The cost of not knowing what good is.
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on. The more elements missing, the more risky the bridge. No one wants to drive across a risky bridge.
(There is a point to this.)
Now let’s shift to today’s applications that consumers and businesses rely on daily. All of these applications are powered by and rely on APIs to function. APIs are essential to bridging critical connections in transformation projects, microservice driven app modernizations, AI powered systems, mobile and web applications and much more. Yet, when I ask various application lifecycle personas in an enterprise what makes a “good” API, there is no quick response. And, the responses received tend to be different from one persona to the next. If we don’t know and are not in sync to what makes a good API, how can we trust what was built? How do we gauge how risky it is and how do we ensure that future APIs are not putting the enterprise at risk?
In recent years, as APIs proliferated the enterprise, their existence gave cause to some major security concerns. Organizations first looked to augment their existing web application security tools and processes to “address” API security. Unfortunately, the security challenges associated with APIs can’t be solved by simply updating existing testing tools and edge security defenses to check-the-box technologies that claim to provide “API security.” Risky API security posture, misconfigurations, and logic based vulnerabilities continue to plague security teams, while leaving threat actors with a low barrier to breach. It has become clear that organizations don’t have an API security tooling problem, they have a strategy problem.
The problem is not going away in 2024. API production and usage will continue to increase rapidly, especially as many organizations in 2024 adopt more AI (artificial intelligence) driven processes and solutions in their business. AI needs data, and APIs are the vehicle for that data – and much of that data will be business critical or sen
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: