Category: integration

Posted on

Zero Trust API Security Architect

The cybersecurity threat landscape has changed dramatically in the last couple of years. Every day new kinds of threats are coming and impacting the organization’s business. Infosec/Security teams have always had challenges with this new threat to find the root cause and mitigate these risks.

To mitigate and overcome these constant/real-time threats and risks, the security fraternity introduces Zero Trust Architecture (ZTA) Or Zero Trust Strategy (ZTS).  ZTA is not a product or application, but it is a concept and practice to mitigate any risk for your organization.

What is ZTA/ZTS?

Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by continuously validating for security configuration and posture before being granted or keeping access to applications and data across users and their associated devices. All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.

Here are the basic properties for ZTA/ZTS

  • Default deny
  • Access by policy only
  • For data, workloads, users, devices
  • Least privilege access
  • Security monitoring
  • Risk-based verification

How API implement ZTA/ZTS?

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). In API security we establish certain rules and processes to mitigate security risks.  These rules and processes are around Zero trust architecture or strategy. Here are a few basic strategies in API security to implement ZTA.

  1. All API communications are secured regardless of network location – This risk can be mitigated by ensuring all communication happens over an encrypted communication channel (TLS) and implementing a proper Cross-Origin Resource Sharing (CORS) policy. The endpoint for API needs to be exposed through the HTTPS protocol.
  2. All API endpoints are authenticated regardless of their environments (Prod, QA, Dev) — By default, all APIs need to be authenticated and authorized using username/password, JSON Web Token (JWT), OAuth, OpenID Connect, or third-party services.
  3. All API resources are protected and restricted to all users by default — Running multiple versions of an API requires additional management resources from the API provider and expands the attack surface. As per ZTA, make sure all API versions and their resources are restricted if it is not used by the user. Always validate and properly sanitize data received from integrated APIs before using it.
  4. Access to API resources is determined by dynamic policy including the client identity, application/service, and the requesting asset – Any API requires resources such as network bandwidth, CPU, memory, and storage. It is easy to exploit these resources by simple API calls or multiple concurrent requests. According to Zero Trust Architect, all APIs must implement API policies like:
    • Client identity (ClientID/Client-Secret)
    • Execution timeouts (Rate limiting)
    • Maximum allowable memory
    • Maximum number of file descriptors
    • Maximum number of processes
    • Maximum upload file size
  5. Implement or configure API monitoring posture and API Alert system — API monitoring helps identify and resolve performance issues as well as security vulnerability issues before they negatively impact users, which can impact user experience. The alert system notifies the operation team to mitigate risk quickly.
  6. Continuous API security risk assessments – Continuous risk assessments help the Infosec/Security team identify any security risk gap. By conducting the security risk assessments, organizations establish a baseline of cybersecurity measurements, and such baselines could be referenced to or compared against future results to improve overall cyber posture and resiliency further and demonstrate progress. A Free Security assessments tool VAT is available to mitigate any security risk for your organization.

https://www.vanrish.com/secassessment/

Organizations that have adopted the Zero Trust API model, see trust as fundamental to creating a positive, low-friction work culture for their clients and empowering the organization at all levels. Many of our Vanrish Technology clients, we worked with have many of the technologies in place that can be leveraged toward full Zero Trust architect model adoption.

Posted on

What is Cybersecurity?

Everyday technological miracle is happening. New technologies are coming and impacting our lives and businesses.

The information technology (IT) trends of the past few years—the rise in cloud computing adoption, online banking, Online travel booking, driving connected car remote work & working from home, connecting with friends and family online, and connected devices and sensors in everything from doorbells to cars to assembly lines.

These conveniences could be a problem if you don’t have a well-protected system. Cyberattacks have the power to disrupt, damage, or destroy businesses and people’s lives. These cyber security risks can cause losses of billions of dollars to any organization. The average cost of a data breach in 2023 was USD 4.45 million, up 15 percent over the last years.

What is Cybersecurity?

Cybersecurity is the measure or practice for preventing cyberattacks and mitigating cyber risk by protecting internet-connected individuals’ and organizations’ systems such as hardware, software, and sensitive data.

Types of cybersecurity (cybersecurity domains)

Cybersecurity can be categorized into ten different types based on where it is impacting your systems.

