Technology Record - Issue 22: Autumn 2021

100 www. t e c h n o l o g y r e c o r d . c om A pplications are everywhere, from data centres to smartphones. Remote working has increased the need for more appli- cations to be exposed to the cloud. However, applications are regularly breached – so how do you protect them? Understanding the threats is incredibly important in figuring out app security and protecting your applications. We’ve talked before about bots, and they still sit atop the list of successful methods of breaches. Add in the fact that 28 per cent of breaches are caused by human error, and it’s more important than ever to make sure no door is left open. But that isn’t everything. Zero-day threats, web application vulnerabilities, software supply chain and application programming interfaces (APIs) need as much attention. Recent research data shows that out of 750 global customers, 72 per cent said their organisation had suffered at least one security breach from an application vulner- ability in the past year, with nearly 40 per cent experiencing more than one. Organisations are moving to an API-first devel- opment, because they make the development of new versions of applications much faster. But extending the visibility of these applications cre- ates a whole new attack surface. There are no humans involved in business-­ to-business endpoint checking, because it’s all done by APIs. Why? APIs by nature expose the application’s logic, the user’s credentials and tokens, and all kinds of personal information, all at cloud speed and from your phone. An API- based application is significantly more exposed than a traditional web-based app because of the deliberate access it provides to sensitive data. Bots are more than ready to jump on unsecured APIs at any time. Once there, they have access to customer data or employee information that they can compromise. There are plenty of examples of test APIs being deployed with access to produc- tion data with no security in place, but an encour- aging statistic from the research showed that 75 per cent say that whilst APIs present security challenges, they are now recognising the risks – a positive sign that this area is being taken seriously. Defending APIs is a tier-one security consid- eration. It is important to consider a compre- hensive, scalable and easy-to-deploy platform to protect applications wherever they may reside. A web application firewall with active threat intelligence is the most manageable way to pro- tect your applications and APIs from the threats mentioned. Protecting your organisation against today’s threats means adding client-side protec- tion as well as internally protecting against mali- cious employees. Chris Hill is regional vice president of public cloud and strategic partners international at Barracuda Networks Protecting your applications Organisations need to understand the threats facing their applications to develop an effective security strategy for their apps CHR I S H I L L : BAR RACUDA V I EWPO I NT “Bots are more than ready to jump on unsecured APIs”