Just as bank robbers attacked banks because that’s where the money was, bad actors in cyberspace would be attracted to wherever access to valuable data is available. With the rise of API use in enterprises, so does the risk of data breaches via (mis)use of APIs. An article on DARKReading today, titled “Expect API Breaches to Accelerate” described such trend very well. Not a coincidence, a report from Cloud Security Alliance also listed “Insecure Interface and APIs” as one of the top 3 threats to cloud computing today.
Slowing down the pace of adoption is not a good idea. APIs are popular for a good reason: it is good for business. Flexible, cloud-native, agile use of APIs and micro-services accelerates integration and broadens reach. Neither is it a good idea to put in place restrictions that would negatively impact developers’ freedom to develop the best APIs for their business.
Any API security solution should be as flexible, scalable, and pervasive as the API services under protection. Any security tool must be low or no impact to app developers and also easy to deploy and scale for operators, so that they can finally provide visibility, monitoring and controls to enterprise security teams.