FAKTOR KEJAYAAN KESELAMATAN PLATFORM ANTARA MUKA APLIKASI PENGATURCARAAN: Application Programming Interface Platform Security Success Factors

Monaliza Sahri; Siti Norul Huda  Sheikh Abdullah; Azril Hanafi  Abdullah Sharwani; Azlina  Ali; Juzlinda  Mohd Ghazali; Nik Rafizal  Nik Ab. Rahim

doi:10.53840/myjict10-2-237

Pengarang

Monaliza Sahri Pusat Keselamatan Siber, Fakulti Teknologi dan Sains Maklumat, Universiti Kebangsaan Malaysia
Siti Norul Huda Sheikh Abdullah Pusat Keselamatan Siber, Fakulti Teknologi dan Sains Maklumat, Universiti Kebangsaan Malaysia
Azril Hanafi Abdullah Sharwani Pusat Keselamatan Siber, Fakulti Teknologi dan Sains Maklumat, Universiti Kebangsaan Malaysia
Azlina Ali Jabatan Digital Negara, Kementerian Digital
Juzlinda Mohd Ghazali Fakulti Multimedia Kreatif dan Komputeran (FMKK), Universiti Islam Selangor
Nik Rafizal Nik Ab. Rahim HLAi Sdn Bhd

DOI:

https://doi.org/10.53840/myjict10-2-237

Kata kunci:

Keselamatan Data, Platform Perkongsian Data, Application Programming Interface (API), Faktor Kejayaan, PLS-SEM

Abstrak

Perkembangan teknologi digital telah memperluas penggunaan Antara Muka Aplikasi Pengaturcaraan atau Application Programming Interface (API) sebagai medium utama dalam proses perkongsian data antara sistem dan agensi. Namun, peningkatan insiden kebocoran data yang kritikal, khususnya dalam sektor kerajaan, menimbulkan kebimbangan terhadap tahap keselamatan platform perkongsian data. Kelemahan tersebut berpunca daripada kekurangan faktor kejayaan yang berkaitan dengan (i) keperluan keselamatan khusus bagi pelbagai jenis data, (ii) ketidakpatuhan terhadap peraturan dan undang-undang, serta (iii) kegagalan dalam melindungi privasi pengguna. Oleh itu, kajian ini dijalankan bagi mengenal pasti faktor kejayaan keselamatan platform API dalam ekosistem perkongsian data sektor awam. Kaedah kajian melibatkan analisis literatur untuk memahami ekosistem perkongsian data dan mengenal pasti faktor-faktor utama yang membentuk instrumen kajian. Seramai 81 orang pakar daripada pelbagai agensi telah terlibat bagi menilai dan mengesahkan faktor yang dikenal pasti. Analisis model menggunakan Partial Least Squares-Structural Equation Modeling (PLS-SEM) menunjukkan bahawa semua hipotesis hubungan faktor diterima, dengan nilai signifikan p=0.002 (H1: Berskala dan Daya Tahan Tinggi → Reka Bentuk), p=0.000 (H2: Pemantauan Aktiviti → Berskala dan Daya Tahan Tinggi), p=0.040 (H3: Perlindungan Data dan Privasi → Berskala dan Daya Tahan Tinggi), dan p=0.000 (H4: Standard Keselamatan → Perlindungan Data dan Privasi). Hasil kajian ini membentuk lima faktor kejayaan utama keselamatan platform perkongsian data melalui API, iaitu: (i) reka bentuk, (ii) berskala dan daya tahan tinggi, (iii) standard keselamatan, (iv) pemantauan aktiviti, serta (v) perlindungan data dan privasi. Kajian ini dapat menyumbang kepada pembangunan kerangka keselamatan API bagi Platform API sektor awam yang lebih kukuh dan berdaya tahan terhadap ancaman siber masa kini.

Muat turun

Muat turun data belum tersedia.

Rujukan

Ahmed, S. M. S., & Zulhuda, S. (2019). Data Protection Challenges in The Internet of Things Era: An Assessment of Protection Offered by PDPA 2010. International Journal of Law Government and Communication. https://doi.org/10.35631/ijlgc.417001

Amalia, C., Poetry, E. G., Kono, M. K., Kusuma, D. A., & Kurniawan, A. (2020). Legal Issues of Personal Data Protection and Consumer Protection in Open API Payments. Journal of Central Banking Law and Institutions, 1(2).

