As APIs fast become the dominant channel for exchanging data between both external and internal audiences and services, there's increasing concern over the threats and vulnerabilities they present.
A new survey by API management company Akana reveals that API security is as much an issue for the business as it is for IT, with 75 percent of respondents saying that API security was a CIO-level concern whilst 65 percent say it's an issue for business managers. As APIs are increasingly being adopted to drive digital initiatives, both business and IT increasingly see value in securing them.
The survey is aimed at understanding the maturity of API security practices amongst the leading digital enterprises, its results reveal that while the majority of respondents are taking steps to secure API access, only few had taken steps to ensure that sensitive data was being securely handled in the Apps that access the APIs.
Just as the emergence of Web brought web-based threats and resulting countermeasures to the forefront, the survey indicates recognition from security practitioners of threats that are unique to the API channel.
"APIs are new enough in the enterprise that people want the latest on how industry peers are dealing with security threats," says Roberto Medrano, EVP at Akana. "We felt there was an opportunity to ask others to share their insights and worries. The survey report should be a helpful starting point for determining best practices in API security going forward".
Other findings are that more than 65 percent of respondents report that they don’t have processes in place to ensure that the data being accessed by applications using APIs is managed securely. With mobile apps and IoT devices increasingly being API consumers, enterprises face exposure to threats of unauthorized access to data once it's been accessed through an API.
Almost 60 percent of survey respondents indicated that they weren't securing API consumers. A large proportion of survey respondents -- more than 45 percent -- also didn't rate limit access to their APIs, a control that can reduce the risk of hacking.
Respondents identified JSON (JavaScript Object Notification) Scheme, DDoS, message-level security and encryption amongst the top API security threats. The overall results suggest that a digital divide is developing as high-performing companies embrace core digital capabilities and APIs to move ahead. But enterprises needs to recognize and take steps to address the additional threats that API use might be exposing their data and organization to.
You can download the full report from the Akana website and there's a summary of API security risks in the graphic below.
Image Credit: Profit_Image / Shutterstock