Report: Enterprises aren’t doing enough to mitigate API security threats


A new survey on API security has revealed the emergence of a new “digital divide”, as more companies embrace APIs without fully understanding how to mitigate the new threat vectors that might lead to critical data being exposed.

API management firm Akana Inc. quizzed over 250 security practitioners for its first-ever Global State of API Security Survey 2015, including CSOs, CISOs, and security experts from leading digital organizations. The company says that APIs are rapidly becoming the most popular channel for the exchange of data between both external and internal audiences and services, and as such, there’s a growing need to develop countermeasures to fend off unique threats to API security.

The good news is that most security experts understand this, but while most enterprises are taking steps to secure API access, few are doing enough to ensure that sensitive data is being securely handled in the applications that access those APIs.

Akana said the most worrying stat from its survey is that over 65 percent of experts quizzed admitted they don’t have the processes in place to ensure their data is being managed securely while being accessed by apps that consumer APIs. As such, APIs represent a significant weakness in many organizations’ systems, as an enormous amount of critical data can be accessed through them.

Akana also reported that some 60 percent of respondents admitted they weren’t securing API consumers. Meanwhile, 45 percent also failed to rate limit access to their APIs, which is one of the fundamental controls to reduce the risk of exposure.

That’s not to say enterprises aren’t taking the threat seriously though. According to the survey, 75 percent of firms believe API security is a CIO-level concern, while 65 percent said it was also an issue for business managers. Akana says this illustrates how APIs are rapidly becoming a key issue for business leaders as well as IT teams, due to their rapid rate of enterprise adoption.

As far as threats are concerned, respondents listed JSON Scheme, DDoS, Message-Level security and Encryption as their top concerns.

Roberto Medrano, EVP at Akana, said the underlines the urgency with which enterprises must recognize and take steps to mitigate new API threat vectors, an issue that will become ever more pressing as the rate of API adoption increases.

“APIs are new enough in the enterprise that people want the latest on how industry peers are dealing with security threats,” Medrano said. “We felt there was an opportunity to ask others to share their insights and worries. The survey report should be a helpful starting point for determining best practices in API security going forward.”

Photo Credit: kliim stream via Compfight cc