Register for our Dec 19th Webinar: Beyond the Perimeter: Achieving Comprehensive API Security

Blog Post

Why CISOs Are Making API Security A Top Priority

Roey Eliyahu
Nov 29, 2022

A CISO’s mandate is to empower the business to move forward on key growth initiatives and simultaneously reduce risk. To this end, they must continuously evaluate and weigh the security ramifications of many strategic initiatives, ultimately weighing the potential impact on a company’s:

  • Speed to Market
  • Competitive Advantage
  • Brand Reputation

By focusing on how their security infrastructure helps or hinders delivery on those three fronts, CISOs help drive business success. In today’s landscape, one new area has emerged that is integrally connected to all three of those company dynamics: the use of APIs to fuel innovation.

APIs are Eating the World

APIs are essential for companies to support their innovative and revenue-generating digital transformation initiatives. Open banking services, mobile and online services, digital information sharing apps, DoorDash, Uber, PayPal, Spotify, Netflix, Tesla — you name it — they all require APIs to function.

Companies are developing and pushing out APIs faster, and in larger quantities, than ever before. APIs allow companies to build and bring advanced services to market, opening up new avenues of business and revenue streams. Digitalization hastened this trend, and Covid accelerated its implementation. Companies had to quickly deploy remote services for workers and customers and build product integrations to support a myriad of devices — all of which demanded APIs. It’s no wonder that the public API hub Postman hit a record 20 million users earlier this year.

However, because APIs share highly sensitive data with customers, partners, and employees, they have also become a very attractive target for attackers. CISOs have recognized the risk.

According to a new study released by AimPoint Group, W2 Communications, and CISOs Connect, The CISOs Report, Perspectives, Challenges and Plans for 2022 and Beyond, CISOs identified the following as their top IT components needing security improvement:

  • APIs — 42%
  • Cloud applications (SaaS) — 41%
  • Cloud infrastructure (IaaS) — 38%

APIs Drive Speed to Market

The faster a business can bring new services to market, the faster the benefits. For some companies (under Covid), speed to market meant the difference between keeping the business up and running versus shutting down operations. API usage ensured that organizations were open for business.  

Businesses must always assess the value and the costs in terms of both achieving or losing the speed-to-market race. They must consider the obstacles that could prevent speed to market. In the case of APIs, security threats pose an enormous obstacle. They can slow down rollouts or — even worse — make them untenable.

By protecting APIs from exploitation, companies ensure their ability to drive speed to market, growth opportunities, and the competitive advantage.

APIs Deliver Competitive Advantage

Speed to market is an important underlying factor that contributes to an organization’s competitive advantage. As an industry front runner, businesses have an opportunity to gain the lion share of a market and its profits.

In financial services, competitive advantage is a critical business objective, and technology transformation is its core strategic component. FinTech companies have fueled customer expectations, and open banking is right behind them, offering unimaginable innovation and conveniences by easily linking mobile apps to banking accounts.

Banking and financial institutions must stay on the cutting edge of these services to compete and stay relevant. APIs power these capabilities and allow institutions to leapfrog ahead of the competition.

However, security threats and lack of regulatory adherence can compromise successful API implementation and result in costly fines. Businesses must ensure safe passage between the emerging applications and customers’ valuable financial data. APIs represent the access point to PII and other important data assets that attackers target for their own gain and to the detriment of the business.

The Right Security Approach Protects Brand Reputation

Without brand reputation, companies lose their competitive advantage. Perhaps of all the areas of business risk, brand reputation is the largest and can have the longest-lasting impact. A positive brand reputation conveys integrity, exudes trust, and engenders customer loyalty.

APIs contribute to services that can enhance a brand’s reputation for being forward-thinking and customer-driven. However, if those APIs become breached, all that goodness dissipates in an instant, replaced by distrust, fear, and customer churn.

Yet increasing and rapid deployment of APIs, combined with APIs’ unique business logic, make securing them complex. Traditional security solutions, such as WAFs and API gateways, might work against basic attacks, but don’t protect against the increasing quantity and complexity of API attacks. Recent research shows that API attack traffic is growing at more than double the pace of overall API traffic.

Dedicated API Security — the Cost of Doing Business

The monetary growth opportunities promised by APIs are immense, but to harness them, CISOs must ensure protection of their APIs. APIs support the interconnectivity of a company’s crown jewels — the essential and sensitive data that businesses require to deliver their digital goods and services.

Every company that is developing software has become an API-driven company. For API-driven companies, protecting those APIs is no longer a question — it’s simply the cost of doing business in a digitally transformed landscape. Without dedicated API security to protect these crucial connectivity tools, companies put everything at risk — speed to market, competitive advantage, and the brand itself.

Last but not least, CISOs must build a collaborative approach to API security. APIS touch all areas of the business. CISOs need to take an active role in educating teams about their API security initiatives and their importance in reducing the company’s risks. CISOs must provide the answers and insights that empower others to help meet security goals.

CISO after CISO will tell you that creating a strong, cross-functional “security-aware” culture continues to be their number one priority. To generate this security mindset, leaders must prioritize relationships, acknowledge everyone’s contribution to security, and continuously communicate the vital importance of security to achieve overall business objectives.

This article first appeared in Forbes as a Forbes Technology Council contribution.

To learn more about how Salt can help defend your organization from API risks, you can connect with a rep or schedule a personalized demo.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

November 27, 2024

Eric Schwake
Head of Product Marketing

Industry

Beyond Traditional Security: Addressing the API Security Gap

To safeguard your business from API-specific threats, you need a dedicated solution that offers comprehensive visibility, in-depth contextual analysis, automated governance, robust data protection, and AI-driven threat prevention.

Read more

November 21, 2024

Eric Schwake
Head of Product Marketing

Industry

API (In)security: The Hidden Risk of Black Friday

Learn how, for online retailers, Black Friday represents both a lucrative opportunity and a significant cybersecurity challenge.

Read more

November 5, 2024

Eric Schwake
Head of Product Marketing

Industry

API Security: The Non-Negotiable for Modern Transportation

Airlines and transportation companies heavily rely on APIs to handle sensitive data, from customer information to payment details and flight schedules. While crucial for efficient operations, these APIs are also prime cyberattack targets.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back