As digital transformation continues to increase, web application programme interfaces (APIs) have experienced huge rates of growth as the rise of integrated web and mobile-based offerings requires more data sharing across products.
With dependency on APIs increasing, so does its related security challenges. 451 Research has released the 2022 API Security Trends Report sponsored by API security company, Noname Security, covering the key characteristics and security risks present in API usage today and how a holistic approach to API security provides a gateway to a frictionless user experience.
Noname Security works with 20% of the Fortune 500 and covers the entire API security scope across three pillars — Posture Management, Runtime Security, and API Security Testing.
An ever-increasing threat landscape
Conducted in January 2022, the survey includes results from IT experts representing over 350 global companies in diverse industries with 3,000+ full-time employees.
The increase in the usage and dependence on APIs in modern application architectures is the key factor in the increased attention on API vulnerabilities among bad actors as well as security researchers.
For the enterprises participating in this study, the average number of APIs in use is 15,564. Large enterprises, those with more than 10,000 employees, have an even greater dependency, with an average of 25,592 APIs in place. Organisations with in-house application development capability also come in above the study average, with an average of 17,998 APIs in use. The rate of change is notable as well: respondents noted that the number of APIs in use has grown an average of 201% over the past 12 months.
Growing need to check API security
90% of respondents noted that their organisations have API authentication policies in place, but 31% expressed shaky confidence that those policies ensured adequate levels of authentication.
41% of the organisations represented by survey respondents had an API security incident in the last 12 months; 63% of those noted that the incident involved a data breach or data loss. Just over a third (35%) of survey respondents said projects were specifically delayed due to API security concerns; 87% of those believe more effective integration of API security testing (AST) into developer pipeline activities could have prevented those delays.
Only 51% of respondents have full confidence in their API inventories; 26% reported that their inventory update processes are manual.
“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst for Information Security for the Voice of the Enterprise (VotE) quantitative research product at 451 Research. “This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”