BACKGROUND:
F5’s new report “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” exposes security threats posed by the global proliferation of APIs. It cites sectors such as retail and financial services, and notes more generally that: “More than nine out of ten of enterprises experienced an API security incident in 2020. Every API thus becomes a point on the security perimeter that can be potentially compromised if not properly architected or protected.”
“The number of APIs by 2030 will be in the 100s of millions, making it a significant scalability, manageability, and security challenge for our customers and the industry. It does not matter what parameters of the model we tweak; API sprawl will be a global problem. Discovery, networking, integration, and security are set to become significant challenges for the entire Dev and Ops ecosystem.” “APIs are prone to fraud and malicious behavior. External APIs must be validated continuously for trust, and internal API keys can be compromised, giving attackers access to critical infrastructure. If data is the new oil, then APIs could unfortunately become the new plastic, with byproducts wreaking havoc on the ecosystem.”
<p>The report does discuss the issue of \"secrets sprawl\", highlighting how secrets such as API keys are often exposed when spread across a distributed infrastructure. It only takes one such key to allow an attacker to access illicitly an application service through an API and gain access to critical infrastructure. However, the report does not fully explore how the exploitation of such stolen secrets can actually be blocked in real-time. Such solutions do exist and should be evaluated by anyone who wants to take API security seriously.</p>