Security News > 2021 > November > Only 2% of IT practitioners are confident in their organization’s ability to reduce API security issues

Only 2% of IT practitioners are confident in their organization’s ability to reduce API security issues
2021-11-03 04:00

API security issues: Enterpises must apply a zero trust approach.

The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization's ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.

"An API exposes sensitive data that is accessed by other systems, partners and customers. This had made them a high-value target for cyberattacks. As API endpoints proliferate, enterprises must standardize and improve the controls they use to protect this data, applying a zero trust approach to API access and data exchange. This goes beyond simple authentication. We must move to a model where every API transaction is dynamically authorized and easily audited for compliance, and monitored for suspicious activity." said Jason Needham, CEO of Cloudentity.

Additional key findings Ninety-three percent of enterprises plan to increase their budget and resources applied to secure API development and security programs, and 64% plan an increase as much as 15%. Compared to the average total across industries, the financial services industry intends to spend 15% more budget on API security, with compliance and privacy are driving them to make these investments more than the other sectors.

The top five contributors to API identity and authorization risk includes component-driven development complexity, difficulty to diagnose issues and lack of data lineage, and inconsistent security policy management and enforcement controls.

The top five API security initiatives include extending authentication and authorization controls down to APIs and microservices, implementing zero trust controls, invoking declarative authorization, implementing micro segmentation, and facilitating API discovery, classification, and inventory.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Y0KyowDHQ2w/

Related news