Many of us all over the world, have lived through state and national governments’ physical distancing controls including the stay-home and work-from-home measures introduced to combat the coronavirus.
You already know that billions of people are participating in the world’s largest work-from-home experiment. But what you probably don’t know is that Application Programming Interfaces (APIs) are underpinning this experiment.
APIs connect communicating systems to effect the provision of a service or transaction. For example, you might remotely access a corporate system to complete a job function. Your accounting team may lodge an online tax statement with the Tax office. Or, you might order a family takeaway dinner from a mobile app.
All of these digital services involve a series of mini-functions known as APIs.
APIs and the New Normal
With 30-day-average lockdowns implemented across many countries, organisations and governments globally have had to rely on technology to maintain operations and service provision to customers. Over recent months, these systems have seen increased activity as millions of users and customers had just one option for accessing a service: the online option.
If an online service request could be equated to one API call, the number of API calls during the Covid-19 crisis would have gone through the roof. But a single online service hardly ever uses just one API. So the actual number of API calls is much higher than the number of online services initiated by system users and customers over the internet.
To keep up with the explosion of online service requests, organisations don’t just need functional systems that can support multiples of concurrent usage. They need systems that can support that usage securely, without compromising users’ privacy. This inevitably puts the spotlight on organisations’ security teams and their executives.
A March 2020 McKinsey & Company report alerts that during the coronavirus crisis, the overarching challenge for chief information security officers (CISOs) and cybersecurity teams is to protect their organisations while enabling operations without interruptions. What makes this mission particularly difficult is that the cyber threat landscape is vast, there are multiple ways that an organisation’s systems and data can be compromised, and the security team must anticipate it all and protect against it..
If an online service request could be equated to one API call, the number of API calls during the covid-19 crisis would have gone through the roof. But a single online service hardly uses just one API so the actual number of API calls is much higher than the number of online services initiated by system users and customers over the internet. This is what underlines the importance of APIs.
To keep up with the explosion of online service requests, organisations don’t just need functional systems that can support multiples of concurrent usage. They need systems that can support that usage securely, without compromising users’ privacy. This inevitably puts the spotlight on organisations’ security teams and their executives.
Spotlight on Security
A March, 2020 McKinsey & Company report alerts us that during the coronavirus crisis, the overarching challenge for Chief Information Security Officers (CISOs) and cybersecurity teams is to protect their organisations while enabling operations without interruption.
What makes this mission particularly difficult is that the cyber threat landscape is vast, there are multiple ways that an organisation’s systems and data can be compromised, and the security team must anticipate and protect against it all.
As Theo Nassiokas, an international financial services cyber executive and former CISO at a global bank explains, a sustained change in consumer behaviour will be brought about by the Coronavirus global pandemic; this change will see a lasting increase in the use of online services post- the Coronavirus pandemic.
“Putting this into a cyber security and cyber resilience frame, online services will see a sustained and significant increase in the use of APIs post-Coronavirus compared to the pre-Coronavirus periods. It is critical that we consider the cyber risk element of the increased usage of APIs going forward: what this means in terms of business risk, and what feasible measures can be put in place to monitor API data traffic to prevent data compromise, fraud or theft of funds”.- Theo Nassiokas
API Defence-in-Depth
The criticality of APIs to a business with online services or a remote workforce is why Defence-in-Depth for APIs is critical, not just from a security perspective but also from a risk perspective. By using multiple layers of API security to detect different types of threats, the organisation has a better chance of containing an API threat and the insight required to effectively manage new API attacks.
Given the convenience of online services, some users may never go back to the old way of acquiring a service, which means that these APIs will continue to be business-critical for a long while. For this reason, organisations also need to thoroughly assess how their APIs are secured and how API traffic is defended in depth.
That’s where Aiculus comes in. Since 2017, Aiculus has been immersed in one key goal: finding ways to boost the security for APIs, particularly the API traffic which carries sensitive data. Over this period, we’ve gathered useful insights and we’re always happy to share ideas on what we’ve learnt. If your organisation has APIs or is working on an API strategy, reach out to us at aiculus.co. Let’s chat.
Comments