16 October 2024, Wed |
12:46 PM
Ahead of GITEX Global, F5 (NASDAQ: FFIV) has released its 2024 State of Application Strategy Report: API Security, shedding light on alarming deficiencies in API security across various industries. The findings reveal substantial gaps in API protection, exposing enterprises to potential threats that could jeopardize security and operational integrity. These challenges are further exacerbated by the rapid increase in API usage in today’s digital landscape.
The survey indicates that less than 70% of customer-facing APIs are secured with HTTPS (Hypertext Transfer Protocol Secure), leaving nearly one-third completely unprotected. This starkly contrasts with the 90% of web pages now accessed via HTTPS, highlighting the significant strides made in secure web communications over the past decade.
“APIs are becoming the backbone of digital transformation efforts, connecting critical services and applications across organizations,” said Lori MacVittie, Distinguished Engineer at F5. “However, as our report indicates, many organizations are not keeping pace with the security requirements needed to protect these valuable assets, especially in the context of emerging AI-driven threats.”
Key Findings of the Report Include:
– Rapid Growth and Diverse Environments: The average organization now manages 421 different APIs, with most hosted in public cloud environments. Despite this growth, a considerable number of APIs—especially customer-facing ones—remain unprotected.
– Evolving API Uses and Security Needs: As APIs increasingly connect to AI services like OpenAI, security models must adapt to cover both inbound and outbound API traffic. Current practices primarily focus on inbound traffic, leaving outbound API calls vulnerable.
– Fragmented Responsibility for API Security: The report reveals a divided responsibility for API security within organizations, with 53% managing it under application security and 31% through API management and integration platforms. This division can lead to gaps in coverage and inconsistent security practices.
– High Demand for Programmable Security Solutions: Respondents ranked programmability as the most valuable API security capability, highlighting the need for real-time inspection and response to API traffic and threats.
Addressing the Gaps in API Security
To tackle these security gaps, the report recommends that organizations adopt comprehensive security solutions covering the entire API lifecycle, from design through deployment. By integrating API security into both development and operational phases, organizations can better safeguard their digital assets against a growing array of threats.
“APIs are integral to the AI era, but they must be secured to ensure that AI and digital services can operate safely and effectively,” added MacVittie. “This report serves as a call to action for organizations to re-evaluate their API security strategies and take the necessary steps to protect their data and services.”
