to intimately understand how APIs behave in real-time.” Verloy recommended owning your API security infrastructure, albeit not in the manner that you would expect. Organizations should actively work to identify and address vulnerabilities in the same way that they should remain hands-on in creating and managing their APIs. This measure helps to prevent potential holes from becoming worse, thus helping to reduce or eliminate possibly devastating API exposure. Consider Cloud In its aforementioned report, Gartner estimated that 70 percent of all businesses will turn en masse to cloud-based protection service options over traditional WAAP software during the next two years. Although this option is by no means the catchall solution that many would hope, the prevalence of cloud-based security alternatives continues to make them an effective choice for many organizations with fewer resources or limited technical understanding. Cloud services, after all, are designed to take the day-to-day management onus away from the subscriber in favor of an outsourced services provider’s care. Plus, their very nature allows them to be constantly, automatically updated to better address the latest and most pressing known threats in the sector. API Management/ID If your business doesn’t have a clear view of its APIs and how they function, then it is very difficult to prevent information breaches, stem the attacker tide and maintain your bottom line. SC Media noted that companies are either unaware of – or fail to manage – as much as 30 percent of the APIs that they use. For this reason, modern organizations need to take any necessary steps in order to minimize dangerous issues such as misconfigurations, suspicious activity and outright cyberattacks. Particular recommendations include becoming more aware as to how your information flows, tracking and cataloging API info/metadata and classifying this information in a tiered, threat-level ranking system. By striving to accomplish this, your business becomes better equipped to not only be aware of configurations but to identify improper and weak ones that expose the API, and thus your data. Like many other areas, API security concerns will only mutate with time. By focusing on understanding the nature – and underlying context – of attacks, today’s organizations can become more adept at handling how their APIs are used and, in way too many cases, misused. Staying ahead of the day-to-day emerging trends in cybersecurity – and API security in particular – is by no means an easy endeavor. Shifting activity and constant, emerging threats are enough to confound most companies that are left to their own devices due to insufficient resources. Still, there are options available. The issue has become so prominent in recent years that there have even been conferences – such as April 2022’s APIsecure – that are dedicated solely to promoting improved API awareness and security posture. With APIsecure and other similar events, cybersecurity experts, attackers, defenders and developers collaborate to promote API security and improved public awareness and discourse. Particular areas of coverage tend to include how to improve efficiency in pinpointing and analyzing penetration, drafting more secure code and considering other options to maintain API integrity. Of course, this is all withgood reason. As API use continues to grow with increasing reliance on web apps, pay-per-use services and other areas, the all-too-real security implications can hit harder than ever. The API security policy that you enact has to be the right choice for your own organization’s need, and at least as important as other considerations. Where your data resides, how it interoperates with other digital infrastructure and the degree of its reliance on third-party agents and sensors are all factors in making the right decision. Regardless of where your company lands on this need to enforce firm API awareness and security, however, one thing remains all-tooobviously clear: the malicious bad actor has no concern that you’re not aware of your API security risk. J rwsmagazine.com 0 2 4 6 8 10 Modernizing the Digital Workplace Volunteers Non-Volunteers Source: Freeform Dynamics, March 2022 Attrition Rates Over 2021H2 Source: Stanford University; Trip.com 1 is unimportant and 5 is highly important On a scale of 1-5 how would you rate the value of each of these attributes of an API security platform? Source: Salt Security Stop attacks Identify all APIs, including undocumented APIs Identify which APIs expose PII or sensitive data Implement shift-left API security practices Streamline API incident response and investigations Cover the OWASP API Security Top 10 Meet compliance or regulatory requirements 5% 3% 6% 26% 26% 40% 10% 38% 28% 22% 9% 35% 32% 23% 3% 6% 3% 6% 28% 26% 32% 25% 30% 39% 7% 36% 27% 27% 12% 22% 21% 41% 1 - Unimportant 3 - Somewhat important 5 - Highly important 75% 28% 47% 68% 25% 43% Strongly agree Agree Neutral Disagree Sgrongly disagree As we move forward, it doesn’t make sense to just perpetuate old ways of doing things We need to get away from IT teams having to spend so much time on desktop delivery 5.0 4.5 6.1 9.6 7.2 4.7 0 2 4 6 8 10 Control Tr ated Control Treated Percent Percent 13 REMOTE WORK SOLUTIONS
RkJQdWJsaXNoZXIy NTg4Njc=