Akamai Technologies Enhances API Security with New Free Connector
In an era where digital transformation is paramount, application programming interfaces (APIs) have become the backbone of modern applications. However, as organizations increasingly rely on APIs, the security of these critical components often falls by the wayside. Recognizing this pressing issue, Akamai Technologies has taken a significant step forward by offering a new connector at no extra cost, designed to simplify the discovery and security of APIs exposed through its content delivery network (CDN).
The Importance of API Security
Stas Neyman, a security strategist at Akamai, emphasizes the critical role that APIs play in today’s applications. Despite their importance, the security of these APIs is frequently overlooked. The newly introduced connector allows organizations utilizing the Akamai Connected Cloud to seamlessly route API traffic to Akamai’s API Security platform, thereby enhancing their security posture. This initiative is particularly timely, as cybercriminals have become increasingly adept at exploiting vulnerabilities in APIs to exfiltrate data or compromise workflows.
Bridging the Gap Between Development and Security Teams
One of the most significant challenges in API security is the assumption of responsibility between application development teams and cybersecurity teams. Often, development teams believe that cybersecurity professionals are responsible for protecting the APIs they create, while cybersecurity teams assume that the developers will secure their own APIs. This disconnect can lead to significant vulnerabilities, as many APIs remain unsecured due to a lack of visibility and communication between the two teams.
Neyman points out that many cybersecurity teams do not have adequate insight into how APIs are created and deployed. Consequently, numerous APIs exist as unsecured endpoints, leaving organizations vulnerable to attacks. While many of these APIs are internally facing, the immediate concern lies with those that are externally accessible, particularly those deployed on CDNs.
The Hidden Risks of Internal APIs
While the focus is often on externally facing APIs, cybersecurity teams should not neglect the security of internal APIs. It is relatively easy for development teams to inadvertently expose an internal API to external users. What may seem secure today can quickly become a significant risk if a business unit decides to make an API accessible to external entities. This highlights the need for a comprehensive approach to API security that encompasses both internal and external APIs.
The Shift Towards DevSecOps
As organizations adopt DevSecOps best practices, application development teams are increasingly taking on more responsibility for API security. However, the challenge remains that organizations are now deploying thousands of APIs, which raises the likelihood of security incidents. To mitigate these risks, Neyman suggests creating a center of excellence for API security that includes both application developers and cybersecurity professionals. This collaborative approach can help organizations better manage the security of their APIs and reduce the potential for breaches.
The Threat Landscape for APIs
APIs present a rich target for cybercriminals, who routinely scan for misconfigured APIs or "Zombie APIs"—those that are no longer maintained or protected by the original development team. Once these vulnerabilities are discovered, it can take months for cybersecurity teams to address the damage caused by malicious actors. The introduction of Akamai’s free connector aims to empower organizations to proactively secure their APIs, thereby reducing the overall cost of cybersecurity.
Conclusion
Akamai Technologies’ new connector is a significant advancement in the realm of API security, providing organizations with the tools they need to discover and secure their APIs more effectively. By fostering collaboration between development and cybersecurity teams and emphasizing the importance of API security, organizations can better protect themselves against the evolving threat landscape. As APIs continue to play a pivotal role in modern applications, prioritizing their security is not just a best practice—it is a necessity.