Hybrid and multi-cloud architectures are all the rage in enterprise IT infrastructure. But enabling the flexibility to deploy the right tool for each task requires a complex set of technologies that interlinks all the varied assets. That creates a bigger attack surface for hackers. The more services you rely on to run your business, the harder it is to keep track of how secure they all are.
Some of the most recent examples of this problem have been tied to APIs (Application Programming Interfaces). In the past few months, Peloton, Clubhouse, Experian, Equifax, Instagram, Amazon, and PayPal have all been in the news for API-related cybersecurity problems.
APIs are how applications talk to one another. A mobile app or a web frontend, for example, might use an API to communicate with a backend database. That means the backend database is vulnerable if the API is exploited. An API used by Clubhouse, for example, let anyone query the entire database of the social network’s public user profiles.
According to a report released in February by Salt Security, 91 percent of companies reported API-related security problems last year. More than 80 percent weren’t sure whether the APIs they used exposed personally identifiable information, and about one fifth said they had no way of finding out which APIs exposed sensitive data.