Within the limits of surveys, this one yielded significant risk trends that could only escalate as AI threats skyrocket
Based on a survey of around 700 global respondents representing organizations of all sizes* on the issue of managing application strategies (to create great digital experiences, capture fresh revenue streams, and unlock new opportunities or business models), a cybersecurity firm has released its findings.
First, respondents had indicated that less than 70% of customer-facing application programming interfaces (APIs) were being secured using Hypertext Transfer Protocol Secure (HTTPS). This implied that other respondents were leaving their of these unprotected. As a reference, some 90% of web pages are now accessed via HTTPS, following the global push for secure web communications over the past decade.
Second, on average, respondents were managing 421 different APIs, with most hosted in public cloud environments. Based on the first finding, around 30% of this average number of APIs could be unsecured.
Other findings
Third, as API usage and security needs evolve, respondents were showing that their practices largely focused on inbound traffic, leaving outbound API calls vulnerable.
Fourth, 53% of respondents were managing API security under the purview of application security, and 31% were managing it through API management and integration platforms. Where API security was not cross-organizational or managed by CIOs/CISOs, there were risks of insufficient management of that aspect of cybersecurity.
Fifth, respondents had ranked programmability as the most valuable API security capability.
According to Lori MacVittie, Distinguished Engineer, F5, the firm that commissioned the survey: “APIs are becoming the backbone of digital transformation efforts, connecting critical services and applications across organizations. However… many organizations are not keeping pace with the security requirements needed to protect these valuable assets, especially in the context of emerging AI-driven threats.”
*with approximately one-third operating on less than US$200m in annual revenue, and one-quarter operating on over US$1bn. Also, respondents mostly hailed from the technology industry (33%), followed by cloud service providers (17%), manufacturing (9%), finance (7%), energy/utilities (5%), government (4%), education (4%), healthcare (4%) and telecommunications (3%). Respondent held roles mostly in Senior IT (30%) followed by operations, software development, networking, security, senior non-IT, data science/ML engineering, cloud and site reliability engineering (15%, 9%, 9%, 7%, 6%, 4%, 4% and 2% respectively). The survey period was not disclosed.
