Couldn’t make it to Transform 2022? Watch all the sessions from the summit in our on-demand library now! Look here.
API security is something that many security teams fail to do well. In today’s modern and increasingly remote work environments, so many applications and services rely on APIs that analysts are struggling to discover and protect.
Earlier this week, API provider Postman released its 2022 State of the API Report, which surveyed more than 37,000 API developers and professionals, finding that 20% of respondents say API security incidents or breaches occur at least once a month in their organizations.
In contrast, 51% of respondents also said that more than half of their organizations’ development effort is spent on APIs.
The findings suggest that organizations may require a higher-level approach to identifying and protecting APIs if they want to prevent intrusions and reduce the chance of data breaches.
MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Why is API security a challenge?
When it comes to the fight to secure APIs, it’s not just the scale of applications and services that creates challenges. It’s also the fact that many organizations rely on less-optimized application security tools to mitigate API-level issues.
As modern business environments advance, organizations need solutions that can automatically discover and classify APIs at scale if they want accurate insight into their risk posture.
As a Gartner API security report explains, “many API breaches have one thing in common: the breached organization didn’t know about its insecure API until it was too late. That’s why the first step in API security is discovering the APIs your organization is serving or consuming from third parties.”
It’s a perspective Postman’s new research seems to bolster.
“Companies that experience more frequent API security incidents are likely to have hidden or published APIs that don’t have the same protections as other websites. They likely have more legacy elements in their environment and may not really understand the scope of their entire API landscape,” said Abhinav Asthana, CEO of Postman.
The need for greater transparency and visibility over APIs is also increased by the growing number of mobile applications.
“Many mobile apps have a number of back-end APIs that are used to support them and are often overlooked. Attackers have been abusing these back-end mobile APIs for quite some time because they are often unprotected and provide much more valuable content. You can’t protect what you don’t know,” Asthana said.
The API security marketplace
One of the major players in the API security market is Salt Security. Their solution uses an API Context Engine (ACE) that can discover new APIs and vulnerabilities while providing pre-production API testing.
Another competitor is Noname Security with an API security platform designed to uncover API misconfigurations and vulnerabilities, with automated detection and response capabilities.
The researchers expect the API management market to grow from $4.5 billion in 2022 to a value of $13.7 billion in 2027 as more organizations seek to secure increasingly complex decentralized work environments.
The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.