Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

APIs Have Changed — and They’re Changing the Security Landscape

Chris WestphalChris Westphal
Dec 18, 2020

The push for digital transformation has impacted just about every industry across the globe, and APIs are a key enabler for this transformation.  Since applications have been using APIs for a couple decades, we haven’t been as aware of  how the security implications have evolved as we are when we adopt a brand new technology.  The reality is, APIs today are very different from the web APIs of the early 2000s, and these changes impact the way we need to think about the API security landscape.

Learn why apps are built on APIs, the security risk APIs present, and best practices for securing APIs.

More APIs Than Ever

The move from monolithic applications to API-based applications has resulted in an explosion of APIs on both sides of the firewall. APIs not only power microservices environments but also are core to customer-facing web and mobile applications and are increasingly critical to connect partner ecosystems. With so many APIs at the core of modern applications, the attack surface has expanded exponentially — often without us realizing it — and in turn has created a large and growing attack surface.

More Data Exposed

APIs are becoming more important to the applications we depend on every day — everything including  video conferencing, shopping, banking, healthcare, socializing, and entertainment. Today’s applications are using more APIs than ever, and those APIs are more feature rich than ever. And developers are constantly introducing new use cases, which increases the amount of PII and other sensitive data being sent over APIs. All these changes have made APIs an extremely attractive target for attackers and a high-stakes asset for defenders to protect. To mitigate the threat, companies  need to identify the growing number of exposure points, understand what controls have been put in place, and meet compliance requirements.

Frequent Changes

APIs are a perfect fit for rapid development practices such as CI/CD.  Developers can build new applications by combining multiple APIs and update APIs quickly to add new functionality.  Rapid development creates a moving target for security teams who need to maintain an updated view of APIs, understand risk, and keep protections up to date. Traditional security approaches that depend on manual efforts simply can’t scale to meet the needs of rapidly changing APIs.

Security Required For APIs

Security solutions must keep up with the scale and rapid rate of change that come with APIs and cannot depend on traditional methods such as those that require manual policy upkeep. Automation is needed to continuously adapt to rapidly changing environments and to keep APIs protected.

Salt Security addresses the challenges of API security with big data and patented artificial intelligence (AI).  With our platform, customers continuously maintain an up-to-date catalog of all APIs, automatically identify sensitive data exposure, maintain protections without depending on policy updates, and stop attackers early during reconnaissance, even when APIs are constantly changing.

Schedule a demo to learn how Salt Security can protect your APIs.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

July 16, 2024

Eric Schwake
Head of Product Marketing

Industry

The Biggest Factors Influencing API Security Today

Several key factors are driving the current state of API security, including the rise of AI, the ongoing digital transformation, a booming app economy, and the challenges posed by shadow IT and regulatory compliance.

Read more

July 9, 2024

Eric Schwake
Head of Product Marketing

Product

Salt Security Empowers API Governance with New Posture Policies Hub

Salt Security's Posture Policies Hub is a powerful new tool designed to help organizations simplify and streamline API posture governance.

Read more

June 21, 2024

Amanda Fitzsimmons
Head of Legal

Industry

Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

A secure API ecosystem starts with a clear understanding of what APIs you have and how they interact with your data.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back