APIs power many of our digital experiences, but because they provide a window into applications they also present a security risk.
A new study from cyber security company Imperva reveals that 69 percent of companies have public-facing APIs which offer a route to the sensitive data behind applications.
The results show 80 percent of organizations use a public cloud service to protect the data behind their APIs with most using a combination of API gateways (63.2 percent) and web application firewalls (63.2 percent). When asked about threats, 63 percent of respondents are most worried about DDoS, bot attacks, and authentication enforcement for APIs.
“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” says Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”
There is though an increased desire from many organizations for security to be built in from the very beginning of software development rather than as an afterthought. 92 percent of IT professionals believe that DevSecOps, the combination of development, security and operations, will play a part in the future of application development.
“It is very encouraging that the majority of respondents to our survey expect DevSecOps to be involved in the future of application development,” adds Ray. “Cyber crime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cyber security threats.”