Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

August 11, 2021 |

Catching Up on API Security

Prevent data leaks by addressing legacy integrations and poor control.

APIs ARE INVALUABLE TOOLS for integrating applications. They can also be dangerously vulnerable back-door entrances to software containing sensitive information.

“”It’s easy to leak data through APIs,”” explains Sandy Carielli, principal analyst with Forrester Research. “”Poor authentication, poor authorizations—you don’t always see the ways data is going in and coming out.””

For MSPs, keeping customers’ often-changing and highly integrated business systems safe is a challenge requiring vigilance. Identifying risk means knowing all the entry points out there, says Brian Weiss, CEO of San Luis Obispo, Calif.-based ITECH Solutions. “”It’s knowing what your landscape looks like and how it’s being accessed,”” he says. “”Your API integrations need to be on that list.””

Weiss warns his SMB clients against operating with outdated APIs. “”I still have clients with API connections out there that don’t support API keys,”” he says.

Carielli, for her part, urges MSPs to take a holistic approach. “”You need to be looking at APIs the same way you looked at applications 10 years ago,”” she says. “”There isn’t a single point in the lifecycle that will solve API security.””

Of course, a truly holistic approach starts with the vendor, including API gateways for authentication and authorization as well as pre-release API testing during development.

There are industry-standard API best practices today, Weiss says, “”and I do see vendors holding themselves accountable.”” When it comes to legacy APIs, however, “”we’ve got a lot of catching up to do,”” he adds.

On the deployment side, Carielli recommends API-specific security tools to manage and discover data transfers as well as web application firewalls that analyze traffic. “”The thing about APIs is that there is a way to create a positive security model,”” she says, pointing to API developer tools like Swagger for the OpenAPI Specification (OAS). “”Swagger files, or spec files, can document and create a definition of the API that sets the parameter of each call and how that’s defined.”” These specification files, Carielli explains, describe the data types that a given API can request, how it will return responses, and how the requests are authenticated. A well-documented spec file, therefore, can reign in unnecessary data access.

There are more API security tools appearing all the time, Carielli adds, some of which will even create specification files for you if you don’t have them.

Even so, Carielli doesn’t see API security issues subsiding overnight. “”We’re going to continue to see a steady stream of flaws and issues, but also more protection over time.””

Image: iStock


Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience