Applications are everywhere, from data centres to smartphones. Remote working has increased the need for more applications to be exposed to the cloud. However, applications are regularly breached – so how do you protect them? Understanding the threats is incredibly important in figuring out app security and protecting your applications.
We’ve talked before about bots, and they still sit atop the list of successful methods of breaches. Add in the fact that 28 per cent of breaches are caused by human error, and it’s more important than ever to make sure no door is left open.
But that isn’t everything. Zero-day threats, web application vulnerabilities, software supply chain and application programming interfaces (APIs) need as much attention. Recent research data shows that out of 750 global customers, 72 per cent said their organisation had suffered at least one security breach from an application vulnerability in the past year, with nearly 40 per cent experiencing more than one.
Organisations are moving to an API-first development, because they make the development of new versions of applications much faster. But extending the visibility of these applications creates a whole new attack surface.
There are no humans involved in business-to-business endpoint checking, because it’s all done by APIs. Why? APIs by nature expose the application’s logic, the user’s credentials and tokens, and all kinds of personal information, all at cloud speed and from your phone. An API-based application is significantly more exposed than a traditional web-based app because of the deliberate access it provides to sensitive data.
Bots are more than ready to jump on unsecured APIs at any time. Once there, they have access to customer data or employee information that they can compromise. There are plenty of examples of test APIs being deployed with access to production data with no security in place, but an encouraging statistic from the research showed that 75 per cent say that whilst APIs present security challenges, they are now recognising the risks – a positive sign that this area is being taken seriously.
Defending APIs is a tier-one security consideration. It is important to consider a comprehensive, scalable and easy-to-deploy platform to protect applications wherever they may reside. A web application firewall with active threat intelligence is the most manageable way to protect your applications and APIs from the threats mentioned. Protecting your organisation against today’s threats means adding client-side protection as well as internally protecting against malicious employees.
Chris Hill is regional vice president of public cloud and strategic partners international at Barracuda Networks
This article was originally published in the Autumn 2021 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.