This content is part of the Essential Guide: Combat the latest cloud security challenges and risks

Essential Guide

Browse Sections

What to consider when building a cloud security plan
Build a wall around your cloud with security tools
Climb into a hacker's mind with cloud security testing
Stay up to date on cloud security
Learn important cloud security terms

Manage

Seven cloud security risks that will ruin your day

By

Staff, SearchCloudComputing

6/9

Giving away access to cloud APIs

Source: Michael Kloran

Designer: Michael Kloran for TechTarget

APIs are a critical cog within the overall public cloud machine. Among other things, cloud APIs fuel app development, enable automation and streamline cloud services management.

But, without proper security measures, cloud APIs can also be a gateway to an attack.

In 2014, for example, APIs were largely to blame for a Snapchat breach that impacted 4.6 million users.

To minimize API risks, organizations should press public cloud providers about their application and API security practices, said Erik Heidt, research director at Gartner.

"If [a cloud provider's] narrative or explanation about how they handle app security … does not reflect an ongoing investment in testing and training and in identifying and remediating problems, then I would be very suspect of that," Heidt said.

SumAll, a social media and marketing analytics firm based in New York, integrates its platform with more than 50 third-party APIs, said Korey Lee, the company's CIO. As a result, API security has become paramount.

"We have taken a lot of steps to mitigate risks by looking at our terms of service and implementing a number of security layers around that data," Lee said. "There's a general, healthy paranoia around where our cloud data is going and who is using it for what," he said.

View All Photo Stories

SearchServerVirtualization

VMworld 2021 news and conference coverage
This year's VMworld conference ran virtually from Oct. 5 through Oct. 7. Read the latest news and announcements about and from ...
VSphere VM Service: Provision VMs with Kubernetes APIs
With Tanzu integration and vSphere VM Service lets developers and admins spin up VMs and guest OSes as desired-state images in ...
VMware's Project Monterey expands its capabilities, use cases
With updates to Project Monterey, VMware customers can now use DPUs for networking, security and bare-metal deployments from the ...

SearchVMware

Dell officially spins off 81% equity ownership of VMware
The spinoff agreement provides VMware with increased strategic and financial flexibility to grow its cloud and infrastructure ...
3 VMware disk types you should know: Raw, thick and thin
Raw, thick and thin disks offer portability and file storage efficiency. But each type has its pros and cons, including slower ...
Simplify VM right-sizing with VMware VMDSC Fling
The VM Desired State Configuration Fling helps reduce system outages and application performance issues with the help of an API ...

SearchVirtualDesktop

Setting up and troubleshooting multiple thin client monitors
Thin clients generally require less attention from desktop administrators, but sometimes, IT needs to intervene to set up or ...
Choosing a thin client for remote desktop protocol access
There are plenty of suitable thin client options for RDP environments, but each device has unique characteristics that make it a ...
Understanding the difference between thin and thick clients
How do thin and thick clients compare for licensing or flexibility? These two endpoint types each have their role in the ...

SearchAWS

In search of AWS Solutions Architect preparation?
Think you're ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and...
Experts raise privacy concerns over Amazon fleet surveillance
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the...
Here's why Amazon's global expansion won't come easy
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not...

SearchDataCenter

IBM details Kyndryl spinoff, business reorg and earnings
IBM's third-quarter earnings report was a mixed bag, with overall cloud revenues continuing to rise, and server hardware showing ...
Bust latency with monitoring practices and tools
Improve latency across your data center's infrastructure by exploring its causes, a handful of best practices and tools you can ...
Best practices for container security in the data center
Container sprawl and container repositories can introduce new vulnerabilities to a data center. Here's what organizations should ...

SearchWindowsServer

Get up to speed with PowerShell and the Microsoft Graph API
Microsoft plans to retire technologies that admins depend on to handle Office 365 and other cloud services via PowerShell. Learn ...
Microsoft Ignite 2021 conference coverage
Microsoft is expected to highlight the features in its new Windows desktop and server products as well as company efforts in ...
Microsoft squashes Windows zero-day on October Patch Tuesday
In addition to the publicly exploited bug, Microsoft corrected 76 flaws, including four that had been publicly disclosed, in this...

Close