Savvy leaders at organizations around the world know that digital transformations can create a virtuous flywheel of more and faster innovation, driven by the power of software integration. APIs can facilitate the necessary software integration and communication, and that requires serious consideration of the organization’s API security posture to better protect its data and digital systems.

The proliferation of APIs has led to expanded attack surfaces and greater inherent risk. A quick scan of the digital landscape shows that traffic generated by APIs now dominates the internet. Google Cloud’s Apigee reports that for their customers alone, API traffic increased 46% between 2019 and 2020.At the same time, Google Cloud’s 2022 report on API security insights and trends notes that more than 50% of organizations faced an API-related security threat at least once in 2021, confirming that APIs have become a favorite target for threat actors.This month, we identified five categories of API attacks in a new report, “The Importance of API Security,” that takes a deeper look at how to build better API security systems. These threats include:

Partner with aster.cloud
for your next big idea.
Let us know here.

From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.

CYBERPOGO.COM :: For the Arts, Sciences, and Technology.

DADAHACKS.COM :: Parenting For The Rest Of Us.

ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.

TAKUMAKU.COM :: For The Hearth And Home.

ASTER.CLOUD :: From The Cloud And Beyond.

LIWAIWAI.COM :: Intelligence, Inside and Outside.

GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.

FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.

ASTERCASTER.COM :: Supra Astra. Beyond The Stars.

BARTDAY.COM :: Prosperity For Everyone.

Data scraping
Denial of service (DoS)
Injections or malware
Account takeover (ATO)
Scalping and bots

While DoS, injections, and ATO are well-known attacks that came to the API world from web applications, abuse and bots are unique threats for APIs that are by their nature different from security issues. Security leaders should be concerned with how prepared their organizations are for API security threats.

The current state of API security strategy

Our 2022 report on API security insights and trends found that most organizations don’t have a robust API security strategy in place, and that 60% say that their API strategy needs improvement.

Organizations face two primary impediments when establishing and maturing their API security capabilities: A lack of resources, and a lack of experience. Even leaders who are committed to securing APIs may end up deploying fragmented solutions across their organization, which could inadvertently create a false sense of security.

So what’s the best way forward when it comes to protecting APIs?

Taking a defense-in-depth approach

We believe that layering API defense mechanisms that support each other but are otherwise independent is an effective way to stop adversaries. Along with our additional insights into a rapidly-changing API threat landscape in our “Importance of API Security” report, we also provide recommendations on launching an API-first security strategy that builds on four pillars:

Essential API security controls and protections enforced for all APIs through a common API management platform, creating a no-exception approach that leaves no space for uncontrolled API exposure
Protection against DDoS and exploits with an adaptive cloud protection suite that includes a WAF, machine-learning-based DDoS protection, and a threat intelligence capability
Anti-bot protection to keep APIs and exposed resources safe from fraudulent activity, spam, and abuse
Adherence to safe API coding principles to prevent the most common classes of security issues upfront

You can read the report here, and reach out to the Google Cybersecurity Action Team to learn more.

By: Ilya Kabanov (Senior Manager, Cloud Trust and Safety) and Anton Chuvakin (Security Solution Strategy, Google Cloud)
Source: Google Cloud Blog

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Build Your API Security Strategy On These 4 Pillars

From our partners:

The current state of API security strategy

Taking a defense-in-depth approach

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

aster.cloud

Related Topics

The Definitive Who’s Who of the 2025 Papal Conclave

The World Is Revalidating Itself

IBM and Oracle Expand Partnership to Advance Agentic AI and Hybrid Cloud

Conclave: How A New Pope Is Chosen

Nurturing Minds in the Digital Revolution

AI is automating our jobs – but values need to change if we are to be liberated by it

Canonical Releases Ubuntu 25.04 Plucky Puffin

United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services

Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology

IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management

Most Popular

Tariffs, Trump, and Other Things That Start With T – They’re Not The Problem, It’s How We Use Them

IBM contributes key open-source projects to Linux Foundation to advance AI community participation

Co-op mode: New partners driving the future of gaming with AI

Mitsubishi Motors Canada Launches AI-Powered “Intelligent Companion” to Transform the 2025 Outlander Buying Experience

The Unexpected Pi-Fect Deals This March 14

Build Your API Security Strategy On These 4 Pillars

From our partners:

The current state of API security strategy

Taking a defense-in-depth approach

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Related Topics

You May Also Like