State-of-API report: The API becomes a product – Security is secondary
API is increasingly seen as a product and APIs themselves are becoming part of the business itself
APIs, the plumbing of the digital world, are gaining prominence as businesses realize their potential to create new products and services – and to overhaul their very operations. This is leading some businesses to approach APIs in a completely new way, not merely as utilities but as products themselves. Recent research by open source API specialist Kong found that 83% of respondents treat APIs as products, up from 70% a year ago. This trend is being driven by awareness that APIs are a key driver of innovation and as businesses grow to understand how they can be used to unlock new revenue streams and improve customer engagement.As businesses embrace APIs for a front-facing purpose, they also increasingly play a vital role deep within the business, with 86% of respondents agreeing that APIs are vital for operational transformation. Yet despite this growing importance, the research also highlights that security of APIs is an afterthought for many companies, with less than 50% prioritizing it. "The API is no longer just a technical implementation detail," said Kong co-founder and CTO Marco Palladino. "It is becoming a critical part of the business, and businesses need to start thinking about APIs as products, with all the implications that entails in terms of design, testing, and security. "Furthermore, APIs are becoming a key to operational transformation within the business, across a wide range of functions from HR to finance and supply chain management to customer service. This means APIs are increasingly mission-critical to core business operations and security must be taken into consideration when designing and deploying any API."
Kong’s research also found that a majority of respondents (80%) believe that APIs will become more strategic to their business over the next 12 months, underscoring the growing importance of APIs in the digital economy. This growing strategic importance is likely to put further pressure on businesses to adopt API security best practices. As APIs become more critical to business success, the consequences of a security breach could be devastating – both in terms of financial losses and reputational damage.
API security is often overlooked
However, despite the growing importance of APIs, security is often overlooked.A recent study by Gartner found that only 23% of organizations have a formal API security program in place. This is despite the fact that APIs are a major attack vector for hackers. In fact, Gartner predicts that by 2022, API attacks will be the most common type of security breach. There are a number of reasons why API security is often overlooked. One reason is that APIs are often seen as a technical issue, rather than a business issue. This can lead to security being treated as an afterthought, or not being considered at all. Another reason why API security is often overlooked is that it can be difficult to implement. APIs are complex and interconnected, which can make it difficult to identify and mitigate security risks. However, there are a number of steps that businesses can take to improve API security. These steps include: * Implementing an API security gateway * Using strong authentication and authorization mechanisms * Enforcing rate limits * Logging and monitoring API activity * Regularly patching and updating APIs These steps can help to protect APIs from a variety of threats, including: * Data breaches * Denial of service attacks * Man-in-the-middle attacks * Cross-site scripting attacks By taking these steps, businesses can help to ensure that their APIs are secure and that their data is protected.
