With APIs representing 83 percent of web traffic, there’s no doubt APIs are the underpinnings of digital transformation. But APIs can expose organizations to security and data privacy risks – as exemplified by the notable companies who have experienced an API breach in recent years. Two thirds of cloud breaches, according to an IBM Security X-Force report, can be attributed to misconfigured APIs.
As foundational as APIs are to modern application development, how are enterprises mitigating access and data leakage threats, and advancing API First programs? To find out, Cloudentity sponsored a survey of 300 technology decision makers and practitioners responsible for API Access Management and security in organizations over 10,000 employees.
The majority of organizations across industries report an overall low maturity when it comes to API security and governance. Consider these data points:
- At least 44% of respondents expressed substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.
- 97% of enterprises experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.
- 83% of organizations reported their API/service authorization policy is decentralized, with some policy standards, and is implemented via hard coding per application.
The good news is, nearly two-thirds of enterprises are realizing the importance of improving and advancing their secure API development and authorization governance programs. 93% plan an increase in budget and resources in the next year to progress their API development and security programs.
As APIs proliferate, enterprises must standardize and improve the controls they use protect the data APIs expose. This means moving to a model where every API transaction is authorized for both external and internal calls, a Zero Trust approach for APIs. Organizations need to drive toward more intelligent and granular controls, and ensure they can audit and monitor activity across the growing landscape of APIs.
How does your organization compare, and what can you learn? To find out, download our report, The 2021 State of API Security, Privacy and Governance, to see how organizations are advancing API First initiatives and find out key drivers, adoption, technologies, initiatives, investments and benefits. And join our upcoming webinar for expert insights, best practices and key technologies for advancing API First initiatives in 2022. For more information on Cloudentity or to join its growing team, please visit www.cloudentity.com.
Cloudentity provides the most flexible and scalable solution for modern-application authorization and consent solutions to secure digital business across hybrid, multi-cloud and microservices infrastructure. Delivered as an external declarative authorization service, the platform empowers developers to centrally manage fine-grained policy as code, orchestrate provisioning, assure privacy consent, and achieve continuous transaction-level enforcement at hyperscale. As a result, enterprises increase development velocity and service agility while mitigating privacy, API security and compliance risks. For more information, go to www.cloudentity.com.
* Source: Gartner Webinar, July 2021, Mark O’Neill and Dionisio Zumerle, API Security: Protect your APIs from Attacks and Data Breaches re: “API Security: What You Need to Do to Protect Your APIs” (G00404900)