APIs are a critical cog within the overall public cloud machine. Among other things, cloud APIs fuel app development, enable automation and streamline cloud services management.
But, without proper security measures, cloud APIs can also be a gateway to an attack.
In 2014, for example, APIs were largely to blame for a Snapchat breach that impacted 4.6 million users.
To minimize API risks, organizations should press public cloud providers about their application and API security practices, said Erik Heidt, research director at Gartner.
"If [a cloud provider's] narrative or explanation about how they handle app security … does not reflect an ongoing investment in testing and training and in identifying and remediating problems, then I would be very suspect of that," Heidt said.
SumAll, a social media and marketing analytics firm based in New York, integrates its platform with more than 50 third-party APIs, said Korey Lee, the company's CIO. As a result, API security has become paramount.
"We have taken a lot of steps to mitigate risks by looking at our terms of service and implementing a number of security layers around that data," Lee said. "There's a general, healthy paranoia around where our cloud data is going and who is using it for what," he said.