Virtualization Technology News and Information
Inigo 2023 Predictions: Open Source GraphQL APIs Will Gain Steam, But Can Security Keep Pace?


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Open Source GraphQL APIs Will Gain Steam, But Can Security Keep Pace?

By Shahar Binyamin, CEO and co-founder at Inigo

The stakes of API modernization will reach a tipping point in 2023. Application developers and DevOps teams are under increasing pressure to do more with less-with cost and workflow efficiencies top-of-mind. GraphQL has strong answers for both of those concerns, and the open source API data query language is poised to have an outsized impact in the coming year. However, expect DevSecOps, security, and even developer teams themselves to also clamp down on API security as they avoid some of the adopt-first-secure-later pitfalls of other developer-led technology movements.


1) The developer-led push to GraphQL-as a replacement for legacy REST APIs-will continue to accelerate.

GraphQL will gain even more steam in 2023 as developers bring the open source solution into their organizations. Traditional REST APIs must access multiple URLs to load data and then rely on server connectivity to manage data. It's a heavy lift. In contrast, GraphQL APIs can collect all necessary data with a single request, allow applications to control their own data directly (rather than via a server), and are responsive even with slow network connectivity. These simplicity, flexibility, and scalability differences underpin the performance advantages that are driving developers to GraphQL.

For the many teams still grappling with the limitations of REST APIs, making the shift to GraphQL will become increasingly desirable-both for developer productivity and competitive differentiation. From application capabilities to time-to-market, this API modernization will give organizations a meaningful leg up in 2023 (and do so even if technology budgets shrink).

2) GraphQL security incidents will increase.

Just as teams are ramping up their utilization of API connectivity to enable fresh user experiences and functionality, attackers are now focused on testing whether those APIs are secure or not. A recent Salt Labs API security report finds that attacks targeting APIs have increased by 681% in the past year. While less than 10% of enterprises used GraphQL in production as of 2021, Gartner research indicates that more than 50% will by 2025. Over that time, almost all-95%-of organizations report experiencing an API security incident. Such attacks are likely to increase in 2023, as more attackers explore the opportunities (and vulnerabilities) of those API attack vectors.

Developer teams hurrying to adopt GraphQL have, in many instances, done so without a thorough approach to security. This isn't sustainable at scale and, in 2023, I expect GraphQL adoption practices will mature such that more developers embrace an active security stance from the moment the organization begins using it.

To implement GraphQL securely, teams need to ask themselves, in the event of an incident, whether they have visibility into what data was accessed and by whom. They also need to ask whether their current WAF handles GraphQL APIs, and whether they can identify the percentage of their APIs that are GraphQL APIs. Questions like these will raise the issues developer teams will need to address ahead of a security GraphQL implementation. Once visibility, access controls, and firewall implementations are trustworthy and meet organizational standards, teams will have more confidence to implement and scale GraphQL.

3) GraphQL adoption will buoy developer recruitment and retainment-especially as organizations work to support the developer experience.

GraphQL is a developer-driven movement for a reason. While technology leadership might be most drawn to the efficiency gains GraphQL unlocks, developers are excited to get their hands on an open source solution that lets them make the most of their time and talents. But tech leaders will increasingly recognize GraphQL adoption as a valuable draw from a recruiting and retainment perspective, with talented developers tired of wrestling with REST APIs ready to work with more modern technology.

However, for all its benefits, GraphQL places pressure on developers to be self-reliant, given the newer API technology's relative lack of support platforms and developer tools. GraphQL's developer experience often suffers if limited visibility becomes an issue. In 2023, expect organizations to address this need by introducing visibility and CI/CD integration tooling to ensure higher-quality developer experiences, turning this shortcoming into an asset. More effective monitoring and observability planning-and tooling-will optimize GraphQL server operations and scaling. On the security front in 2023, expect teams to prioritize universal security layers that automate attack detection and mitigation, harden attack surfaces, and provide effective access controls.




Shahar Binyamin is the CEO and co-founder at Inigo, which focuses on GraphQL security and management tools for developers and DevSecOps teams. A software engineer by trade, he has extensive experience working on high-profile enterprise application and security projects. Among his roles, Shahar spent several years within the InfoSec Unit of the Israeli Defense Forces. He has also led product development at Dropbox and Kiteworks, with a focus on ensuring data and API security. He co-founded Inigo to address the disconnect between developers using GraphQL and the API security and operation challenges they were having. Shahar lives in Silicon Valley, where Inigo is headquartered. 

Published Thursday, January 05, 2023 10:00 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>