DevSecOps, Cloud Security

42Crunch-Cisco collaboration to focus on API security

A visitor tries out a tablet next to a cloud computing symbol at the 2013 CeBIT technology trade fair on March 5, 2013, in Hanover, Germany. Today’s columnist, Josh Stella of Snyk, lays out five fundamentals of cloud security.
(Photo by Sean Gallup/Getty Images)

42Crunch kicked off KubeCon in San Francisco on Monday by announcing a collaboration with Cisco to offer the developer community APIClarity, a new API visibility and security tool that promises to help enterprises fortify their cloud protection.

APIs have increasingly become a favorite target for hackers seeking to compromise cloud environments with malware such as cryptojacking and ransomware. 42Crunch and Cisco aim to address these threats by advocating a “shift-left” approach to API security and discovery that empowers developers to code protection into the API build process.

The two companies believe there’s a real need for this in the marketplace, pointing to a recent study by IBM which found that two-thirds of cloud breaches are attributed to misconfigured APIs.

Ideally, organizations should be proactive with security — rather than reactive — and the same holds true for API security, said Ryan Kennedy, application security consultant at nVisium.

“Leveraging existing standards such as OpenAPI to enforce best practices early on in the API design process will empower developers to secure APIs — without introducing too much friction in the development process,” Kennedy said. “In principle, security issues and misconfigurations should be addressed and caught early on — where both the time and technical costs to remediate issues is less than later on in the API design lifecycle.”

Frank Dickson, vice president for security and trust at IDC, added that the cloud benefits organizations because they can entrust the cloud provider to be increasingly responsible for securing applications. IaaS removes the worries of infrastructure, network and virtualization. PaaS manages the operating system, and SaaS secures the application. 

“However, even with SaaS, we always own responsibility for managing identity and date, and the frontline of that protection is the API,” Dickson said. “Organizations are quickly realizing that it's critical to discover, manage and secure APIs because the failure of a single API may bring an organization to its knees.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.