CHEQUING OUT
THE IMPORTANCE OF ROBUST API SECURITY IN INSURANCE
In this article by Andre Kerstens , Principal Solution Architect , Noname Security , we take a look at APIs in insurance handle vast amounts of sensitive data , making robust API security essential to protect against vulnerabilities , prevent data breaches and ensure the integrity of policyholder information .
When an incident occurs , from an unfortunate car accident to damaged business equipment , policyholders rely on mobile applications and online portals that collect information , open claims , and process them through automated workflows . Behind the scenes , an insurer ’ s APIs handle what amounts to a policyholder ’ s life story in data . These APIs exchange :
• Sensitive details on people ’ s health , homes , families , vehicles and valuables .
• Personally identifiable information ( PII ) and payment data linked to bank accounts .
• Data on employees , properties , and legal matters , for businesses with policies .
API integration with this data makes them a major security risk . Malicious actors understand that APIs offer a quick , direct route to a company ’ s information . Frequently , APIs are deployed with misconfigurations , weak authentication measures , and accidental exposure to the internet – vulnerabilities that attackers can easily exploit .
We ’ ve observed several trends that make it challenging for insurers to protect APIs . Ongoing API expansion means that each new digital initiative leads to an increase and continuous evolution of APIs , making it difficult to maintain an accurate inventory .
Many insurers have separate development teams working in isolation across different business units , often without a unified guide for secure design . Moreover , while APIs are mainly designed to transmit information , our research indicates that only 40 % of organisations know which of their APIs return sensitive data .
The importance of API discovery and risk assessment in insurance
The average enterprise manages between 15,000 and 25,000 APIs , depending on its size . These APIs continuously enable rapid and seamless information sharing between the technologies that policyholders depend on for essential services .
Insurance companies need a thorough understanding of their API landscape to effectively manage their digital ecosystem . API discovery and inventories provide real-time visibility into the APIs being used , including legacy and unmanaged APIs . This allows organisations to detect potential security gaps , vulnerabilities and misconfigurations that can go unnoticed .
Conducting risk assessments for every API empowers insurance companies to recognise and rank potential risks . By understanding the information managed by each API and evaluating its security posture , companies can enforce suitable security protocols to efficiently alleviate risks . This proactive strategy helps to prevent data breaches , unauthorised www . intelligentfin . tech
67