APIs give enterprises a security headache
Over the last year at least 44 percent of respondents to a new survey faced substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.
The study for Cloudentity, based on research carried out by PulseQA, shows that as a result of these issues, 97 percent of enterprises have experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.
APIs are increasingly at the heart of connecting users and systems to a network of services, applications, and data. However, according to the research 83 percent of organizations' service/API authorization policy management remains decentralized, with only some policy standards that are hardcoded in each application.
The study of 300 IT practitioners and decision-makers from a cross-section of large organizations in financial services, healthcare, high tech, retail, consumer goods and manufacturing industries shows that only two percent feel completely confident in their organization’s ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.
"An API exposes sensitive data that is accessed by other systems, partners and customers. This had made them a high-value target for cyberattacks. As API endpoints proliferate, enterprises must standardize and improve the controls they use to protect this data, applying a zero trust approach to API access and data exchange. This goes beyond simple authentication. We must move to a model where every API transaction is dynamically authorized and easily audited for compliance, and monitored for suspicious activity." says Jason Needham, CEO of Cloudentity. "This report illustrates the challenge and progress being made across industries to mature API security and privacy governance, and shows its benefit of streamlining application development, compliance verification and service delivery."
You can get the full report from the Cloudentity site and there'll be a webcast on the findings at 12 noon ET on November 9.
Photo Credit: Panchenko Vladimir/Shutterstock