  1. Application Security – Application security protects applications running on-premises and in the cloud, preventing unauthorized access to and use of applications and related data, and preventing flaws or vulnerabilities in application design that hackers can use to infiltrate the network. Modern application development methods
  2. Cloud Security – Cloud security secures an organization’s cloud-based services and assets—applications, data, storage, development tools, virtual servers, and cloud infrastructure. In most use cases, cloud security runs on the shared responsibility model. Cloud providers are responsible for securing the services they are providing, and the infrastructure they are delivering, while the customer’s responsibility is protecting their data, code, and other assets they store or run in the cloud.
  3. Data Security – Data security is the process of maintaining the confidentiality, integrity, and availability of digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access.
  4. Identity and Access Control – Identity and Access control is a security technique that regulates who or what can view or use resources in a computing environment. There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms, and physical IT assets. Logical access control limits connections to computer networks, system files, and data.
  5. Code Management – Code Management security comprises programming practices, techniques, and tools that ensure your code isn’t susceptible to security vulnerabilities. A hack or leak of source code can cause serious damage to a company on multiple fronts. It can harm the company’s reputation and lead to a loss of customer trust.
  6. Network Security – Network security is defined as the process of creating a strategic defensive approach that secures a company’s data and resources across its network. It prevents unauthorized access to network resources and detects and stops cyberattacks and network security breaches.
  7. Operations Security – Operations Security (OPSEC) is the process by which we protect critical information whether it is classified or unclassified that can be used against an organization. Things that fall under the OPSEC umbrella include monitoring behaviors and habits on social media sites as well as discouraging employees from sharing login credentials via email or text message.
  8. Physical and Environmental Security – Physical and environmental security refers to measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment.
  9. Mobile Security – Mobile security, often referred to as wireless security, involves protecting both personal and business-related information stored on and transmitted from smartphones, tablets, laptops, wearables, and other portable devices.
  10. Third-Party Relationships – Third-Party Relationships security includes security from external entities may include service providers, vendors, supply-side partners, demand-side partners, alliances, consortiums, and investors, and may include both contractual and non-contractual parties.

Get your Free Security Assessments to mitigate your risks.

Posted on

Generative AI: How API making powerful customer experiences

Generative AI is more like a child where you instruct child that don’t bounce basketball inside home, but child goes to bounce a soccer ball inside home. But this was not your expectation from child and then this action falls outside of your expectation. Now you add more parameters with your instruction then the child is more likely to get the response that you want.

Generative AI is the same, the more context and parameter we can give to generative AI the better our service replies, the better emails, the better product recommendations get from your Generative AI Models.

We’re all seeing some amazing demos of generative AI these days. Models trained on the whole internet are able to hold a conversation, explain their reasoning, and perform well at a broad variety of tasks.

You’ve probably started to play with Chat GPT, Google Bard, or Microsoft Bing. In your company folks are already experimenting with different ways of data to use it in their work.

These chat interfaces, as an initial proof of concept, are truly amazing. it’s already becoming clear, the ability to create significant business value and it will be dependent on your ability to INTEGRATE and MANAGE these systems and data.

But there are multiple barriers standing in the way of our ability to implement AI.

  • Fragmented data is hard to ingest into AI models.
  • Missing context leads to poor recommendations.
  • Lack of trust in how the LLMs will use your data.
  • Difficulty in acting on the recommendations because AI is completely detached from business processes.
  • And of course, overall security risks of accessing data across various systems.

Technology is moving fast, and the recent introduction of AI innovation is exciting, especially with the promise of increased productivity. If you look at a public source like Hugging Face, there are over 250k AI models compared to only 32 significant industry-produced machine learning models in 2022. If you pair these figures with the fact that the average enterprise has over 1000 applications, suddenly you have a lot of API integrations to account for.

Without addressing your system integration challenges, you risk deploying AI that results in generic data in, and generic insights out.

Generative AI and API ecosystem

Let’s find how API fits into this Large-language models (LLMs) or generative AI space.

You can start with an LLM of your choice, such as Salesforce CodeGen or OpenAI’s CoPilot.

