...
Critically, these connections can also elevate security risks; just as with the duct tape analogy, they increase the risks of more widespread and serious problems.
ETL/
...
ELT approaches are most often less secure because they involve movement through and storage on more, often less secure, systems
ETL/ETL often involves moving data into intermediate locations that themselves need to be secured. Sometimes, these processes are run from other servers or even from staff laptops. The movement through or storage of data on multiple systems increases the risks of data compromise.
In a system-to-system API-based approach data does not move into intermediate locations and is not stored elsewhere. This minimizes the surface that is open to attack or accidental exposure.
ETL/
...
ELT approaches are most often less secure because they use technologies not designed for cross-organizational data exchange
ETL/ELT approaches often involve “tunnelling” or bypassing standardized security firewalls and interfaces that protect IT systems. Commonly you see VPN setups that allow for more systems to join a protected network, or a “tunnel” that allows a system to breach a firewall in order to connect to an internal system.
By contrast, REST API connections are built using the language and protocols of the Web itself, protocols like HTTP/S, SSL, and OAuth. These protocols were built from the ground up to handle connections between disparate systems across different organizations, and they are tightly integrated with each other.
ETL/
...
ELT approaches are more fragile because they integrate at the storage layer rather than the application layer
Modern software development best practice promotes component modeling that mirrors entities and processes in the real world. This “application” layer is the level at which system integration ideally occurs, because at that level you are dealing with data entities that represent real-world concepts.
...