Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.
API security is something many security teams don’t understand. In today’s modern and increasingly remote work environments, there are so many applications and services that rely on APIs that analysts struggle to discover and secure.
Earlier this week, API provider Postman released its 2022 State of the API Report — which surveyed more than 37,000 developers and API professionals — and found that 20% of respondents say that API security incidents or breaches occur at least once a month in their organizations.
In contrast, 51% of respondents also said that more than half of their organization’s development efforts go to APIs.
The results suggest that organizations may need a higher-level approach to identifying and securing APIs if they want to prevent intrusions and reduce the risk of data breaches.
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.
Why is API security a challenge?
When it comes to the struggle to secure APIs, it’s not just the scale of applications and services that creates challenges. It’s also the fact that many organizations rely on less-optimized application security tools to mitigate issues at the API level.
As modern business environments evolve, companies need solutions that can automatically discover and classify APIs at scale if they want an accurate view of their risk posture.
As a Gartner report on API security explains, “Many API breaches have one thing in common: the compromised organization did not learn of their insecure API until it was too late. . That’s why the first step in API security is to discover the APIs your organization provides or uses from third parties. »
It’s a perspective that Postman’s new research seems to reaffirm.
“Companies facing more frequent API security incidents likely have phantom or released APIs that don’t have the same protections as other websites. They probably have more legacy elements in their environment and may not really understand the scope of their entire API landscape,” said Abhinav Asthana, CEO of Postman.
The need for greater API transparency and visibility is also increased by the growing number of mobile applications.
“Many mobile apps have a number of backend APIs used to support it and they are often overlooked. Attackers have been abusing these backend mobile APIs for quite some time as they are often insecure and provide much more content. valuable. You can’t protect what you don’t know,” Asthana said.
The API Security Market
One of the major players in the API security market is Salt Security. Its solution uses an API Context Engine (ACE) that can discover new APIs and vulnerabilities, while also offering pre-production API testing.
Another contender is Noname Security with an API security platform designed to discover API vulnerabilities and misconfigurations, with automated detection and response capabilities.
Researchers expect the API management market to grow from $4.5 billion in 2022 to a value of $13.7 billion by 2027 as more organizations try secure increasingly complex decentralized work environments.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.