As attacks against APIs continue to increase, the enterprise is beginning to take the security aspects of API adoption more seriously.
In a new report released on Monday by Imvision, "API Security is Coming," the company asked over 100 cybersecurity professionals in the US and Europe for insight on the current state of enterprise API security.
Application programming interfaces (APIs) connect different technological services and systems. They can process queries from clients, deal with instructions server-side, and can facilitate the fetching and processing of data.
While function sets contained in APIs can be of real value to an enterprise market that is becoming more data-driven every year, they may also represent an emerging cybersecurity issue for users -- with API-based attacks believed to be on the rise in tandem with the continued adoption of cloud technologies.
According to the report, 91% of IT professionals say API security should be considered a priority in the next two years, especially as over 70% of enterprise firms are estimated to use over 50 APIs.
The main aspects of API security respondents consider priority is access control, cited by 63% of those surveyed; regular testing (53%), and anomaly detection and prevention (43%). In total, eight out of 10 IT admins want more control over their organization's APIs.
However, finding a holistic approach to this 'backbone' of API security remains a challenge. Over 80% of organizations are estimated to either use, or plan to use, a centralized management solution for API security -- such as an API Management (APIM) platform -- but only a third of respondents believe their API setups are adequately protected from today's cyberattacks.
Other statistics of note in the report include:
- 19% of enterprises test their APIs daily for signs of abuse
- 4 out of 5 organizations enable either partners or users to access data using external APIs
- The current focus of API strategies is centered around application performance (64%) and development and integration (58%)
- Shadow APIs are considered the most vulnerable, according to 40% of those surveyed
- 64% of survey respondents said their current solutions do not provide robust API protection
Companies cited integrating API solutions with current systems and workflows and gaining visibility into overall API usage as the main barriers to improving API security.
Previous and related coverage
- Twitter warns of possible API keys leak
- With API attacks rising, Cloudflare launches a free API security tool
- The troubles with APIs: security, discovery, bulk loading
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0