aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Engineering

Build Your API Security Strategy On These 4 Pillars

  • aster_cloud
  • January 15, 2023
  • 2 minute read

Savvy leaders at organizations around the world know that digital transformations can create a virtuous flywheel of more and faster innovation, driven by the power of software integration. APIs can facilitate the necessary software integration and communication, and that requires serious consideration of the organization’s API security posture to better protect its data and digital systems.

The proliferation of APIs has led to expanded attack surfaces and greater inherent risk. A quick scan of the digital landscape shows that traffic generated by APIs now dominates the internet. Google Cloud’s Apigee reports that for their customers alone, API traffic increased 46% between 2019 and 2020.At the same time, Google Cloud’s 2022 report on API security insights and trends notes that more than 50% of organizations faced an API-related security threat at least once in 2021, confirming that APIs have become a favorite target for threat actors.This month, we identified five categories of API attacks in a new report, “The Importance of API Security,” that takes a deeper look at how to build better API security systems. These threats include:


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

  1. Data scraping
  2. Denial of service (DoS)
  3. Injections or malware
  4. Account takeover (ATO)
  5. Scalping and bots

While DoS, injections, and ATO are well-known attacks that came to the API world from web applications, abuse and bots are unique threats for APIs that are by their nature different from security issues. Security leaders should be concerned with how prepared their organizations are for API security threats.

The current state of API security strategy

Our 2022 report on API security insights and trends found that most organizations don’t have a robust API security strategy in place, and that 60% say that their API strategy needs improvement.

Read More  Announcing Quick Builder, A New Low-Code Tool For You To Build Location-Based Experiences

Organizations face two primary impediments when establishing and maturing their API security capabilities: A lack of resources, and a lack of experience. Even leaders who are committed to securing APIs may end up deploying fragmented solutions across their organization, which could inadvertently create a false sense of security.

So what’s the best way forward when it comes to protecting APIs?

Taking a defense-in-depth approach

We believe that layering API defense mechanisms that support each other but are otherwise independent is an effective way to stop adversaries. Along with our additional insights into a rapidly-changing API threat landscape in our “Importance of API Security” report, we also provide recommendations on launching an API-first security strategy that builds on four pillars:

  1. Essential API security controls and protections enforced for all APIs through a common API management platform, creating a no-exception approach that leaves no space for uncontrolled API exposure
  2. Protection against DDoS and exploits with an adaptive cloud protection suite that includes a WAF, machine-learning-based DDoS protection, and a threat intelligence capability
  3. Anti-bot protection to keep APIs and exposed resources safe from fraudulent activity, spam, and abuse
  4. Adherence to safe API coding principles to prevent the most common classes of security issues upfront

You can read the report here, and reach out to the Google Cybersecurity Action Team to learn more.

 

By: Ilya Kabanov (Senior Manager, Cloud Trust and Safety) and Anton Chuvakin (Security Solution Strategy, Google Cloud)
Source: Google Cloud Blog


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster_cloud

Related Topics
  • API
  • Google Cloud
  • Security
You May Also Like
View Post
  • Computing
  • Engineering
  • Software Engineering

Kubernetes CRD Validation Using CEL

  • December 4, 2023
Web
View Post
  • Engineering
  • Software Engineering

Mastering the Art of Load Testing for Web Applications

  • November 29, 2023
Ubuntu. Chiselled containers.
View Post
  • Engineering
  • Technology

Canonical Announces The General Availability Of Chiselled Ubuntu Containers

  • November 25, 2023
Brush, Color, and Sketch pad
View Post
  • Cloud-Native
  • Design
  • Engineering

6 Security Best Practices For Cloud-Native Applications

  • November 17, 2023
Ingrasys
View Post
  • Computing
  • Engineering
  • Technology

Ingrasys Unveils Next-Gen AI And Cooling Solutions At Supercomputing 2023

  • November 15, 2023
Malware, Security, and Laptop
View Post
  • Engineering
  • Technology

Singapore And Google Partner On Web Risk To Protect Citizens From Online Scams And Phishing

  • November 12, 2023
View Post
  • Engineering
  • Public Cloud

Golang’s GORM Support For Cloud Spanner Is Now Generally Available

  • November 9, 2023
Cloud
View Post
  • Design
  • Engineering
  • Public Cloud

The Impact Of Public Cloud Price Hikes

  • November 8, 2023

Stay Connected!
LATEST
  • 1
    Bard Gets Its Biggest Upgrade Yet With Gemini
    • December 6, 2023
  • Gemini 2
    Introducing Gemini: Our Largest And Most Capable AI Model
    • December 6, 2023
  • 3
    Kubernetes CRD Validation Using CEL
    • December 4, 2023
  • 4
    AI For Impact: How Google Cloud Is Bringing AI To Accelerate Climate Action
    • December 3, 2023
  • Birthday Cake 5
    How ChatGPT Altered Our World in Just One Year
    • November 30, 2023
  • OpenAI 6
    Sam Altman Returns As CEO, OpenAI Has A New Initial Board
    • November 30, 2023
  • Web 7
    Mastering the Art of Load Testing for Web Applications
    • November 29, 2023
  • 8
    The IBM Approach To Reliable Quantum Computing
    • November 28, 2023
  • 9
    IBM Collaborates with AWS to Launch a New Cloud Database Offering, Enabling Customers to Optimize Data Management for AI Workloads
    • November 27, 2023
  • Data center. Servers. 10
    Intel Granulate Optimizes Databricks Data Management Operations
    • November 27, 2023
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Oracle | Microsoft 1
    Oracle Cloud Infrastructure Utilized by Microsoft for Bing Conversational Search
    • November 7, 2023
  • Riyadh Air and IBM 2
    Riyadh Air And IBM Sign Collaboration Agreement To Establish Technology Foundation Of The Digitally Led Airline
    • November 6, 2023
  • Ubuntu. Chiselled containers. 3
    Canonical Announces The General Availability Of Chiselled Ubuntu Containers
    • November 25, 2023
  • Ingrasys 4
    Ingrasys Unveils Next-Gen AI And Cooling Solutions At Supercomputing 2023
    • November 15, 2023
  • Cyber Monday Sale. Guzz. Ideals collection. 5
    Decode Workweek Style with guzz
    • November 23, 2023
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.