The digital transformation journeys of many enterprises have been accelerated by the COVID-19 pandemic. For 2020, IT resources shifted to support WFH policies with mobile and remote productivity solutions, while simultaneously managing multiple datacenter migration projects to the cloud for scale and costs. A recent Enterprise Technology Research Survey1 confirmed that WFH policies were not just a mirage in the post-pandemic world, and that the percentage of workers around the world that will permanently work from home would double.
Whether it’s supporting these post-pandemic work policies with mobile and web transactions or other popular digital transformation initiatives, like IoT, automation and microservices, APIs have played a critical role for many enterprises. Today, the average enterprise has approximately 900 applications2, and APIs play an instrumental piece in helping deliver their intended business value. APIs helped Uber disrupt the entire transportation industry, for example, with a mobile app that would consume the API of Google Maps without having to build its own mapping system. Moreover, to enable Uber and its customers to complete mobile transactions in this digital business model, APIs were leveraged to confirm transactions from the customer’s payment gateway to those of Uber and its networked drivers. Given their ability to share data and information between applications, systems, and devices, and making it possible for these things to talk with each other, APIs have, unfortunately, attracted many stakeholders beyond their intended audience of business innovators. Today’s cybercriminals, whether individuals or nation-states, have made APIs one of their popular vectors of choice.
Whether the business is traditional, like a credit bureau or big box retailer, or a member of the New Economy, cybercriminals have exploited the human errors in deploying APIs that were typically overlooked. As enterprises implemented processes and systems to meet industry compliance and global privacy rules, hackers were still able to identify gaps resulting from integration oversights or inadequate code audits due to the best-practices of third-party development or integrations. Because APIs are often built for integrations, such as websites or mobile applications, they’re sometimes treated as one-offs by development teams. To cover some of these oversights, it’s always a good idea to start the new year by reviewing the recommended best practices from OWASP API Security 20193.
So, as APIs continue to impact the digital transformation journey, enterprises should favor solutions that offer a comprehensive security model which includes cloud WAF and protection against DDoS and Bot attacks. More importantly, security teams can enjoy peace-of-mind when their established security models have the foresight to understand the growing business impact of applications and APIs. The positive security model capabilities in Imperva’s API security offering helps bridge the security gap between the enterprise security and DevOps teams. Based on the developer’s file documentation, Imperva makes sure good application traffic isn’t blocked like malicious traffic. Learn more about Imperva’s API Security (click here).
See how Imperva addresses API security as a part of its Application Security platform. Start your Application Security Free Trial today to protect your APIs and digital business.
*** This is a Security Bloggers Network syndicated blog from Blog authored by johnoh. Read the original post at: https://www.imperva.com/blog/api-security-checks-in-the-post-pandemic-world/