Security News > 2023 > January > Enterprises remain vulnerable through compromised API secrets
Researchers recently surveyed over 400 security and engineering professionals to learn about their API secrets management practices and the challenges they face in thwarting API attacks.
"Security and engineering teams are forced to divert their attention away from forward-facing engineering to focus on secrets management, yet their organizations remain vulnerable to attackers both through lateral attacks and leaked or compromised API secrets to gain illegitimate access to sensitive data," said Jared Elder, CGO at Corsha.
"Data is everything and the potential risk from data breaches associated with leaked API secrets is clearly high and growing. Yet with an explosion of credentials to provision, rotate, and manage, the good guys find themselves constantly behind the eight ball," added Elder.
API usage has exploded over the last several years as companies continue to expand their adoption of could native technologies and API-driven ecosystems such as microservices and serverless architectures, hybrid cloud infrastructures, CI/CD pipelines, and a host of other applications and services that are sending and receiving sensitive information through APIs.
"Today, even the most robust modern secrets management implementation isn't sufficient to prevent APIs from being exploited, which explains why over half of our survey respondents highlighted the continuing worry of suffering a potential data breach due to their current secrets management practices," said Scott Hopkins, COO at Corsha.
"The heavy administrative workload and exceedingly manual processes for maintaining good security hygiene around secrets management create significant opportunities for error or oversight. Organizations would benefit from a stronger, automated, and highly scalable answer to their API authentication woes that can readily integrate into any environment," concluded Hopkins.
News URL
https://www.helpnetsecurity.com/2023/01/20/compromised-api-secrets/