Cloudentity announced a report conducted by PulseQA, revealing that in the last 12 months, at least 44% of respondents expressed substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.
As a result of these issues, 97% of enterprises experienced delays in releases new applications and service enhancements due to identity and authorization issues with APIs and services.
APIs act as the foundation of app modernization and digital transformation that connect users and systems to a network of services, applications, and data – making them a key component of web applications and cloud computing.
Unfortunately, 83% of organizations’ service/API authorization policy management remains decentralized with only some policy standards that are hardcoded in each application. This report showcases how enterprises are advancing API-first programs in their organization and reveals the issues, drivers, maturity, investments, and benefits.
The comprehensive survey of 300 IT practitioners and decision-makers conducted in September 2021, represented a balanced cross-section of organizations of 10,000 employees or more in financial services, healthcare, high tech, retail, consumer goods and manufacturing industries.
API security issues: Enterpises must apply a zero trust approach
The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization’s ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.
“An API exposes sensitive data that is accessed by other systems, partners and customers. This had made them a high-value target for cyberattacks. As API endpoints proliferate, enterprises must standardize and improve the controls they use to protect this data, applying a zero trust approach to API access and data exchange. This goes beyond simple authentication. We must move to a model where every API transaction is dynamically authorized and easily audited for compliance, and monitored for suspicious activity.” said Jason Needham, CEO of Cloudentity.
“This report illustrates the challenge and progress being made across industries to mature API security and privacy governance, and shows its benefit of streamlining application development, compliance verification and service delivery.”
Additional key findings
- Ninety-three percent of enterprises plan to increase their budget and resources applied to secure API development and security programs, and 64% plan an increase as much as 15%.
- Compared to the average total across industries, the financial services industry intends to spend 15% more budget on API security, with compliance and privacy are driving them to make these investments more than the other sectors.
- Enterprise IT practitioners’ top motivators are reducing coding human error, preventing the data leakage of sensitive information, ensuring compliance, ensuring data privacy/privacy consent and threat prevention.
- The top five contributors to API identity and authorization risk includes component-driven development complexity, difficulty to diagnose issues and lack of data lineage, and inconsistent security policy management and enforcement controls.
- The top five API security initiatives include extending authentication and authorization controls down to APIs and microservices, implementing zero trust controls, invoking declarative authorization (policy as code), implementing micro segmentation, and facilitating API discovery, classification, and inventory.