This morning, identity and access management and privileged access management solutions provider Ping Identity released the results of a major industry survey on APIs.
Application program interfaces are sets of routines, protocols, and tools for building software applications. They provide an easy interface for developers to work with, as they mask the complexity of the backend programming. This, in turn, is essential for helping enterprises cope with changing customer demands, leverage existing data, and present data to clients in a compelling way.
Therefore, APIs are now a major part of enterprises’ digital transformation projects. However, they are also a recurring cybersecurity afterthought. Indeed, major vulnerabilities in APIs have resulted in numerous recent data breaches, including some of the more prominent scandals at Facebook.
To gain a better sense of the problems surrounding these interfaces, Ping Identity surveyed 100 security experts at the IDENTIFY 2018 conference in San Francisco and New York. Here are some of their key findings:
APIs are Growing Out of Control
- 25% of surveyed security experts say their enterprise has over 1,000 APIs.
- 35% say they have over 400-1,000.
- On average, enterprises manage 363 different APIs.
Enterprises Struggle with Visibility
- 45% of respondents say they aren’t confident in their security team’s ability to detect bad actors accessing their interfaces.
- 51% aren’t sure if their security team knows about all the APIs in their enterprise’s network.
- 30% do not know if their enterprise has experienced a breach, leak, or security event involving their interfaces.
Ping Identity points out that no security team can secure what they can’t see or don’t know about, and that with the advent of nation-state hackers financial and public services companies may be in particular danger due to this attack vector.
You can read more about the Ping Identity IDENTIFY 2018 conference API survey here.
Latest posts by Ben Canner (see all)
- Increased Demand for Biometric Authentication? Veridium Survey Says Yes! - February 15, 2019
- The Diversity of Multifactor Authentication Methods - February 14, 2019
- Key Findings: The SpyCloud 2018 Annual Credential Exposure Report - February 13, 2019