Legendary investor, entrepreneur and commentator Marc Andreessen famously opined a few years ago that "software is eating the world." That's a pithy quote, guaranteed to draw attention, but at its basis, Andreessen was referring to the fact that more and more organizations are viewing what they do through the lens of software. The success of companies such as Airbnb, Uber and iTunes are due in part to new business models enabled by software.
But if software is the thing that allows and enables disruption to occur, there is a little piece of technology that is critical in the process. Application programming Interfaces (API) are the hooks that allow integrations, data sources, sensors and devices to "talk" to each other. As I said in reaction to Andreessen's article, "Software may be eating the world, but APIs are giving it teeth."
This rise of software-enabled business has developed a corresponding rise in the number of vendors offering API platforms that are aimed at making ti easier to create, deploy, manage and secure those APIs. One of these vendors is Akana (formerly known as SOA software. Akana is releasing a new survey that looks at the state of API security and it is an interesting reflection on what the c-suite is thinking when it comes to APIs.
The survey polled some 250 practitioners, across a number of roles — CSOs, CISOs and security architects, with 50% of respondents being executives from large global organizations. The survey's aim was to quantify the maturity of API security practices among leading digital enterprises. Some key findings from the survey include:
- More than 65% of the respondents reported that they do not have processes in place to ensure that the data that is being accessed by applications consuming APIs is managed securely.
- Almost 60% of survey respondents indicated that they were not securing API consumers.
- A large proportion of survey respondents (>45%) also did not rate-limit access to their APIs, a control that can reduce the risk of hacking.
- API security is as much an issue for the business as it is for IT, with 75% of respondents saying that API security was a CIO-level concern. Sixty-five percent said it was an issue for business managers.
- JSON Scheme, DDoS, message-level security and encryption were among the top API security threats.
The survey is an interesting reflection and potential a justification for taking time and thinking a little about API adoption. APIs are certainly an incredibly valuable tool, but like any new tool, they need to be adopted in a robust and appropriate manner. The survey suggests an emerging digital divide as high-performing companies embrace core digital capabilities and APIs to move ahead. As APIs are gaining adoption, enterprises need to recognize and take steps to mitigate the additional threat vectors that they might be exposing their data and organization to.
The survey isn't a reason to stop or curtail API adoption. Rather, it is justification for being robust when developing an API approach and strategy. APIs are incredibly valuable and, often, they're part of the difference between survival and failure. That said, as with all new approaches, companies need to go into the API economy with awareness and caution.