Google Discovers Severe Over-Confidence in API Security Solutions

Trending

Stories

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

APIs have undergone immense leaps in capability and ubiquity over the last decade. As 2023 unfolds, however, the danger presented by the now fully-fledged API industry cannot be understated. And yet, Google’s recent study on cloud API security displays a few worrying trends the worst of which may be the persistent overestimation of how well preexisting API security solutions are performing.

The Growth of the API

APIs first sprouted up within the development process for different apps to communicate with one another. Built by devs for devs, APIs gave teams and individuals a means to interact with and call each other’s code.

Also Read

Nowadays, APIs have grown from the grassroots tool of the up-and-coming dev team to mainstream tools built throughout entire business operations. Since APIs have now gained business suits and places in the boardroom, APIs themselves have largely shifted toward bonafide products, with core capabilities and data access capabilities that span the entire enterprise.

APIs now find themselves deeply embroiled in legacy modernization, data liberation, and the creation of new application capabilities. Ultimately, APIs are indirectly responsible for swathes of recent software innovations.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Industries haven’t just embraced APIs; many have become solely reliant on them. Without APIs, most software simply would not exist in its current state.

The breadth and depth of examples underpin their true importance today, from the Google Maps API to Amazon’s inventory-detailing API and Yelp’s API that helps users find places to eat. These APIs are vital not just for data extraction, but their very mechanics form the backbone of modern customer experience.

The shift toward APIs is reflected throughout today’s application architecture: pre-API software was built largely as one monolithic whole. Now, systems can be broken down into smaller and easier-to-manage components.

While APIs continue to prove their worth, a growing threat has also recognized the potential of the API.

The Dark Underbelly of API

recent study by Google found that within the past 12 months, at least half of all surveyed businesses have experienced an API-related security event. Digging deeper into the incidents reported by the over 500 technology leaders, researchers were able to categorize the three most troublesome issues surrounding API usage.

40% of all respondents suffered an incident following misconfiguration, with a third coping with both outdated APIs and spam and abuse bots alike.

Even more concerning than the sheer numbers alone is the fact that these API issues continue to escape the testing phase. More than 60% of companies discovered the issues in question during either development or deployment, discovered via real-time monitoring.

Alongside the majority of these misconfigurations and abuse attempts, most companies continue to ascertain that everything’s fine over three-quarters of those asked claimed that they still feel confident that their preexisting API security solutions can prevent attacks.

Unfortunately, this confidence is not entirely reflected in the growing bodies of evidence that suggest otherwise.

The ramifications of this overconfidence aren’t limited to those guilty organizations, either. While 46% of surveyed organizations limited the use of APIs to solely within their own company, the majority of tech leaders (54%) allow the continued usage of their in-house APIs by partners, external developers, and customers to spur open-source and third-party development.

Not only is the API landscape inherently scattered and piecemeal, with inconsistent documentation and security solutions, but the shared nature of APIs opens the door to security oversights that set entire industries alight.

Securing Today’s Biggest Cybersec Battleground

Since 2020, API-incited security breaches have caused between $12 billion to $23 billion in losses globally. As Google’s security report shows, nearly every single company included had already made the leap to cloud-based operations.

93% of companies within the Google report characterized their ops as “mostly cloud”; accordingly, the number of companies reliant on on-prem architecture has dropped to half its 2020 levels. The attack surface has never been greater, with the average company now managing three times the number of APIs at 15,600 compared to a year ago.

Securing the swathes of APIs that continue to gunk up the DevSecOps queue is no small feat. Thankfully, next-gen security solutions have reduced the complex intermingling of programs into two distinct steps to security.

Discovery is the first component. Managing that number of APIs manually is simply an impossible task. With an automated approach to API discovery, it becomes possible to map out and identify all endpoints operating within your organization.

For next-gen security, this should also include undocumented and shadow APIs. From there, an automated script begins to identify the data being handled by each API.

This classification process allows an organization to press a reset button on its API security. Instead of chasing after alerts, API security levels the playing field by identifying potential at-risk APIs ahead of time. This is thanks to the identification of contextually sensitive data that constantly adapts to the ever-switching structures after updates and modifications.

Once a company has a handle on the full extent of its API landscape, it then becomes possible to eliminate data leakage and API abuse.

Fundamentally, however, one aspect that Google pointed out within the study is the importance of even next-gen API security to integrate seamlessly within an end-to-end security strategy.

The overall value and protection your security suite provides are only as good as the weakest integration. This is one area where a comprehensive security provider offering everything from site to API protection can offer a major advantage over their smaller, plug-and-play counterparts.

With all security features managed by a single provider, the organization can focus more heavily on its mid to long-term security strategy. When all security tools fit seamlessly into not just the business operations but also with one another, it becomes possible to eliminate DevSec oversight, even in the highly fractured world of APIs and microservices.

iThemes WordPress Hosting

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Latest

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online Realme GT Neo 5 Full Specs Revealed  Samsung Galaxy S23 Ultra: The New Android King Twitter To End Free API February 9
MLS Season Pass Now Available On Apple TV App Tesla To Increase Giga Shanghai EV Production to 20,000 Weekly  OpenAI Releases Tool To Detect AI-generated Text Tesla Records Double Net Profit in 2022 India to Produce Upcoming iPhones: Trade Minister Japanese Professor Developed A Power Semiconductor made of Diamond