This morning, identity and access management and privileged access management solutions provider Ping Identity released the results of a major industry survey on APIs.
Application program interfaces are sets of routines, protocols, and tools for building software applications. They provide an easy interface for developers to work with, as they mask the complexity of the backend programming. This, in turn, is essential for helping enterprises cope with changing customer demands, leverage existing data, and present data to clients in a compelling way.
Therefore, APIs are now a major part of enterprises’ digital transformation projects. However, they are also a recurring cybersecurity afterthought. Indeed, major vulnerabilities in APIs have resulted in numerous recent data breaches, including some of the more prominent scandals at Facebook.
To gain a better sense of the problems surrounding these interfaces, Ping Identity surveyed 100 security experts at the IDENTIFY 2018 conference in San Francisco and New York. Here are some of their key findings:
APIs are Growing Out of Control
- 25% of surveyed security experts say their enterprise has over 1,000 APIs.
- 35% say they have over 400-1,000.
- On average, enterprises manage 363 different APIs.
Enterprises Struggle with Visibility
- 45% of respondents say they aren’t confident in their security team’s ability to detect bad actors accessing their interfaces.
- 51% aren’t sure if their security team knows about all the APIs in their enterprise’s network.
- 30% do not know if their enterprise has experienced a breach, leak, or security event involving their interfaces.
Ping Identity points out that no security team can secure what they can’t see or don’t know about, and that with the advent of nation-state hackers financial and public services companies may be in particular danger due to this attack vector.
You can read more about the Ping Identity IDENTIFY 2018 conference API survey here.