As API Use Grows Over 200%, Security Concerns from Developers and Enterprise Users Loom

In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependency on APIs increases, so do its related security challenges like broken authentication, authorization, and accidental disclosure or breach of data. With concerns continuing to mount, 451 Research has released the 2022 API Security Trends Report sponsored by API security company, Noname Security, covering the key characteristics and security risks present in API usage today and how a holistic approach to API security provides a gateway to a frictionless user experience.

Conducted in January 2022 and featuring results from IT experts representing over 350 global companies in diverse industries with 3,000+ full-time employees, the 2022 API Security Trends Report captures the main pain points associated with API security today, the effectiveness of other enterprise-grade security solutions, and characteristics of effective API security solutions such as maintaining accurate API inventories and requiring user authentication.

Key findings from the report include the following:

• APIs are heavily leveraged, with an average of 15,564 APIs in use among survey respondent organizations, and a growth rate of 201% over the past 12 months.
• Forty-one percent (41%) of the organizations represented by survey respondents had an API security incident in the last 12 months; 63% of those noted that the incident involved a data breach or data loss.
• An overwhelming majority (90%) of respondents noted that their organizations have API authentication policies in place, but 31% expressed shaky confidence that those policies ensured adequate levels of authentication.
• Just over a third (35%) of survey respondents said projects were specifically delayed due to API security concerns; 87% of those believe more effective integration of API security testing (AST) into developer pipeline activities could have prevented those delays.
• Only 51% of respondents have full confidence in their API inventories; 26% reported that their inventory update processes are manual.

“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst for Information Security for the Voice of the Enterprise (VotE) quantitative research product at 451 Research. “This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”

“As Noname Security continues our mission of enabling enterprises everywhere to mitigate the risk of deploying APIs, the findings in this report confirm how imperative these actions are within the enterprise,” said Oz Golan, Co-Founder and CEO at Noname Security. “We thank 451 Research for educating the public on these issues as we work to secure our customers’ APIs around the world.”

You can view the report in full here.