTIONS
RkJQdWJsaXNoZXIy NTg4Njc=