Amelia Natasya, A. W., Siti Norul Huda, S. A., Monaliza, S., Khairul Akram, Z. A., Umi Asma’, M., Salwani, A., Madihah, M. S., Shafiza, M. S., Bakar Jamili, G., & Ismail, C. A. (2023). Laporan Teknikal Projek Industri Pembangunan: Pembangunan Dasar Perkongsian Data Bagi Kerajaan Selangor Melalui SelGDX.

Bairagi, V., & Munot, M. V. (2019). Research Methodology: A Practical and Scientific Approach. Chapman and Hall/CRC.

Bond, T. G., & Fox, C. (2015). Applying the Rasch Model; Fundamental Measurement in the Human Sciences. Routledge.

Borgogno, O., & Colangelo, G. (2019). Data sharing and interoperability: Fostering innovation and competition through APIs. Computer Law and Security Review, 35(5). https://doi.org/10.1016/j.clsr.2019.03.008

Chai, K. Y., & Zolkipli, M. F. (2021). Review on Confidentiality, Integrity and Availability in Information Security. Journal of ICT In Education, 8(2), 34–42. https://doi.org/10.37134/jictie.vol8.2.4.2021

D’Elia, D. C., Nicchi, S., Mariani, M., Marini, M., & Palmaro, F. (2021). Designing Robust API Monitoring Solutions. IEEE Transactions on Dependable and Secure Computing, 20(1), 392–406. https://doi.org/10.1109/TDSC.2021.3133729

Data Bridge Market Research. (2023). Global Application Programming Interfaces (API) Management Market – Industry Trends and Forecast to 2030. https://www.databridgemarketresearch.com/reports/global-api-management-market

Gawande, A., Gayake, A., Charkha, M., Shewale, S., & Wanjale, K. (2021). Empirical Study On API Security Threats & Exploitation Of Rate Limiting Flaw. International Journal of Creative Research Thoughts (IJCRT). https://ijcrt.org/papers/IJCRT21A6030.pdf

George, D., & Mallery, P. (2016). IBM SPSS statistics 23 step by step: A simple guide 141 and reference. Routledge.

Ghani, F. A., Shabri, S. M., Rasli, M. A. M., Razali, N. A., & Shuffri, E. H. A. (2020). An Overview of the Personal Data Protection Act 2010 (PDPA): Problems and Solutions. Global Business and Management Research: An International Journal, 12.

Google, & Temasek & Bain Company. (2022). e-Conomy SEA 2022. https://economysea.withgoogle.com/home/

Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities. Sustainable Cities and Society.

Hammouda, I., Knauss, E., & Costantini, L. (2015). Continuous API Design for Software Ecosystems. 2015 IEEE/ACM 2nd International Workshop on Rapid Continuous Software Engineering (RCoSE), May 2015. https://doi.org/10.1109/RCoSE.2015.13

Hasan, M. K., Habib, A. K. M. A., Islam, S., Safie, N., Abdullah, S. N. H. S., & Pandey, B. (2023). DDoS: Distributed denial of service attack in communication standard vulnerabilities in smart grid applications and cyber security with recent developments. Energy Reports, 9(June), 1318–1326. https://doi.org/10.1016/j.egyr.2023.05.184

Hasliza, N., Hassan, M., Ahmad, K., & Salehuddin, H. (2020). Diagnosing the Issues and Challenges in Data Integration Implementation in Public Sector. 10(2), 529–535.

Hussain, F., Noye, B., Hussain, R., & Sharieh, S. (2020). Enterprise API Security and GDPR Compliance : Design and Implementation Perspective. IT Professional, 22(5), 81–89. https://doi.org/10.1109/MITP.2020.2973852

Hussain, F., Noye, B., & Sharieh, S. (2019). Current state of API security and machine learning. IEEE Technology Policy and Ethics, 4(2). https://www.ieee.org/content/dam/ieee-org/ieee/web/org/about/futuredirections/future-directions/ieee-future-directions-newsletter-may-2019.pdf

Hussain, F., Salah, R. H., Noye, B., & Sharieh, S. (2020). Enterprise API Security and GDPR Compliance: Design and Implementation Perspective. IT Professional, 22(5).

Jalil, M. R., Harun, Q. N., & Azizi, H. F. M. (2023). The Impact of The Covid-19 Pandemic on The Development of Data Hub & Artificial Intelligence Technology in Malaysia. International Journal of Interdisciplinary & Strategic Studies, 4(6).

