Highlights:

  • Businesses are in dire need of a more flexible approach to coordinate API secrets.
  • A largely spread API exploitation has been observed, with 51% of API personnel and developers reporting that over half of their expansion efforts are spent on APIs.

The rising susceptibility of API has become a matter of concern that needs to be addressed. A single API glitch caused the data breach of 5.4 million Twitter users. By harvesting the right secrets, cybercriminals can easily gain access to the Personally Identifiable Information (PII) of any organization.

Corsha Inc, an API security vendor, released its latest research with a survey of more than 400 security and engineering professionals. It revealed that 53% of these professionals surveyed encountered a data breach in apps or networks because of compromised API tokens.

The research also stated that most organizations find it difficult to handle API secrets, accounting for 86% of them working for 15 hours a week to manage, provision, and deal with confidentialities.

Businesses are in a dire need of a more flexible approach to coordinate API secrets. They strive to retain their operations in hybrid cloud environments by lowering the risk of data intrusions from malicious actors.

Secrets’ Governance in the Era of API Explosion

A largely spread API exploitation has been observed, with 51% of API personnel and developers reporting that over half of their expansion efforts are spent on APIs. This rose to 49% in 2021 from 40% in 2020.

All these organizations have secrets that require utmost security, or else hackers can harvest them and breach the API-processed data.

Anusher Iyer, CEO of Corsha, stated that, “The explosion of APIs over the last few years, the increase in automated pipelines, microservices and movement to cloud brings along the explosion of secrets needed to secure communication across these APIs.”

The management of secrets provides solutions to such explosion by exercising the provisions, coordination, and rotation, so that organizations need not manually distribute contrasting tokens, keys, and certificates.

Iyer quoted that, “Secrets management is vital to the security of who and what is accessing your APIs. For many organizations, it’s the best way to safeguard their secrets in a secure, automated fashion, while also maintaining the hygiene needed to minimize any risk that might be associated with leaked and compromised credentials.”