14 DAY TRIAL // Inconsistencies in API server security may be the cause of future cyber-attacks, even if companies implement their APIs on custom-coded, in-house platforms or via on-demand, commercial offerings.
This is the conclusion of a recent market study carried out among 100 businesses across a variety of industries in North America, Europe, and Asia-Pacific. The representatives of these companies were asked if they used APIs, why they chose to go this route, and how they secured them.
Over half of the respondents (51%) said they deployed their APIs because this allowed external developers to build apps on top of their service, probably the main reason APIs are so popular today.
On the other hand, more companies explain they use APIs to allow partners to interact with their data (67%), to improve employee mobility (62%), and to make their services and apps cloud-compatible (57%).
Procedures and guidelines for addressing API security are needed
Regardless of their reasons, the study reveals that many companies do not know yet how to deal with API platform security concerns. There's a 53-47 percent split between companies who feel API security should be managed by special security teams and those who think that developers (programmers) are the ones who should handle this task.
This disconnect is also reflected in how these two sides collaborate on the API's creation. Data shows that only 30 percent of APIs are planned out without input from the security team, 27 percent go through the development phase without contribution from infosec professionals, and 21 percent of all APIs reach production environments without security specialists inspecting their code.
It is for these reasons that 83 percent of all surveyed companies have shown concern regarding their APIs, even if developed in-house (63%) or deployed via API management platforms (87%).
In recent months, there have been many cases where insecure APIs have been abused for cyber-crime or could have.
The API Security: A Disjointed Affair study is available for download. It was released by Distil Networks and carried out by Ovum Study.
