API Economy: How to Build Secure Business on Platform

by Helen Johnson | July 12, 2017 11:33 am

According to IT research agency International Data Corporation (IDC), the global Internet of Things[1] (IoT) market will reach $7.1 trillion by 2020. The development of IoT area requires the correspondent growth of Application Programming Interface (API) as a mean of communication between different programs, platforms and applications. While IoT integration is possible due to APIs.

Being a set of system modules, API enables the delivery of new products without its actual development. API gives all necessary basis for integration with external providers of various services. Besides, it is important for GUI[2] (Graphical user Interface) customization. Such large corporations as Amazon Web Services, Facebook, Google and Twitter have their APIs available for third-party providers.

IoT together with APIs has given the possibility for new business channels to appear. Newly created digital society leads to merging the real physical word and the virtual one. We already live in API economy where companies build their business models and strategies based on API and IoT technologies trends.

The API economy turns companies, organizations and businesses into platform. Rather a good example is Uber – a company that builds its business on the platform. Through API, the application connects drivers and passengers using Google Maps.

In order to turn the business to platform, the company needs three main things: digital business models, business model platforms and business ecosystems. But the actual shift starts from changing company’s culture and internal organization of working processes.

Recommendations to turn business into platform

Being fully focused on functional and features, developers may accidentally open the door to corporate and customers data. API requires specialists to think outside the box as hackers do. In order to protect APIs, vendors keep to the standard – Internet Engineering Task Force’s OAuth. However, the standard is based on HTTP that has own flaws.

APIs are rather complex systems and they support a big number of connections. Besides that, new software is released ASAP. So, it is quite difficult to write secure code. According to data provided by the researchers of the University of Virginia, 67% of applications available in App Store have security vulnerabilities – customer’s credentials can be stolen.

Add-ons available for APIs hide more threats. For example, social networks and mobile solutions allow third-party service providers to add functionality to the basic system. In such a case, developers get access privileges and are able to manage system admin functionality. This causes new vulnerabilities.

To protect the system, developers follow a multi-pronged approach – the procedures of authentication and authorization are multistep and include biometric solutions, e.g. fingerprints. Also, during security testing, the main focus is on front-end but back-end hides many security holes too.

The development of new functionality requires spending 5-10% of total project budget on security testing[3] in order to avoid huge losses in future.

Related Posts:

Endnotes:
  1. Internet of Things: http://qatestlab.com/knowledge-center/qa-testing-materials/iot-testing-approaches/
  2. GUI: http://blog.qatestlab.com/2015/10/21/gui-usability-testing/
  3. security testing: http://qatestlab.com/services/Is-Your-Software-Secure/security-testing/
  4. How spammers get your data from health and fitness apps?: http://blog.qatestlab.com/2017/11/20/fitness-app-security/
  5. Can cyber security culture ensure hacker’s wipeout?: http://blog.qatestlab.com/2017/06/01/cyber-security-culture/
  6. Security Testing Tools You Need to Know About: http://blog.qatestlab.com/2017/04/26/security-testing-tool/
  7. Hacking: Pluses and Minuses: http://blog.qatestlab.com/2017/04/20/hacking-pluses-minuses/
  8. What Are the Threats of Software Products?: http://blog.qatestlab.com/2017/03/22/software-products-threats/

Source URL: http://blog.qatestlab.com/2017/07/12/api-secutiry-threats/