A large language model (LLM) is a deep learning algorithm that can perform a variety of natural language processing (NLP) tasks.

As you know, big models incur big cost, and LLM’s are expensive.

So large language models are exposed as APIs to reduce cost. As we know, APIs are the easiest way to get data in and data out from these LLM. These LLM’s are open for anyone to use. These APIs are also pulling data from your existing system as well as legacy system. Now you are enabling APIs which is required for your business process and adding data context which is make sense to business use-case.

Next, you can establish control over the APIs for your LLM by applying governance and security policies using Universal API Management. In this way, you can assure that your organization is leveraging AI while remaining secure and conformant. Once your APIs are secured then you can add automation and integration flow with your APIs which communicate with your internal systems. Enabling AI data through API You can push and pull data from a variety of data sources, including 3rd party applications, to ensure that you are using the latest data with the latest technology and building a complete 360 view of your customer.

API Safely unlock generative AI capabilities through a layer of trust Use Universal API management (UPIM) to provide security and governance for AI driven systems. The integration and automation tools also ensure the customer 360 is all up to date with the latest data, making powerful customer experiences possible.

Posted on

AIR India Deal: Catalyst for Aviation Industries

The COVID-19 pandemic caused total disruption in the airline industry. The aviation sector struggled to survive, with 80 percent of flights canceled during the pandemic. Whole travel & hospitality industries were struggling with pandemic slowdown. Before the revival from pandemic Russia-Ukraine war affected the aviation industries. Oil and maintenance price increased which reduced profit margin for aviation sector. So many routes got canceled or restructured airline routing. On top of that, Airlines canceled thousands of flights as a massive winter storm and bitter cold swept the U.S., which directly impacted airlines revenue. Remote work is also impacting aviation industries. Most company travel related work reduces tremendously and it is directly impacting aviation industries.

This disruption directly impacted airlines manufacturers and supporting industries. Aviation Modernization getting impacted with these aviation disruption. Budget cuts are also slowing down digital transformation of airlines industries. Aviation industry leaders were expecting recovery would be very long and it would change forever.

But in the economic slowdown and pandemic affected aviation industries, Air India deal with Boeing and Airbus came with new hope for aviation industries. This deal will help to re-energize and rejuvenate whole aviation industries. This deal is going to impact at least 3 continents and will generate millions of job opportunities. This will help to stop the economic slowdown and restart the economic engine. Air India is going to buy 460 aircraft from two main aircraft manufacturers. This is the 2nd largest aircraft order in the history of global aviation. It is called the mother of all deals in aircraft industries. Total list price for these deals are approx. 80 billion dollars. These deals are splitted between two aircraft manufacturers, Boeing and Airbus. Boeing is providing a total 220 aircraft and Airbus will deliver 240 aircrafts. This mega deal is so huge that it is elevating India’s image and putting India as a bright spot in the whole world economy.

Now lets see how this deal is going to affect the Aircraft Manufacturer, Airlines and Airport sector.

Aircraft Manufacturer
  1. Parts traceability for Airbus and Boeing – Boeing Aircraft parts manufacturers spread across approx. 3 North America countries and 44 US states. Similarly Airbus parts manufacturers are  spread across  approximately 10 European countries. This will lead to generating millions of jobs in these places but the big challenge is to manage part traceability and assembly of these parts. Materials management team picks and packs parts into kits to be delivered to the parts assembly working area in the aircraft factory. Create a robust system for real-time visibility of these parts for quick collaboration and decisions.
  1. Certification Compliances traceability  – Each small aircraft part is a very critical item for aircraft assembly. All these parts need to be certified with the external Federal Aviation Administration (FAA) for US and European Union Aviation Safety Agency (EASA) for European countries. Tracing and management of these certifications is one of the most important  activities for Aircraft industries. This system should be highly visible and audited for aircraft safety.
  1.  Cross Team Visibility and Collaboration –  A lot of people, both external and internal are working for one aircraft. It also involves a number of systems and processes to deliver one aircraft. People, systems and processes need to come together to deliver and maintain aircraft. This whole collaboration needs to be highly transparent and visible to deliver aircraft efficiently.
  1. Delivery and Service – Safety and documentation is a very important activity for any aircraft delivery. All steps and processes need to be properly documented and executed through respective teams. Any of these missing steps/processes  lead to delayed aircraft delivery. 
Airlines

This mega deal will generate all kinds of  job opportunities within India and across the world wherever Air India will fly. This deal will also impact the Air India system and process.  

