Widespread API use heightens cybersecurity risks
APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that more than two-thirds (69 percent) of organizations are exposing APIs to the public and their partners and that organizations are on average managing 363 different APIs.
Public-facing APIs are a key security concern because they are a direct vector to the sensitive data behind applications. Eighty percent of organizations use a public cloud service to protect the data behind their APIs with most people using the combination of API gateways (63.2 percent) and web application firewalls (63.2 percent).
“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” said Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”
Ninety-two percent of IT professionals believe that DevSecOps, the combination of development, security and operations, will play a part in the future of application development. This highlights an increased desire from many organizations for security to be built in from the very beginning of software development rather than as an after-thought.
“It is very encouraging that the majority of respondents to our survey expect DevSecOps to be involved in the future of application development. Cybercrime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cybersecurity threats,” continued Ray.
Imperva® is a leading cybersecurity company that delivers best-in-class solutions to protect data and applications – wherever they reside – on-premises, in the cloud, and across hybrid environments. The company’s Incapsula, SecureSphere, and CounterBreach product lines help organizations protect websites, applications, APIs, and databases from cyberattacks while ensuring compliance. Imperva innovates using data, analytics, and insights from our experts and our community to deliver simple, effective and enduring solutions that protect our customers from cybercriminals.
The survey was conducted in November 2017 by One Poll on behalf of Imperva and studied the attitudes of 250 IT managers and security professionals at companies with at least 250 employees, and/or $1 million in revenue in the US.