Depending on your familiarity with the Cloud Security Alliance (CSA) publications, part one of this blog was intended as either an introduction or a nagging reminder of the ‘Egregious Eleven’ security threats to cloud computing. It also hopefully made some helpful observations about the first six items on the list. Part two now looks at the remaining five threats, starting with:7 – Insecure APIsApplication programming interfaces (APIs) constitute the unseen fulcrums for much of the usability and functionality found in the cloud. They help create fresh digital models by leveraging and re-purposing of existing resources as well as acting as the gateway to brand new services. But messily constructed, layered interfaces that use unverified and sometimes poorly written third-party APIs may end up delivering some unintended and wholly unwelcome consequences. Whilst dropping their ranking from third in the ‘Treacherous Twelve’ to seventh in the Egregious Eleven, insecure interfaces and APIs still registered as the single biggest vulnerability to cloud security among 42 percent of respondents to the 2019 (ISC)² cloud security report.To help address this threat, formal vetting and approval processes should be applied to external APIs in a similar manner as they are to other software components in use by your business. Wider considerations should also be given to the securing of different types of APIs. As one simple example here, whilst ‘REpresenational State Transfe ..
Support the originator by clicking the read the rest link below.