  1. Airlines Route management – More aircraft for airlines, more robust and transparent route management system. Any of these systems delay airline operation. You also need to collaborate with your partner airlines route for high profit margin. These systems and processes need more people across the world wherever Air India airlines will fly. Digital transformation will also help to transparent the whole system and increase operational efficiency.
  1. Aircraft Maintenance and parts management –  Aircraft maintenance and part management is a big challenge for airlines. Like Air India buying more aircraft it will need a more transparent maintenance  system/tracking, people and airlines hubs. Airlines also need large hangers to maintain their aircraft. 
  1. Employee management and experience – More aircraft, more routes and more employees to manage the whole airline system. This includes more corporate employees, In flight crews and ground maintenance associates  recruitment, onboarding & retention. 
Airport 

An airport is a massive business and has many verticals on its own. An airport as not just the spaces you see, such as departure, arrivals hall, duty free, security, etc. but an airport is a complex organization with many parties coming and going, the airport, retailers, service providers on the airside, the airlines, the cargo & warehousing spaces, aircraft MRO, fueling, as well as day authorities such as air traffic control, customs for people & Cargo, security, fire & emergency services, etc.

Since Air India is increasing its fleet , It will also impact airport operation and process. It will bring more opportunities to the airport.

  1. Efficient passenger process – Airport customer service, passport control, boarding/arrival, airport gate management comes in this category. It will be heavily impacted with more flights from Air India.
  2. Airport Safety, Security and health management – With this deal, more travelers will arrive and depart from the airport. To keep airports safe and secure, airports need more resources and their system transparent. They need to enable touchless solution to create perceived security around COVID-19
  3. Baggage operation – Baggage operation and management  is also a very important process for airports. This process will also get heavily impacted with this new  Aircraft purchase.
Posted on

Retail 2023: The new Trend

From the last few years COVID pandemic has changed the whole Retail business spectrum in ways we could have never imagined before. Exploring new and accelerated trends gives us an indication of how this evolution will continue into the new normal. This pandemic also leads to closure of countless stores and bankruptcy. After surviving from the pandemic, inflation is hard hitting Retail business. Supply chain is also getting impacted with the Russia-Ukraine war. Now experts are saying that the greatest risk facing global supply chains has shifted from the pandemic to the Russia-Ukraine military conflict and the geopolitical and economic uncertainties.

With all this news for Retail industries, customer expectations and habits have shifted. Customers expect engagement on values to go beyond point of purchase to creating moments of engagement across the full journey. Now retailers have been compelled to find new ways to connect with consumers in a personalized and tailored way in-store as well as online to make a more intuitive experience. Retailers are going more digitized in their approach to connect with customers.

This is how retailers are moving forward to reach a wider customer base and lure their product. 

  1. e-commerce Technologies – In pandemic time if your business presence was not online then you will be out of business quickly. So Retailers have increased investment in e-commerce technologies. They increased the budget for digital transformation. To get ahead of competition, they are offering a mix of digital and physical experiences ahead of their rivals. Retailers are also focusing on customer service and providing seamless service experience across messaging, web and mobile channels. Retailers are creating a cohesive and connected customer shopping journey with e-commerce and unified data across systems.
  1. Infrastructure– Retailers are upgrading their instore as well as online infrastructure. They are replacing traditional store signs with digital signs and screens to display ads and videos. They are also adding kiosks and self-checkouts within the store. This is making the shopping experience more convenient and personalized. Shoppers are in and out, without having to make small talk or wait in queues. Deployment of in-store technologies double in a year.
  1. API-first and Cloud – Retailers are focused on Composable architecture. Composable architectures are key players to  implement successful digital transformations and most engaging digital experiences. 2023 will be a year of focus for retailers to remove entirely their legacy monolithic architectures. API-first and Cloud based solutions help retailers to switch to new functionality without the need for significant investment and resources. This will reduce the incredible amount of time and cost of ownership of a fraction of legacy technologies. API-first connectivity helps customers to shop anytime, anywhere and anyhow
  1. Customer experience – Customer experience is the one the main focus for Retailers this year. The focus of customer experience is online as well as in store experience. Retailers are providing customers enhanced assisted-selling experiences through assisted Selling. They are also focusing online customers through distributed OMS (Order Management System), Omni-channel and remote Selling. Retails are preparing for next level customer experience through loyalty(customers long-term relationships), native App and AI based digital fitting room.
  1. Merchandising & Supply Chain – Retailers are providing real time tracking and inventory information to their customers. They are also providing purchase incentives to their loyal customers so that they can keep engaging customers for their products. Retailers are also focusing on upgradation of warehouse management (WMS) to fulfill in-store as well as online orders.
Posted on

