Security challenges mount as companies handle thousands of APIs

Modern applications are taking over enterprise portfolios, with apps classed as modern now making up 51% of the total, up by more than a quarter in the last year, according to F5.

API management

According to the 2024 edition of F5’s State of Application Strategy Report (SOAS), the proportion of modern apps will reach 60% in 2025 before topping out at around 85%. The remaining “traditional” apps will likely be most present in industries such as financial services that provide mission-critical infrastructure.

Rising API numbers prompt new security strategies

The huge growth in modern apps and their microservices has created an exponential rise in the number of APIs.

Companies with over $10 billion in annual revenue claimed they manage more than 1,000 apps and nearly 1,400 APIs, on average. A handful reported they managed more than 10,000 APIs.

90% of survey respondents said they manage fewer than 200 apps, which tends to decrease as digital transformation proceeds. At the same time, API counts only go up. More than 41% manage at least as many APIs as apps.

Central to this shift is the fact that APIs have become a fact of life for enterprises consolidating applications, automating processes, and seeking to integrate AI into their business models. The report found that, at each successive stage of digital transformation, the average number of APIs maintained increased by 5%.

The proliferation of APIs has led companies to embrace new methods to manage and secure their growing networks. 95% have now implemented API gateways to provide authentication, validate requests, and rate limit traffic. While 43% have automated their security infrastructure for both apps and APIs.

“API-related security and management solutions are now more important than ever as APIs, apps, and the data they exchange become ever more strategic to businesses,” said Cindy Borovick, Director of Market and Competitive Intelligence, F5.

“However, individual technologies such as API gateways won’t be enough. Automating the app and API security infrastructure can help, but automation rates in the IT domain are still below 50%. The best-protected and most efficient organizations will need to deploy comprehensive strategies for keeping track of, managing, and protecting their APIs,” added Borovick.

Widespread apps pose new API management challenges

Another key finding in this year’s report is that, whether modern or traditional, today’s apps and the APIs that accompany them are overwhelmingly being deployed into a hybrid, multicloud landscape.

90% of organizations now operate in multicloud environments. In fact, more than one-third of respondents – 38%, nearly double the 2023 figure – operate apps deployed in six different environments. In 2020, only 18% used five.

With apps more widely distributed than ever, their management becomes ever more challenging.

Although no single challenge dominates, the top difficulty, as in 2023, is managing operational complexity. Day-to-day, this entails multiple tools and dashboards, bespoke security solutions and policies, lack of visibility into app health, too many vendors, and telemetry trapped in silos.

Migrating apps between environments has risen from fifth place last year to become the second most cited challenge. Around one-third of respondents still struggle with multicloud security, a perennial concern since at least 2017.

App visibility, another lingering concern, hovers in the middle of the pack this year. These shifts suggest some organizations are meeting those two challenges with solutions such as with Security as a Service (SECaaS).

Against this backdrop, the urgency to further alleviate complexity resulted in multicloud networking being flagged as organizations’ third most exciting trend for the second year in a row.

“Multicloud networking can connect apps across deployment environments and enable what’s been called a supercloud architecture. In essence, it simplifies and standardizes the way networks operate across environments—whether public or private cloud, data center, or the edge. A network mesh imposed across them all reduces complexity by employing the same constructs, configurations, and consoles to operate and monitor every app location, explained Lori MacVittie, F5 Distinguished Engineer.

“Among other things, multicloud networking can increase visibility, reveal outdated or overlooked APIs, ensure more consistent and more dynamic policy deployment, and enable app migration as a service across environments and cloud providers,” concluded MacVittie.

Don't miss