Misconfigured APIs Make-Up Two-Thirds of Cloud Breaches

According to the 2021 IBM Security X-Force Cloud Threat Landscape Report, over half of breaches were the result of shadow IT and two-thirds of improperly configured APIs accounted for most cloud security incidents in last year.

Experts Comments

September 17, 2021
Uriel Maimon
Senior Director of Emerging Technologies
PerimeterX

To accelerate the ability to meet business needs, moving IT systems to the cloud became a key tactic and this was accelerated during the pandemic; if businesses were not digital, they were at risk of dying.

While IT and security organizations have typically been gatekeepers, ensuring strong IT practices, compliance, security, and risk management, their processes are often perceived as slow by business owners.

In addition to moving to the cloud — often without IT support — businesses now

.....Read More

To accelerate the ability to meet business needs, moving IT systems to the cloud became a key tactic and this was accelerated during the pandemic; if businesses were not digital, they were at risk of dying.

While IT and security organizations have typically been gatekeepers, ensuring strong IT practices, compliance, security, and risk management, their processes are often perceived as slow by business owners.

In addition to moving to the cloud — often without IT support — businesses now rely on software and web apps that rely on microservices, building blocks of functionality that come from multiple sources — a veritable software supply chain. While this allows for much greater speed, flexibility, and distribution of effort, from a risk management perspective it creates a very dangerous situation. IT doesn’t know when and where technology is deployed, and even when they do, the supply chain approach means that known vendors or partners may themselves obtain code from their partners. This dependence may be unknown and therefore, undisclosed, lengthening the software supply chain, increasing business risk, and creating a perfect storm for potential vulnerabilities. Smart organizations should invest in visibility and control tools, and change the culture of security to be one that enables business rather than one that blocks or slows it down.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.