Recession: Impact in Software as a Service(SaaS) 

Global uncertainties continue to dominate headlines. Inflation is expected to reach the highest levels of ~3.5% in the US and Europe by the end of 2023. To ease inflation, Central Banks need to dampen demand, by making it expensive (for financial institutions, businesses and households) to borrow by increasing Federal Reserve interest rates . We are expecting a federal rate hike of 4.75% – 5.0% by the end of 2023. These are all data showing we are heading toward recession. The US labor market was robust last quarter but this quarter it is not very promising. Everyday we are hearing layoff news from different sectors.

IMF inflation forecast

These inflation and layoff news are impacting our tech market. Many companies have a growth challenge: They expect to get as much as 50 percent of their revenue from new businesses and products by 2026 but are not on a path that will take them there. Current economic conditions are forcing high-growth yet unprofitable tech startups to tighten their financial belts.

There are few realities, software companies are facing for their growth.

US-based Venture capitalists backed software startups slowed down – VC are very clear of high valuation and demanding that companies spend less, improve profit margin and high output. Unicorn creation also slowed in 2022 Q4. This is one of the lowest quarterly count since the first quarter of 2020.

Depressed company valuations – Private company valuations are cooling down. Over the last 4 quarters, we have seen public valuations compressing.

 Software companies have three critical revenue streams.

  1. License / Subscription Revenue – When the customer pays for the right to own and use a copy of the software/hardware product or subscribe/access  software platform
  2. software or hardware product – Customer pays for ongoing support or premium support.
  3. Cloud based licensed software – Customer pays the software provider for specific deliverables such as software implementation or technical training.

In the current world all these 3 revenue streams are shrinking. Companies are using only essential services to run their business. This is directly impacting software revenue, which is leading these companies into low valuation.

Infrastructure Maintenance –  SaaS companies are providing the software as a service. This means the customer does not have to purchase hardware to run the software—that cost is transferred to the SaaS provider. This is implying continuous software running coast. This cost is not going anywhere.So due to inflation this SaaS running cost increases tremendously.

Posted on

Recession: Industry Impact

Recession prospect is certainly very scary. World over economies are contracting. The recession has had a significant impact on the global economy, leading to decreased GDP growth and an uncertain future for many industries. The IMF cut its forecast of global GDP for the year to 2.7% and for the US GDP growth forecast is 1.4% .China and India are key players for the world’s supply-chain requirement. Post COVID pandemic China is still struggling to provide supply-chain needs to the world and India is still in process to build supply-chain needs. Escalating Russia-Ukraine war and geopolitical tension is disrupting the world’s supply-chain. 

Due to all these issues,Inflation is very high across the world. The inflation rate depends on the balance between aggregate supply and aggregate demand within the economy. US inflation consumer prices rose 7% approx. in December 2022 from a year ago. Inflation driving up vendor price beyond budget expectation. The US Federal Reserve is increasing interest rates in the most aggressive way to curb this inflation. 

No industry is completely insulated from a recession, there are always opportunities within even the most impacted industries. The Impact of recession  is not equal for all kinds of industries. Most impacted industries are directly proportional to consumer sentiment, consumer basic requirement and consumer spending. Least impacted industries are not directly proportion to user sentiment and it is also supported by external system.

