By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: APIs pose security risks, but don’t shy away from them
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Enterprise > APIs pose security risks, but don’t shy away from them
Enterprise

APIs pose security risks, but don’t shy away from them

Aaron Tan
Last updated: August 4, 2015 at 6:59 PM
Aaron Tan Published August 4, 2015
4 Min Read
SHARE


As more organisations provide APIs (application programming interfaces) to encourage third-party developers to create new and interesting apps using their data, the issue of API security naturally comes to mind.

After all, APIs offer pathways to an organisation’s data assets that could be compromised if necessary safeguards are not in place. Making things worse is the fact that APIs are – as their names suggest – are programmable, which means hackers can program them to get to the data they want.

Indeed, earlier this year, hackers had stolen the social security numbers, birth dates and addresses of 100,000 US taxpayers, using the US Inland Revenue Service’s GetTranscript API.

“These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer,” the IRS said recently.

One of the ways in which organisations can minimise the security risks posed by APIs is to use an API management platform such as Mashery, an Intel company that takes care of API security and makes APIs available to developers.

“It safer to expose data to a platform like ours that lets you turn on access during a hackathon, limit the number of people who can access the data, and turn off access when they’re done,” said Jason Cormier, API strategy and product evangelist at Intel Australia.

However, that does not mean API management platforms like Mashery take security lightly. As a cloud-based service, Mashery has its fair share of cyber attacks each day.

“We encounter security problems like everybody else, but we haven’t had any data breach or a successful attack that brought us down,” said Boaz Maor, vice president for customer success at Mashery, adding that the company employs a security operations team that works round the clock.

Additionally, Mashery has implemented measures to bring its service back online in the event of a security incident or downtime. For example, while the service is hosted on Amazon Web Services, Mashery also runs a parallel private network that serves as a backup.

Cormier advised companies that are concerned with security to not dismiss APIs entirely as some developers may use their data in mutually beneficial way.

He cited the example of Yellow Pages – a Mashery customer – that had problems with users screen-scraping data from its site to create useful third-party apps.

“They were tired of this, and decided to give people a legal channel from which data could be accessed easily,” Cormier said. “And by doing so, they were able to see what people were doing with the data, and suddenly they were more secure and had more control over their data than before.”

According to technology research firm Gartner, the API management market was worth about US$618 million in 2014.

You Might Also Like

Keysight study unveils critical challenges in healthcare software testing

Trust undergirds the use of data for AI: Salesforce

Despite more cyberattacks, Asia-Pacific firms don’t feel prepared for new threats

Q&A: Cloud still the focus and the foundation for digitalisation, says CelcomDigi

Data democratisation challenges in Asia-Pacific may hinder its progress: Snowflake

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Aaron Tan August 4, 2015 August 4, 2015
Share This Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Previous Article As smartphones get cheaper, Singapore telcos rethink old strategies
Next Article LG’s 4K OLED TVs coming to Singapore this month
1 Comment
  • Dmitry Sotnikov says:
    August 5, 2015 at 4:38 pm

    There are a few other aspects of improved security in API Management solutions like Mashery or WSO2 API Cloud (http://wso2.com/cloud/api-cloud – disclosure: I work there):
    1. Analytics integrated with the API gateway – so you can track the trends or even have automated fraud detection system enabled and firing alarms on suspicious behavior,
    2. Integrated security (OAuth token management, etc.) and ability to manage & block accounts that need to be blocked.

    Bottomline of the story is that basically:
    * Whether to have APIs is a business & architectural decision,
    * Once you decide to have APIs, you need to have an API management solution so you maintain (and actually improve) security.

    Reply

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Playing Starfield on an AMD Radeon RX7800 XT graphics card
Gaming PC September 21, 2023
Starfield review: Slow paced adventures in space
Gaming September 20, 2023
Intel unveils redesigned Core Ultra CPUs, first built on new Intel 4 process
PC September 20, 2023
Keysight study unveils critical challenges in healthcare software testing
Enterprise Software September 14, 2023

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?