Cloudentity Research Reveals At Least 44% of Enterprises Report Experiencing Substantial API Security and Privacy Issues
Report Conducted by PulseQA Finds that the Majority of Enterprises have Less Mature, Decentralized API Authorization Policy Management and are Facing Delays in Application Development
SEATTLE, Wash., Nov. 2, 2021 - Today Cloudentity, a leading provider of authorization and identity for modern applications, announced its 2021 “State of API Security, Privacy and Governance” report conducted by PulseQA, revealing that in the last 12 months, at least 44% of respondents expressed substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs. As a result of these issues, 97% of enterprises experienced delays in releases new applications and service enhancements due to identity and authorization issues with APIs and services.
APIs act as the foundation of app modernization and digital transformation that connect users and systems to a network of services, applications, and data - making them a key component of web applications and cloud computing. Unfortunately, the vast majority (83%) of organizations’ service/API authorization policy management remains decentralized with only some policy standards that are hardcoded in each application. This report showcases how enterprises are advancing API-first programs in their organization and reveals the issues, drivers, maturity, investments, and benefits.
The comprehensive survey of 300 IT practitioners and decision-makers conducted in September 2021, represented a balanced cross-section of organizations of 10,000 employees or more in financial services, healthcare, high tech, retail, consumer goods and manufacturing industries. The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization’s ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.
“An API exposes sensitive data that is accessed by other systems, partners and customers. This had made them a high-value target for cyberattacks. As API endpoints proliferate, enterprises must standardize and improve the controls they use to protect this data, applying a zero trust approach to API access and data exchange. This goes beyond simple authentication. We must move to a model where every API transaction is dynamically authorized and easily audited for compliance, and monitored for suspicious activity.” said Jason Needham, CEO of Cloudentity. “This report illustrates the challenge and
progress being made across industries to mature API security and privacy governance, and shows its benefit of streamlining application development, compliance verification and service delivery.”
Cloudentity will share a recap of these findings in an upcoming webcast entitled “Cloud-native API Security, Privacy and Governance – Shift Left DevOps and DevSecOps,” on November 9 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT.
The full report and infographic are available for free download at https://www.cloudentity.com/resource-center/2021-api-security-survey/.
Additional key findings include:
- Ninety-three percent of enterprises plan to increase their budget and resources applied to secure API development and security programs, and the majority (64%) plan an increase as much as 15%.
- Compared to the average total across industries, the financial services industry intends to spend 15% more budget on API security, with compliance and privacy are driving them to make these investments more than the other sectors.
- Enterprise IT practitioners’ top motivators are reducing coding human error, preventing the data leakage of sensitive information, ensuring compliance, ensuring data privacy/privacy consent and threat prevention.
- The top five contributors to API identity and authorization risk includes component-driven development complexity, difficulty to diagnose issues and lack of data lineage, and inconsistent security policy management and enforcement controls.
- The top five API security initiatives include extending authentication and authorization controls down to APIs and microservices, implementing Zero Trust controls, invoking declarative authorization (policy as code), implementing micro segmentation, and facilitating API discovery, classification, and inventory.
Cloudentity provides the most flexible and scalable solution for modern-application authorization and consent solutions to secure digital business across hybrid, multi-cloud and microservices infrastructure. Delivered as an external declarative authorization service, the platform empowers developers to centrally manage fine-grained policy as code, orchestrate provisioning, assure privacy consent, and achieve continuous transaction-level enforcement at hyperscale. As a result, enterprises increase development velocity and service agility while mitigating privacy, API security and compliance risks. For more information, go to www.cloudentity.com.
* Source: Gartner Webinar, July 2021, Mark O’Neill and Dionisio Zumerle, API Security: Protect your APIs from Attacks and Data Breaches re: “API Security: What You Need to Do to Protect Your APIs” (G00404900)