Check Point® Software Technologies Ltd. has been recognized as a leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
Developers and IT Security Teams Disconnecting on API Security
April 11, 2016
The majority of companies surveyed are running some form of an API management platform, either developed in-house or from a commercial provider, according to a survey on Application Programming Interface (API) security, API Security: A Disjointed Affair, conducted by Ovum for Distil Networks.
However, the security features included in these API management platforms are inconsistent, with many lacking basic rate limiting functionality. Also of note is the lack of responsibility for API security. There is nearly an even split between those that give responsibility for API Security to their developers and those that allocate it to the IT Security team.
"The use of APIs to enable applications to interact across single and multiple infrastructures is skyrocketing and innovation is being fueled by companies finding new ways to monetize their software assets by exposing APIs to outside developers," said Rik Turner, Senior Analyst at Ovum. "However, exposing APIs to developers outside the company creates significant risk and APIs are becoming a growing target for cyber criminals. This study highlights an alarming lack of consistency and ownership in how API security is addressed."
APIs impact business and the world around us more than most people realize. The fact that API security is flying under the radar and not being adequately addressed should be a red flag prompting organizations to examine their own practices. CIOs and CISOs need to get a handle on how responsibility is addressed within their organizations and decide whether the process is sufficiently robust.
Key findings of the survey include:
The purpose behind APIs
■ 51 percent of respondents said that their rationale for API deployment was to enable their external developer ecosystem
■ 67 percent said partner connectivity was the main goal while 62 percent cited mobility and 57 percent cited cloud integration
API security woes
■ 83 percent of those surveyed were concerned with API security
■ 87 percent of respondents were running an API Management platform, with 63 percent using a platform developed in-house
API management platforms lack critical features and automation
■ Rate limiting, considered to be a basic API security practice, was employed by less than half of respondents
■ Over two-thirds of respondents were spending over 20 hours a month managing API rate limiting
■ Only 21.9 percent of respondents had protection from API malicious usage, API developer errors, automated API scraping, and web and mobile API hijacking
Who is responsible for API security?
■ 53 percent of respondents feel security teams should be responsible for API security, while 47 percent believe the developer teams should hold responsibility
■ 30 percent of APIs are spec'd out without any input from the IT security team and 27 percent of APIs proceed through the development stage without the IT security team weighing in
■ 21 percent of APIs go live without any input from security professionals
Rami Essaid is CEO and Co-Founder of Distil Networks.
Industry News
September 21, 2023
September 21, 2023
Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.
September 21, 2023
Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.
September 20, 2023
Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).
September 20, 2023
Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.
September 20, 2023
DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.
September 19, 2023
Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.
September 19, 2023
Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.
September 19, 2023
CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).
September 18, 2023
Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.
September 18, 2023
CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.
September 18, 2023
Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.
September 14, 2023
Check Point® Software Technologies Ltd. announced that it has been recognized on Newsweek’s inaugural list of the World’s Most Trustworthy Companies 2023.
September 14, 2023
CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.
