The volume of open APIs – application programming interfaces – is rising and with it, the number of gateways is also soaring, creating a number of security issues along the way, says Peter Logan, an application engineer with Intel.
Speaking at the Cloud World Forum event in London this week, Logan explained that in 2007 the number of open APIs numbered around the 500 mark and by the end of last year it had numbered more than 4,000 – a figure he expects to have risen significantly as we reach the mid-point of 2012.
“The problem with this rise is the similar rise in the number of gateways that this situation creates – where SOAP and other technologies come to the fore,” he explained.
ITSP notes that SOAP – the Simple Object Access Protocol – is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks.
The protocol relies on XML – extensible mark-up language – for its message format, and also usually relies on other Application Layer protocols, most notably HTTP (hypertext transfer protocol and SMTP (simple mail transfer protocol) for message negotiation and transmission.
And it is this `opening up‘ of IT platforms to so many different protocols that introduces security problems to the technology mix, Logan told his audience, with a classic example being the API on the Transport for London (TfL) Web site.
The APIs on the TfL Web site, he says, can be used for a very wide range of things, all the way from working out whether your tube train is going to arrive on time, through to booking a `Boris Bike’ for the afternoon.
But the security issue with open APIs goes further than this, he argues, as we are now at the stage where people’s personal tax data is going via an open API on HMRC’s computers and Web site.
When you factor in the issue that a lot of healthcare data is also flowing across these open APIs, he says, this means it has become very important to secure all of these gateways.
“As a result, we are now also seeing the arrival of service gateways and allied services such as Software-as-a-Service portals like Salesforce and Google’s many portals,” he explained.
The problem facing IT security professionals, he says, is that the technologies that are needed to tackle the problem of open APIs effectively are becoming more complex and diverse than ever before.
For example, he told his audience, you have ID management, application security, legacy applications and databases to secure and – just to make life interesting – IT security professionals also need to bridge multiple APIs across domain middleware and identities.