Cloudentity announced its 2021 "State of API Security, Privacy and Governance" report conducted by PulseQA,
revealing that in the last 12 months, at least 44% of respondents
expressed substantial issues concerning privacy, data leakage, and
object property exposure with internal or external-facing APIs. As a
result of these issues, 97% of enterprises experienced delays in
releasing new applications and service enhancements due to identity and
authorization issues with APIs and services.
APIs
act as the foundation of app modernization and digital transformation
that connect users and systems to a network of services, applications,
and data - making them a key component of web applications and cloud
computing. Unfortunately, the vast majority (83%) of organizations'
service/API authorization policy management remains decentralized with
only some policy standards that are hardcoded in each application. This
report showcases how enterprises are advancing API-first programs in
their organization and reveals the issues, drivers, maturity,
investments, and benefits.
The
comprehensive survey of 300 IT practitioners and decision-makers
conducted in September 2021, represented a balanced cross-section of
organizations of 10,000 employees or more in financial services,
healthcare, high tech, retail, consumer goods and manufacturing
industries. The findings revealed that only a staggering 2% of
enterprise IT practitioners in these industries feel completely
confident in their organization's ability to reduce API security issues
such as unauthorized access, data privacy, compliance risk and security
threats.
"An
API exposes sensitive data that is accessed by other systems, partners
and customers. This had made them a high-value target for cyberattacks.
As API endpoints proliferate, enterprises must standardize and improve
the controls they use to protect this data, applying a zero trust
approach to API access and data exchange. This goes beyond simple
authentication. We must move to a model where every API transaction is
dynamically authorized and easily audited for compliance, and monitored
for suspicious activity," said Jason Needham, CEO of Cloudentity. "This
report illustrates the challenge and progress being made across
industries to mature API security and privacy governance, and shows its
benefit of streamlining application development, compliance verification
and service delivery."
The full report and infographic are available for free download at
https://www.cloudentity.com/resource-center/2021-api-security-survey/.
Additional key findings include:
- Ninety-three
percent of enterprises plan to increase their budget and resources
applied to secure API development and security programs, and the
majority (64%) plan an increase as much as 15%.
- Compared
to the average total across industries, the financial services industry
intends to spend 15% more budget on API security, with compliance and
privacy driving them to make these investments more than the other
sectors.
- Enterprise
IT practitioners' top motivators are reducing coding human error,
preventing the data leakage of sensitive information, ensuring
compliance, ensuring data privacy/privacy consent and threat prevention.
- The
top five contributors to API identity and authorization risk include
component-driven development complexity, difficulty to diagnose issues
and lack of data lineage, and inconsistent security policy management
and enforcement controls.
- The
top five API security initiatives include extending authentication and
authorization controls down to APIs and microservices, implementing Zero
Trust controls, invoking declarative authorization (policy as code),
implementing micro segmentation, and facilitating API discovery,
classification, and inventory.