IT security: APIs and apps, new challenge for companies

APIs are now at the forefront and this new ecosystem has a significant impact on the Internet, its traffic and security.

The internet has seen unprecedented change in recent years. The Web, which previously consisted of static websites with text, images, and sometimes video, has grown strongly since then. We’re witnessing an explosion of apps (and their economies) driven by APIs that help us in every aspect of our lives – whether it’s finding your soul mate, booking our next vacation, unlocking, and even monitoring your vital signs.

Our life today is full of interconnected systems. APIs are now at the forefront and this new ecosystem has a significant impact on the Internet, its traffic and security.

APIs, an evolving technology and economy

If APIs have become popular, it’s because they’ve allowed developers to separate the backend and frontend and deliver apps with a better user experience. Thus, they helped companies improve their business models by monetizing new functions.

This applies to the banking sector, which is a monolithic sector with vertically integrated service providers in a more fragmented landscape. The new Open Banking standard (DSP2) demonstrates how start-ups can offer modular financial services that can be easily integrated into more complete applications.

Companies like TrueLayer have industrialized APIs that enable organizations, especially e-merchants, to add new vendors to a market in seconds or provide their customers with more efficient payment solutions.

Another example in logistics with Shippo, which allows organizations to integrate services to initiate deliveries, track goods and streamline the returns process. And of course, it all relies on APIs to ensure interoperability between different heterogeneous systems.

Finally, the exponential growth of connected devices (clocks, robots, etc.) leads to an increase in the number of APIs to run them. Another aspect of this phenomenon is automation of manual and repetitive tasks.

Infrastructure as code is an example of using APIs to replace the manual processes that were previously used to manage Internet infrastructure.

New industries empowering APIs and rethinking security

APIs have driven overall internet traffic growth, as Cloudflare saw on its network in 2021. They accounted for more than half of the traffic generated by end users and connected devices. A rise twice as fast as traditional web traffic.

In 2021, the software industry recorded about 40% of API traffic. The cryptocurrency sector (7%) is in second place, followed by banking and retail (6% and 5%).

The banking and financial services industries are witnessing the arrival of new platforms that aggregate accounts from different providers, streamline transactions or allow direct investment through apps, thanks to APIs.

These start-ups are challenging large corporations by providing innovative mobile services, forcing them to rapidly modernize their infrastructure and applications.

However, if the traffic of APIs has increased sharply, we observe today that they receive more malicious requests than standard Web applications (10% against 8%), thus making them more vulnerable to cyber threats. In the face of this growth, the issue of API security therefore remains central. If apps are a revolution for end users, it can be a real headache for developers.

In fact, they need to manage all the complexity of APIs behind the scenes, monitoring and validating each request. Difficult tasks often entrusted to an API Gateway provider. Unfortunately, these gateways leave much to be desired. First of all, they represent a certain cost. Second, they can affect performance.

Finally, there are data and privacy risks due to traffic generated by APIs (and therefore possibly sent through a third-party gateway). Fortunately, solutions have emerged in recent years to manage all functions related to security, management and monitoring to keep APIs working properly.

When it comes to security, it’s often difficult for companies to know if they’re “really adequate”. However, the importance of good security practices should never be underestimated, as reliable and secure applications keep the internet running smoothly. Especially since APIs and apps are now commonplace and introduce new security issues compared to a standard website.

It’s up to companies to equip themselves with the right security solution to protect customer data and business! Our recommendation is to repel attacks as close as possible to where they occur, while connecting APIs to “The Edge” closest to where they will be used, i.e. at the network endpoint.

Thus, the remote protection intelligence in this Edge will allow API security postures to be deployed on a global scale while improving performance for consumers of APIs. API Protection and Edge Computing are therefore closely linked to guarantee security and performance.