Why APIs Are Important and How Secure Is Your API?By CIOAdvisor Apac
It is generally accepted that a public cloud is not secure. This is not entirely true. In fact, it is secure than most Data Centers. Information has better security when it is saved on the cloud rather than being saved on a USB drive, sent over a mail or otherwise shared with a friend.
The exposure of data and information to the application in the cloud is done through APIs (Application Programming Interface). APIs are the nucleus of Cloud innovation as they facilitate data sharing and enable connections. This empowers cloud computing landscape to be adopted in every technology and market segment possible. APIs have a decisive role in the all-round adoption of smartphones, tablets, fitness trackers, smartwatches, IoT and even social media. API security is a completely different ball game. API security involves identity, safety and policies which should be under the control of the organization and should not be redistributed to the cloud. Sharing the API security to the cloud is tipping the balance of control too far.
The vulnerabilities in APIs are hard to spot making it the most overlooked threat to information and cloud security today. Security issues in API are recognized by the non-profit and non-affiliated online web security community - Open Web Application Security Project (OWASP).
API Gateway Vs API Security Gateway
An API gateway doesn’t have the same security as the API security Gateway. API gateway technologies were built for integration and sharing information, not to keep the information safe. On the other hand, API security uses cyber security technology for API enablement; this performs the task of an API gateway but includes Identity and Access Management (IAM) and cybersecurity technologies within the gateway to keep the information safe. This tech is known as API Security Gateway.
Taking Command of API Security
The only way to accurately protect data held in public cloud is to embed secure API gateways within the cloud and to deploy API security gateway. The Panera Bread Data Breach is the prime example of an insecure gateway at the time of its creation. An unauthenticated API-endpoint leaked 37 million customer records. Yahoo’s API servers were also hit and a malicious code was executed on them.
Depending on cloud service providers for API security means that one has to outsource his data security model and its control. This can result in breaches and access to sensitive data by third parties which can't be controlled. Taking full control of API cloud security policies is when the full benefits of cloud adoption can be enjoyed.