The world lives on a scale of decentralization to centralization, across industries from finance to media to food productions to work tools. The centralization of services and desires offer convenience, simple use, and accessibility. However, centralization is only a necessary evil in these scenarios, when a decentralized alternative is not yet within an order of magnitude as performant as the centralized version. Eventually, however, decentralization returns, should the service survive long enough.
The APIS project mission states: “A product is simply as decentralized as its most centralized component.” As the web has proven to be a vital piece of civilization for the rest of our lives, centralized points of the web have become necessary to decentralize, in order to continue to foster innovation. It is clear the market for decentralized products will, at scale, be even larger than the centralized market for these products, as decentralized products are extremely more trusted than centralized products. The most scarce commodity in the world today is trust.
The APIS is on a mission to grow an ecosystem of decentralized read and write services, in order to allow other builders to realize their visions of decentralized finance and, more broadly, the decentralized web. It is essential that all mission-critical components, such as the write and query layer (as well as the sub-pieces that make this layer possible, such as the indexing layer), become decentralized. Decentralized applications would not be truly decentralized without these components. The APIS allows for decentralized finance and web products to grow and scale the planet’s internet while maintaining the security properties of a fully decentralized web architecture.
Worldwide cyber-attack events are on constant occurrences. The need for safeguards and protection against these attacks is a battle to observe daily for those fighting them. Databases are a key target for cybercriminals, primarily due to the extremely valuable nature of sensitive information firewalled on these databases. Whether the knowledge is financial, personal, or business related, hackers worldwide can exploit breaching a businesses’ servers and then utilize or resell datasets found in databases. How can The APIS solve these problems, creating a more secure web for all? The answer is through expanding the growth of blockchain technology.
According to prominent cyber-security website Dark Reading, cybercriminals profit from several key security failures and databases’ misconfigurations. The researchers state that the five highest vulnerabilities often found in database-driven systems, whether during the creation phase, through the blending of applications, or when updating and patching databases, are:
Lack of Oversight
The most common explanation for database vulnerabilities is an absence of maintenance and oversight after they’re deployed. Any given database should be tested for functionality to ensure it’s fulfilling its purpose securely, continuously overtime. The process of testing benefits significantly from decentralization and open-source, as people all over the world are given the opportunity to test and hack. There are significantly more good hackers than bad ones, and so giving the hacking community as many opportunities (and rewards) for hacking your system is ironically a good strategy. There can never be enough testing for mission-critical systems.
Inside Jobs
Databases connect to a networking interface, which insiders can use to export purportedly private data. Many cybersecurity breaches and crime case studies report that corporate insiders are likely to steal data archives — including database backups — whether for money, profit, or personal endeavors like revenge. This might be a typical risk and problem for the fashionable IT enterprise environments, and businesses should consider encrypting archives to mitigate the insider-risk.
Unprivileged Access
Many cybersecurity researchers state that each database exploit has been supported by the misuse of ordinary database features or endpoints. The road to hell is paved with good intentions. For example, a hacker can access legitimate credentials to parts of a database, before utilizing that part to force the service to run arbitrary code that was not intended. The prevention of future unlawful cybercrime entries is restricted by removing unnecessary tools, specifically tools that have not been maintained over a significant period of time, relaying back to our first point. Maintenance is everything.
Lack of Segregation
The lack of separation of control between administrators and users can make it harder for cybersecurity staff to detect fraud or theft. Cybersecurity staff is left to wonder whether the user was authorized to truly do what they did. Establishing clear permissions around user accounts will cause problems for malicious hackers.
SQL injections
A popular method for cyber hackers to pursue is the employment of SQL injections. SQL injections remain a critical problem in protecting enterprise databases, even though they are a well-known problem, a rare occurrence in the cat and mouse name of cybersecurity. SQL injections work by tricking the database administrator into closing up variables and malicious code inserted into strings, later passing them to an instance of a database server for parsing and execution. Code is executed that was not supposed to be executed.
The most common thread that brings all of those vulnerabilities together is a lack of consistency and administration, driven by the lack of testing of closed-source code or poory incentivized open-source code. Blockchains solve these problems by properly funding and incentivizing the maintenance of open-source code, as well as minimizing the amount of closed-source services. Additionally, blockchains remove monopolies around key web services, creating a free market where security is a very important variable to services. Thus, the firms with the best security practices will increasingly win overtime. Services are already launching to abstract away the complexity of blockchain-run apps. We look forward to integrating with more as time passes, allowing the APIS to help grow Web 3.0 services that are more secure and performant than their Web 2.0 counterparts.
