https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

API security

API Security: CPaaS Data Breaches and Endpoint Security

  • Written by Derek Handova
  • August 19, 2019
API security such as authentication, authorization and TLS mitigate impact of CPaaS data breaches on endpoint security.

With the rise of API integration platforms like MuleSoft and communications platform-as-a-service (CPaaS) APIs such as Twilio, API security has become a general concern for cloud startups. In addition, because many traditional enterprises are now migrating from on-premises communications to cloud platforms, API security for them has come in sharp relief due to ransomware, phishing, e-commerce, and other endpoint security bête noires.

CPaaS and APIs offer benefits including improved productivity and third-party app integrations, but they also come with endpoint security risks. Before migrating, customers and their MSSP partners need to consider the risks of CPaaS APIs and come up with a plan to protect endpoints from any potential security risks. MSSPs can play a vital role in managing the CPaaS API endpoint security risk for their customers, but first they must answer critical questions about how to:

  • Make CPaaS APIs work and what API security and internet and mobile endpoint risks they create
  • Protect customer endpoints from API security exploits and CPaaS data breaches
  • Implement well-understood endpoint best practices to prevent API security breaches
  • Keep voice and video communications safe when API security is a shared responsibility

API Security and Internet and Mobile Endpoints

Developers of the wireless internet and mobile apps often desire communications capabilities that are native to their applications. Prior to CPaaS, these app developers would either have to build their own communications stack, replicating fairly complex software, or redirect a user to a third-party business phone app such as Skype or WhatsApp, according to security experts. They also state that CPaaS allows native integration of communications capability with simple API interactions so that developers can deploy capabilities quickly and customize it to their needs, without sending customers to other applications.

Kudelski Security's Andrew Howard

Kudelski Security’s Andrew Howard

“But the APIs are only as secure as the CPaaS platform makes them,” said Andrew Howard, CEO of Kudelski Security, a global security firm. “Typically, a developer would write code to interact with the CPaaS API based on specifications written by the CPaaS platform. It is critical that those specifications follow API security best practices, such as requiring authentication, and that the API implementation actually matches the specification. Developers should demand API security best practices in the CPaaS API, carefully inspect API specifications and implementations for flaws and demand regular security audits of the API by reputable third parties.”

And focusing on Authn/Authz strong authentication as well as transport layer security (TLS), and a good content data network (CDN) to provide web application firewall (WAF) services are key best practices to keeping cloud API and CPaaS implementations secure, according to other security experts.

Ivanti's Phil Richards

Ivanti’s Phil Richards

“A strong Authn-Authz authentication model with excellent password strength and multifactor authentication is a must for this environment,” said Phil Richards, CISO, Ivanti, a provider of unified IT solutions. “Additionally, a strong authorization model with multiple roles is critical to granting access based on need and to keep a narrow scope. And using TLS 1.2 with CA-signed certificates is critical for web-facing interfaces, keeping traffic encrypted and guarding against man-in-the-middle attacks. But having an…

  • Page 1
  • Page 2
  • Page 3
Tags: MSPs Business of Security Cloud and Edge Endpoint MSSP Insider Network

Related


  • Cybersecurity Roundup
    Cybersecurity Roundup: California Privacy Law, Pensacola Attack, Bitdefender-Datto and More
    CCPA is a pretty big deal if you do business with Californians.
  • Egg in a Vice
    Fortinet's Latest Acquisition Puts More Pressure on Cisco
    Fortinet plans to continue the investment and support for CyberSponse’s product.
  • Hooded mass of unknown faceless computer hacker and cyber criminals with a world map of internet usage and binary code
    WatchGuard: Old Equifax Vulnerability, Microsoft Office Targeted Widely in Q3
    The report shows an increase in malware attacks targeting the Americas in the third quarter.
  • Ransomware
    Kaspersky: Municipal Ransomware Attacks Spike in 2019
    Ransom amounts have varied greatly, with highs reaching up to $5.3 million.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • SonicWall Beefs Up MSSP Security Offerings
  • What’s Missing from MSSPs and Enterprise SOCs That Will Change the Game?
  • Cybersecurity Roundup: Kaseya, Barracuda, Qualys, Arctic Wolf Networks
  • How to Secure Elections for Municipality, State Clients

Galleries

Images: Channel Evolution Europe Featuring Avant, 8×8, Sophos, CenturyLink, More

December 5, 2019
view all

From the Industry

Tech Providers Need a Marketing Strategy to Drive Growth

December 13, 2019

The Real Cost of a Data Breach

December 13, 2019

How to Prepare for Tomorrow’s Security Threats Today

December 13, 2019
view all

Webinars

From MSP to MSSP: Seizing the Managed Security Opportunity

December 17, 2019

Agents Can Sell Managed Services. Here’s How.

December 17, 2019
view all

White Papers

Why You Should Sell Rackspace Hosted Email

December 13, 2019

Secrets to Sustainable Growth – for MSPs, by MSPs

December 4, 2019

Why Managed Security Presents A Golden Opportunity for MSPs

November 26, 2019
view all

Events

Channel Partners Conference & Expo

March 9, 2020 - March 12, 2020
view all

Videos

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

October 22, 2019

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

October 14, 2019

Liongard: Here’s How We ‘Roar’ for the MSP Community

October 14, 2019
view all

Twitter

ChannelFutures

Why You Should Sell Rackspace Hosted Email dlvr.it/RLFVrx https://t.co/xQXUKhD4fk

December 14, 2019
ChannelFutures

Every MSP can benefit from more strategic marketing. @Sherweb dlvr.it/RLDpJx https://t.co/t0qP7gREJ7

December 13, 2019
ChannelFutures

Read how Jeff Van Natter of @TrendMicro is utilizing distributors to reach new partners dlvr.it/RLDZdM https://t.co/UtymAdvfqQ

December 13, 2019
ChannelFutures

Questions about the real cost of a data breach? @ESET dlvr.it/RLDJxC https://t.co/vyj6gnSuIo

December 13, 2019
ChannelFutures

Discover how Tech Data is helping to close the #cybersecurity skills gap. @TechDataSecInf dlvr.it/RLDFBv https://t.co/Q8ZERC7CAv

December 13, 2019
ChannelFutures

Our latest #Cybersecurity Roundup covers CCPA, Pensacola #ransomware attack, @Bitdefender @datto @Netskope… twitter.com/i/web/status/1…

December 13, 2019
ChannelFutures

So you want to sell your partner business? How do you know when? dlvr.it/RLCKv3 https://t.co/rOzWMMmNJ7

December 13, 2019
ChannelFutures

.@Bitdefender today announced the integration of its GravityZone MSP security suite with @datto #RMM.… twitter.com/i/web/status/1…

December 12, 2019

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Cookie Policy
  • Privacy
  • Terms
Copyright ©2019 Informa PLC. Informa Telecoms & Media Limited is a company registered in England and Wales with company number 00991704 whose registered office is 5 Howick Place, London, SW1P 1WG. VAT GB365462636. Informa Telecoms & Media Limited is part of Informa PLC.
✕

channel futures Logo

Want to stay updated? Sign up for our Channel Futures newsletters today.

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X