Jin, H., Luo, Y., Li, P., & Mathew, J. (2019). A Review of Secure and Privacy-Preserving Medical Data Sharing. IEEE Access, 7.

Joe F. Hair Jr, Matthews, L., Matthews, R., & Sarstedt, M. (2017). PLS-SEM or CB-SEM:updated guidelines on which method to use. International Journal of Multivariate Data Analysis, 1(2).

Jr., J. F. H., Howard, M. C., & Nitzl, C. (2020). Assessing measurement model quality in PLS-SEM using confirmatory composite analysis. Journal of Business Research, 109.

Krishnamurthy, V. (2020). A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy. Symposium On The GDPR and International Law. AJIL Unbound. https://doi.org/doi:10.1017/aju.2019.79

Leng, O. W., & Doris Liew. (2024). An Inquisition into Malaysia’s PADU Subsidy Targeting, and Beyond. In Penang Institute Issues.

Mändar, R. (2017). UXP Portal 2.0 Functional Requirements Specification. https://dspace.ut.ee/bitstreams/89a35789-f3ad-4e7d-b8f3-14ded815e15c/download

Matthes, J. M., & Ball, D. (2018). Discriminant validity assessment in marketing research. International Journal of Market Research, 61(2).

Monaliza, S., Siti Norul Huda, S. A., Madihah, M. S., Azah, A. N., Kamsuriah, A., Hasimi, S., Nurfarahhana, I., Khairul Akram, Z. A., Umi Asma’, M., Mohd Haziq, H. N., Azlina, A., Aznul Nizam, N., Novolin, J., & Rafizal, N. (2023). Laporan Teknikal Projek: PEMBANGUNAN RANGKA KERJA PERKONGSIAN DATA BAGI SEKTOR AWAM MELALUI MyGDX.

Naz, M., Al-zahrani, F. A., Khalid, R., Javaid, N., Qamar, A. M., Afzal, M. K., & Shafiq, M. (2019). A Secure Data Sharing Platform Using Blockchain and Interplanetary File System. Sustainability, 11. https://doi.org/10.3390/su11247054

Pawan, K., & Rakesh, K. (2019). Issues and Challenges of Load Balancing Techniques in Cloud Computing: A Survey. ACM Computing Surveys, 51(6), 1–35. https://doi.org/https://doi.org/10.1145/3281010

Purwanto, A., & Sudargini, Y. (2021). Partial Least Squares Structural Squation Modeling ( PLS-SEM ) Analysis for Social and Management Research : A Literature Review Journal of Industrial Engineering & Management Research. 2(4), 114–123.

Serrano, P. A. M., & Oñate, J. J. S. (2021). Integration of RESTFul API to Student Information System for Secured Data Sharing and Single Sign-on. 2021 IEEE 13th International Conference on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management (HNICEM). https://doi.org/10.1109/HNICEM54116.2021.9731898

Solove, D. J., & Schwartz, P. M. (2020). INFORMATION PRIVACY LAW. Aspen Publishing.

Stiefel, A., & Ananthanarayanan, A. (2023). API Strategy: Best. Practices for Platform Engineering Leaders. F5 NGINX.

Sun, S., Ma, H., Song, Z., & Zhang, R. (2022). WebCloud: Web-Based Cloud Storage for Secure Data Sharing Across Platforms. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2020.3040784

Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information Security Management System Standards: A Comparative Study of the Big Five. International Journal of Electrical & Computer Sciences IJECS-IJENS, 11(5).

The Star. (2023). Selangor launches SelGDX portal for sharing big data across agencies, public sector.

Tsohou, A., Magkos, E., Mouratidis, H., Chrysoloras, G., Piras, L., Pavlidis, M., Debussche, J., Rotoloni, M., & Crespo, B. G.-N. (2020). Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform. Information and Computer Security, 28(4).

Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia (MAMPU). (2023). MyGDX : Malaysian Government Data Exchange. https://www.mygdx.gov.my/ms/landing-page/theme

Yeoh, A. (2023). CyberSecurity Malaysia report: Government sectors suffered most data breaches, while telcos spilled over 400GB of data in H1 2023. The Star. https://www.thestar.com.my/tech/tech-news/2023/10/25/cybersecurity-malaysia-report-government-sectors-suffered-most-data-breaches-while-telcos-spilled-over-400gb-of-data-in-h1-2023