A newly released report by Imvision reveals major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe.
With 9 out of 10 security leaders naming API security as a priority, survey results indicate a consensus among professionals that the shift to the cloud and expansive adoption of APIs have created a new layer of technology that requires dedicated attention. At the same time, it also reveals several considerable gaps that need to be closed to secure APIs.
API security is a top priority for today’s security leaders. 73% of enterprises use 50 or more APIs, while 79% develop and publish APIs externally. 80% of security leaders would like to gain more control over their API security, and 91% of security leaders intend to make API security a priority over the next two years.
There is a clear drive for an API Security Backbone, with the top priorities being access control (63%), security testing (53%), and anomaly detection and prevention (43%). The top enablers of this backbone are integrations with existing systems (52%) and API visibility (50%).
The growing reliance on APIs for various use cases increases the range of potential vulnerabilities: security leaders see their most vulnerable APIs as those that are not protected using an API gateway (40%) and those they consume from 3rdparties (26%).
Sharon Mantin, CEO and co-founder of Imvision
Securing APIs is a daunting responsibility. APIs are becoming more prevalent across organizations. They run on multiple clouds, are developed by different teams, and serve an increasing number of consumers. While APIs offer countless benefits, at the same time, many companies are struggling to develop them securely.