Here is worldwide recession industry impact index

In the above chart, most impact industries are consumer, consumer services and transportation. After COVID-19 this industry is cautiously optimistic about the return of travel and tourism. But  inflation and a volatile market are pulling these industries down. Loyalty programs are weakening between brand and customer. Recession industry impact index is average 8.5/10 approx. Hospitality and Airlines industries are trying to optimize their process to mitigate their risk. They are cutting routes, reducing flights, and, in some cases, shutting down offices to help reduce expenditures.

Retail and Manufacturing industries and also getting impacted with current inflation and escalating geopolitical tension. Clearly the industry has experienced unprecedented supply chain pressures and disruptions over the past two years; Global disruptions – such as the Russia / Ukraine war – continue to impact manufacturing supply chains, thereby increasing costs and delays. Recession industry impact index for this industry is 7.5/10 approx. Retail and Manufacturing industries are working on omni-channel commerce platforms, optimized operations, and omni-channel order orchestration and fulfillment to mitigate their risk. They are reducing overhead cost and going for digital.

The Federal/Central Government is the most recession proof industry. It needs to make ongoing investment to keep the country running. Critical infrastructure management, border, customs and immigration management are key activities the government can not ignore and reduce investment. Even in COVID-19 pandemic time influx of federal funding and ample emergency funds put state and local entities in recession-ready shape. Recession industry impact index for this industry is 1/10 approx.

Posted on

RPA, BOTS, AI and API

In today’s competitive markets, industries face many challenges in order to remain successful. These include staying ahead of the competition, understanding customers need and preferences, and providing a high level of service that will make customers happy.

Here are few challenges for current industries

  1. Resolve customer issues ASAP
  2. Collect and qualify customer information
  3. Easily connect to business process
  4. Enable business new features quickly.

In current business requirements 90% of organizations see increased demand for automation from business teams, due to that 95% of IT leaders are prioritizing automation. 

Automation is a critical component of digital transformation and business success. Robotic Process Automation (RPA) bots are at the forefront of this revolution, providing businesses with an automated solution to optimize their processes while improving customer experiences. RPA bots can be used in many areas such as data entry, document processing and workflow management; they automate repetitive tasks that would otherwise take up valuable resources from human employees. This automation not only increases efficiency but also reduces costs associated with manual labor, allowing companies to focus on more pressing issues like innovation or collaboration between departments. By utilizing intelligent bots powered by artificial intelligence (AI), companies can further streamline operations and provide customers with immediate feedback on requests or inquiries in real time without manual intervention from employees. Additionally, natural language processing (NLP) capabilities allow chatbots used in websites or apps to respond quickly and accurately when communicating with customers.

Using NLP, Bots can decipher specific sentences or words customers type and associate them to an intent. NLP provides insights by analyzing past chat transcripts to identify common customer utterances or phrases (such as order status, account information, password reset, logging an issue, etc.) that the Bot can use to take action. A predictive model for bots to understand intent and take action called intent model. The intent model is made up of intents and utterances.

APIs , NLP and AI are the essential components for Bots. Once an intent model from NLP identifies action then Bots call APIs. APIs help to execute tasks from the backend system for Bots. Suppose if users are looking for order status from bots and APIs are not responding on time it will fail the whole Bots purpose. So APIs are one of the key components for Bots.

APIs streamline Bots tasks and automated any process/tasks for any team. Bots and APIs empower business and IT teams to collaborate with ease and break silos in every step of their automation journey. Enable end-to-end automation at scale Reuse and compose RPA securely.

Posted on

API Security

API is a key component of digital transformation. API is the interface of your legacy and SAAS data. The goal of APIs is to facilitate the transfer and enablement  of data between your system and external users. APIs are typically available through public networks like the internet to communicate to external users and expose your data into the public domain.

Since your data is exposed into the public domain through APIs, It can lead to a data breach. APIs can be broken and expose sensitive personal as well as company data. An insecure API can be an easy target for hackers to gain access to your system and network. Rise of IOT devices and usage of APIs by these IOT devices, APIs are now more vulnerable. 

According to owasp, these are 10 main API vulnerabilities.

