This week, SecurityBoulevard has featured an interesting article on why APIs have no clothes — APIs being the digital equivalent of the protagonist in the Hans Christian Andersen’s folktale The Emperor’s New Clothes. In the story, the emperor was exposed, but no one told him or was willing to do anything about it. Not so different from where you might find yourself with APIs.
The first challenge to API security the author highlights is presented by the disappearing perimeter. Organizations can no longer rely on perimeter protections, such as firewalls, to protect their assets. The adoption of cloud technology and PaaS has meant that the external perimeter is largely eroded. Instead, the focus needs to move to protect the API endpoints themselves by using advanced authentication like multi-factor authentication (MFA), and monitoring multiple levels of the network to identify attacks.
As ever, the lack of cybersecurity talent and skills only exacerbates the problem, and nowhere is this more acutely felt than with APIs. Many of the lessons learned with protecting web applications no longer apply to APIs, and teams need to learn new skills or adapt their methods to protect APIs.
To remedy this and get your APIs covered, the author suggests going back to the basics in protecting APIs, namely:
Auditing and logging
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”