Today Cloudentity, a leading provider of authorization and identity for modern applications, announced its 2021 "State of API Security, Privacy and Governance" report conducted by PulseQA, revealing that in the last 12 months, at least 44% of respondents expressed substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs. As a result of these issues, 97% of enterprises experienced delays in releasing new applications and service enhancements due to identity and authorization issues with APIs and services.
APIs act as the foundation of app modernization and digital transformation that connect users and systems to a network of services, applications, and data - making them a key component of web applications and cloud computing. Unfortunately, the vast majority (83%) of organizations’ service/API authorization policy management remains decentralized with only some policy standards that are hardcoded in each application. This report showcases how enterprises are advancing API-first programs in their organization and reveals the issues, drivers, maturity, investments, and benefits.
The comprehensive survey of 300 IT practitioners and decision-makers conducted in September 2021, represented a balanced cross-section of organizations of 10,000 employees or more in financial services, healthcare, high tech, retail, consumer goods and manufacturing industries. The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization’s ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.
"An API exposes sensitive data that is accessed by other systems, partners and customers. This had made them a high-value target for cyberattacks. As API endpoints proliferate, enterprises must standardize and improve the controls they use to protect this data, applying a zero trust approach to API access and data exchange. This goes beyond simple authentication. We must move to a model where every API transaction is dynamically authorized and easily audited for compliance, and monitored for suspicious activity," said Jason Needham, CEO of Cloudentity. "This report illustrates the challenge and progress being made across industries to mature API security and privacy governance, and shows its benefit of streamlining application development, compliance verification and service delivery."
Cloudentity will share a recap of these findings in an upcoming webcast entitled "Cloud-native API Security, Privacy and Governance – Shift Left DevOps and DevSecOps," on November 9 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT.
The full report and infographic are available for free download at https://www.cloudentity.com/resource-center/2021-api-security-survey/.
Additional key findings include:
Ninety-three percent of enterprises plan to increase their budget and resources applied to secure API development and security programs, and the majority (64%) plan an increase as much as 15%.
Compared to the average total across industries, the financial services industry intends to spend 15% more budget on API security, with compliance and privacy driving them to make these investments more than the other sectors.
Enterprise IT practitioners’ top motivators are reducing coding human error, preventing the data leakage of sensitive information, ensuring compliance, ensuring data privacy/privacy consent and threat prevention.
The top five contributors to API identity and authorization risk include component-driven development complexity, difficulty to diagnose issues and lack of data lineage, and inconsistent security policy management and enforcement controls.
The top five API security initiatives include extending authentication and authorization controls down to APIs and microservices, implementing Zero Trust controls, invoking declarative authorization (policy as code), implementing micro segmentation, and facilitating API discovery, classification, and inventory.
About the 2021 State of API Security, Privacy, and Governance Report
Cloudentity sponsored the State of API Security, Privacy and Governance study conducted by PulseQA, an independent knowledge-sharing community of more than 33,000 technology leaders. The survey was answered by 300 IT practitioners that manage or are responsible for API management and API security within enterprises of 10,000 or more employees across financial services, healthcare, high tech, retail, and consumer products industries in North America and the United Kingdom. Industry-specific and regional reports derived from the survey data are available at https://cloudentity.com/resource-center/2021-api-security-survey/.