Ian Hughes, chief commercial officer of Gaming Laboratories International LLC (GLI), a technology testing, compliance, and security expert in the global gaming industry, says application programming interface (API) scenarios typically account for “approximately 60% of the vulnerabilities within an organization” when it comes to cybersecurity.
At a recent casino industry fair and conference, MGS Entertainment Show in Macau, Mr Hughes (pictured) told GGRAsia, “Sometimes what happens is that APIs roll out “too quickly” within the organisation.
He was quoted as saying that someone from an organization’s marketing team would say, “We want to release AI to do facial recognition, and these are all the sockets and data that we have to open.”
Problems can arise if “not enough time is spent on security assessments around these APIs.” In that scenario, the API “basically looks like the front door. If you let someone in through the front door, there’s no point having locks and keys on the front door,” he explained.
Companies that do business with third-party suppliers or contractors in information technology infrastructure have offered concrete examples of when it is important to maintain one secure “tunnel” rather than several “tunnels” that may not be secure for data communication.
“We have a tremendous evaluation,” said Mr Hughes, when it comes to the appropriate API.
The weaknesses that GLI may face within an organization include “old infrastructure” including “old operating systems” and inadequate positioning for activities “likely to execute what is important on people’s desktops.”
For example, on behalf of a game equipment manufacturer, application security testing is usually done through major GLI tasks. Infrastructure security testing is done “normally” through Bulletproof, the group’s cybersecurity specialty department.