  1. Broken Object Level Authorization – Expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue.
  2. Broken User Authentication – Authentication mechanisms are implemented incorrectly.
  3. Excessive Data Exposure – Developers  expose all object properties without considering their individual sensitivity
  4. Lack of Resources & Rate Limiting – APIs do not impose any restrictions on the size or number of resources that can be requested by the client/user, lead to Denial of Service (DoS) attack on APIs
  5. Broken Function Level Authorization Complex access control policies with different hierarchies lead to authorization flaws.
  6. Mass Assignment – Without proper properties filtering based on an allowlist, usually leads to Mass Assignment.
  7. Security Misconfiguration – Misconfiguration or lack of Security configuration  is commonly a result of insecure APIs
  8. SQL Injection SQL Injection occurs when untrusted data is sent to an interpreter as part of a command or query.
  9. Improper Assets Management – APIs tend to expose more endpoints than traditional web applications lead to improper expose APIs.
  10. Insufficient Logging & Monitoring – Insufficient logging and monitoring fail to find your vulnerability and broken integration.

How to mitigate API security risk?

  • API supports secure sockets layer (SSL), transport layer security (TLS), and Hypertext Transfer Protocol Secure (HTTPS) protocols, which provide security by encrypting data during the transfer process.
  • Apply Basic Auth minimum with API or  if you want to more secure your API then enable 2 way authentication through OAuth framework . 
  • Apply Authorization on each API resource to more control on API security through external Identity and access management provider (IAM).
  • Use encryption and signatures to all your API exposed personal and organizational sensitive data.
  • Apply API throttling through API manager to control number of user access per API (Rate Limiting).
  • Implement best practice of exception handling on your APIs to hide all your internal server and database information to mitigate SQL injection security risk.
  • Use Service Mesh to manage different layers of API management and control.
  • Audit your APIs and remove all unused API from your API catalog.
  • Add proper logging, Monitoring and Alerting on your APIs to keep track of your APIs activity.

Conclusion: APIs are a critical part of modern AI, mobile, SaaS, IOT and web applications. APIs Security should be the main focus on strategies and solutions to mitigate the unique vulnerabilities and security risks .

Posted on

Covid 19 :Digital Transformation

Digital Transformation

The coronavirus (COVID-19) outbreak is one of the worst pandemic in recent history. This pandemic is affecting almost every person in the world. This pandemic is changing our living style, working style and also affecting our society.

This pandemic crisis raised a number of unique challenges among small and enterprise businesses. Organizations are navigating the business and facing unique operational challenges and delivering their product to their customers during the pandemic. 

During this COVID-19 pandemic crisis here are few business challenges 

  • Resource Management 
  • Client Management 
  • Digital/online transformation 
  • Employee Remote work management

In this pandemic crisis API is playing a pivotal role to help their customers to migrate their business into digital through digital transformation solutions. API is playing a pivotal role to expedite digital transformation. API is also providing a platform  and solution for crisis management during this pandemic.

Here is API solution for business

  • Make decisions — APIs are creating open platforms that expose critical COVID and organization data to enable organization proper management and tracking.These API enable data are helping to create dashboard and AI model. These dashboard and AI models help organizations to  take decision or forecast their future strategy.
  • Respond and deliveries — Tracking and Management APIs are  enabling organizations to respond quickly for any crisis and deliver their product on time.This helps any organization to expand their business and digitalize their legacy system & assets.
  • Return to work — APIs, templates and connectors are helping to unlock employee data. Organizations are integrating with ERP systems through APIs and unlocking their employee and resources data during pandemic. It is also facilitating/helping their employees to return their work during pandemic time either remote or onsite.
  • Simplify delivery — Enabling APIs, templates and micro-services are helping to simplify and  improve their business process during pandemic.This is also helping to enable new innovation within organization and opening new business opportunity.

Covid 19 is also expediting digital transformation in healthcare. It is reshaping the way humans interact with technology in healthcare and Public Health Agencies  or Federal Regulators. COVID-19 is also pushing healthcare organizations to embrace the idea of digital health and intelligent data integration as a tool. “Contact tracing” during pandemics is only possible through enablement of APIs. Federal and state governments are getting “contact tracing” patient data through API and using this data to trace down the source of pandemic.

API is also enabling pharmaceutical industries to deliver medicine fast and on time. It is also helping to manage and track medicine dose and availability. 

Conclusion: Covid is disrupting whole industries and pushing companies to digital transform their process forever.