In 2013, hackers breached an HVAC provider’s network, giving them access to 40 million credit and debit card numbers from their biggest client: Target. It took years to repair the damage. Relying on third-party vendors is necessary but still presents a cybersecurity risk. How will the companies handle your clients’ data? How vulnerable are they to being hacked?

It’s no exaggeration to say that APIs are the backbone of the modern digital economy. API usage has seen staggering exponential growth over the last two decades with sources like Postman's 2022 State of the API Report illustrating just how embedded APIs are into our modern world. In 2022, the Postman API platform saw 20 million users and over 1 billion API requests created.

API keys are unique identifiers that enable developers to access and interact with an application's data and services. They act as a bridge between applications, allowing them to share data and functionality. In today's digital world, API keys are increasingly important as they facilitate seamless communication between various applications and services.

On March 7, 2023, Loom experienced a security incident caused by a settings change in their CDN. Even with extensive internal testing, the nature of the problem caused it to go unnoticed until the change landed in production. Their incident report is a great explanation of the issue itself, so I won't reiterate much of it here, but what I will look at is a related issue, and how static code analysis tools integrated into development pipelines could have prevented the issue.

Some of the world’s largest tech companies, like Google and Microsoft, have embedded AI into their business productivity suites, with Microsoft going a step further and releasing AI Copilot for Power Apps, its low-code platform. This integration has raised concerns over the decision-making power granted to business users to integrate data with AI and grant access, which can be done without oversight or control from IT.

As businesses access larger and more intricate datasets, data discovery has become a key component in successful data analysis. By uncovering meaningful patterns and insights in datasets, data discovery helps organizations better understand their customers, products, and processes to enable optimum decision-making. With the correct tools and strategies, data discovery can be invaluable in helping organizations maximize the value of their data.

‍ In my previous blog, I shared details about the global proliferation of data privacy regulations, including the fact that at least 10% of U.S. states will be covered by stronger data privacy regulations by the end of 2023. However, an interesting trend has emerged: Newer regulations such as the California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR), and Brazil’s Data Protection Law (LGPD) all regard employees’ personal data as highly-sensitive.