Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

What are the Issues Facing CISOs Trying to Secure Their APIs?

In 2023, it has never been more critical for CISOs to secure API ecosystems.

There are many advantages to APIs. The main benefit is the interconnectivity of separate services and the exchange of critical data with employees, partners, and customers.

Securiti says API mistakes cause the biggest data breaches. Here are the top issues CISOs face in establishing a secure API structure.

API Security Program / Strategy

Wallarm says 48.8% of CISOs consider their API security program their top concern.

CISOs are tasked with figuring out what a comprehensive API security program looks like. There are many nuances and factors to consider with APIs. For example, when an API is updated, it may create new security issues it previously did not have.

Security strategies, therefore, can’t be static. They must also update or at least account for how changes in the API ecosystem could affect overall security.

But a secure API plan must be created. Security and IT teams depend on the CISO for guidance and direction. And CISOs are confronted by this reality.

Risk Assessment

Hand in hand with API security programs. SALT’s A CISO’s Essential Guide to API Security says risk assessment has never been more complicated.

The pace of development is only getting faster. That means risks must also be assessed faster. This makes priority management critical. Risks and vulnerabilities must be understood and addressed logically. 

Plus, API security investments need to be made wisely.  

Change Management for New APIs

The subset of API security strategy raises the concern of change management.

Process Tempo says:

“New APIs are deployed quickly without proper documentation, governance, and change control.”

Each new API deployment requires new infrastructure. And this requires a clear understanding of the integration, possible threats and vulnerabilities, and what steps must be taken under what circumstances.

API Threat Detection

Through many conversations with CISOs, Process Tempo identified detecting API threats as one of six top concerns.

Advertisement. Scroll to continue reading.

Many organizations aren’t aware of how many APIs they have. “Shadow APIs,” as it were, make it impossible to know all possible security risks.

CISOs must find a process for detecting and identifying all possible threats to API. Not just in real-time. But also in advance so that something can be done about it.

Attack Surface

34.1% of CISOs are most concerned with attack surface, according to Wallarm.

The growth of APIs is nothing short of explosive. Nordic API says over 90% of developers use APIs. While 69% use third-party APIs, 20% use internal or private APIs. 

MarketsandMarkets says the API management market size is expected to grow from $4.5 billion in 2022 to $13.7 billion in 2027.

Increased API adoption can only mean one thing—a growing attack surface. More APIs mean more risks and vulnerabilities to identify. And many of them can’t necessarily be identified upfront. Developers must move fast, so they often cannot address all concerns upfront.

Nevertheless, all attack vectors must be identified for complete security. This only gets more complex with additional integrations. Legacy APIs (that aren’t updated) can be problematic too.

Protection Perimeter

One of the key concerns to secure API, says Process Tempo, is that protection is rarely a one-and-done operation. In their own words:

“There is rarely a single ‘gateway’ to enforce protection.”

Many security structures may need to be created for different integrations and applications.

Process Tempo says API traffic consists of both internal and external usage. Application API protection is required for both.

Manual Security Configurations

Process Tempo indicates manual security configurations must be made for every new API. Secure API is a time-consuming task in an ecosystem with thousands of APIs.

IT & Cybersecurity Talent

12.2% of CISOs had engineers and staff experts as their top concern, per Wallarm.

CISOs believe that good IT and security talent help them improve API security. Experts can help find risks and vulnerabilities. They can suggest partners and vendors. They can recommend specific tools. They can even support CISOs at the strategic level.

In April 2022, Forbes senior contributor Edward Segal warned of security staff shortages. He quoted the Philadelphia Inquirer, which said there were almost 600,000 unfilled cybersecurity positions despite the U.S. cybersecurity workforce being one million strong.

Advertisement. Scroll to continue reading.

No wonder CISOs are so concerned about the availability of cybersecurity talent to prevent API security breaches.

Siloed DevOps & Security Teams

According to Process Tempo, as a subset of engineers and staff experts, CISOs voiced their concern for the sometimes-fractured relationship between DevOps and their security team.

They add that 30% of APIs were deployed without input from IT security. This means security concerns often aren’t addressed in advance.

Reliable Products & Vendors

Wallarm said 4.9% of CISOs believed trusted products and vendors were a top concern.

CISOs must be aware of all available solutions. But their job doesn’t end there. They must find the right products and vendors for their situation. There are many newcomers to the market. And that can make it hard to know who to trust.

Then comes the technical issue of identifying specific needs. Which solution best matches the API security challenges a CISO wants to address? These concerns can be discussed in the consultation. But of course, this requires additional time.

Conclusion: CISO Priorities 2023

What are your greatest concerns as you look to secure your integrations? How do you plan to secure your APIs? The journey begins with accepting that API security is an urgent need. Then, identify the right strategy and partners. API security is possible with the right API protection solution like AppTrana.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/secure-api/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Modern enterprises run dozens (and sometimes hundreds) of servers, services, applications, APIs, containers, and other technologies. To secure these resources, enterprises need tools to...

Cyber Security

INTERVIEW Securing web APIs requires a different approach to classic web application security, as standard tests routinely miss the most common vulnerabilities. This is the view...

Cyber Security

Amazon Web Services (AWS) has patched a bypass bug that attackers could exploit to circumvent CloudTrail API monitoring. In a blog post dated January...

Cyber Security

The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with security holes, security researchers...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO