Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Insecure API Cloud Computing: The Causes and Solutions
November 16, 2020
In an ideal world APIs streamline cloud computing processes. But it's not always that black and white. There's a gray area where APIs, when left unsecured, can open lines of communication that allow individuals to exploit private data. And there are numbers to back up the reality of this threat.
In 2018 alone, insufficient API security was the cause of at least half a dozen high-profile data breaches. By 2022, Gartner estimates that APIs will be the vector used most frequently in attacks involving enterprise application data.
One reason cyber criminals are drawn to cloud APIs is that they have become the norm in IT infrastructures. According to a recent study from Imperva, over two-thirds of organizations expose APIs to the public so business partners and external developers can access software platforms. The study results also indicated that the typical organization manages an average of 363 APIs, and 61% of organizations reported that their business strategy relies on API integration.
As dependency on APIs increases, cybercriminals have found two common ways to leverage them for malicious purposes.
The Exploitation of Inadequate Authentication -
In some cases, developers create APIs without authentication. As a result, these interfaces are completely open to the internet and anyone can use them to access enterprise systems and data. Think of it as walking around a neighborhood trying doors until you find one left unlocked.
Profiting from Increased Use of Open-Source Software -
A component-based approach to software development has become commonplace in the IT world. To save time, many developers incorporate open-source software into their code. This can leave many applications open to supply chain attacks. For instance, a developer could download components from public online Docker hubs that are unknowingly tainted with cryptocurrency mining code.
Leaking Information to the Web -
Modern development processes emphasize efficiency and velocity. As a result, many configuration objects find their way onto the internet, with potentially catastrophic results. A simple Google or GitHub search can turn up this information in a matter of seconds. This information can be AWS or other Cloud Service Provider API keys, root passwords configured in Dockerfiles or much more. It’s crucially important to keep tabs on credential information that can potentially be exposed.
To avoid accidental or malicious data exposure via APIs, businesses should consider adopting the following best practices:
November 05, 2020
A security vulnerability has been found in the Black Duck Hub REST API Python project (“blackduck” in the PyPI repository). Read more.
September 14, 2020
Progressive Risk evaluates how rapid change affects the risk profile, and specifically TPRM.
July 31, 2020
It’s possible to reduce rapid application deployment risk with a multi-layered, integrated security approach.
Let us know what you need, and we will have an Optiv professional contact you shortly.