Robert Kneschke - Fotolia
Real-time communication via APIs and communications platform as a service, or CPaaS, is generally more secure than using on-premises services or developing on your own. One reason is because CPaaS vendors have economies of scale. The other reason is because APIs and CPaaS offerings are frequently updated, so known vulnerabilities are quickly and efficiently patched. However, four areas are vulnerable when using real-time communication with APIs and CPaaS.
1. Exposing credentials
Accessing CPaaS vendor APIs requires the use of credentials, which need to be handled with care. Placing credentials such as API keys in the version-control repositories -- whether internal or external -- is a type of vulnerability, as you can't know who has access to them and where you'll be sharing the code.
Exposed credentials allow nefarious entities to access to your infrastructure, which can lead to API abuse and data leaks in your communication service.
2. API abuse
A third party that has access to your account's credentials can make free use of your account, eating up your budget and resources through the CPaaS platform for their own needs. Depending on the type of credentials that were stolen, you risk being blocked from your own account.
When using APIs from CPaaS vendors, you should make use of any access-control capabilities to limit user access based on need and curb the scope of a potential breach.
3. Forgetting to secure your own code
The fact that you are developing with a third-party CPaaS vendor doesn't absolve you from taking care of security vulnerabilities on your end. Your application needs to be written like any other cloud application, with the understanding that every component needs to be independently secured. The messages that are sent between your application and the CPaaS vendor's API should also be sent in a secure fashion.
4. Trusting the wrong vendor
CPaaS vendors differ from each other in many ways, including how they've built their services and how they maintain and operate them on a day-to-day basis. The moment you use a real-time communication API hosted by a third party, you trust that third party to protect your application from security vulnerabilities and threats. Make sure the vendor you select is aligned with your security requirements.
Do you have a question for Tsahi Levent-Levi or any other experts? Ask your enterprise-specific questions today! (All questions are treated anonymously.)
Dig Deeper on Communication Integration with Enterprise Applications
Related Q&A from Tsahi Levent-Levi
Understanding how APIs work and how they are used is essential when formulating security policies. Our expert outlines four steps to set up a first ... Continue Reading
Video communications have gained popularity in UC. Our expert explains how embedded video can enhance the communications experience beyond ... Continue Reading
With the use of machine learning and AI in the very early stages in the UC market, our expert looks at their value in UC monitoring and analytics. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.