APIs Demand Improved Security and Management
Software engineering leaders are rapidly adopting APIs to improve connectivity and enable digitization, but face an increased challenge of securely managing API sprawl. Our predictions about the future of APIs enable software engineering leaders to plan for API management and security challenges.
Overview
Key Findings
· Organizations are adopting diverse types of APIs — internal APIs to represent coarse- and fine-grained service interfaces, data elements, and private and public APIs — at an expedited rate. Software engineering leaders are thus tasked with managing the explosion of both known and shadow APIs.
· API security challenges have emerged as a top concern for most software engineering leaders, as unmanaged and unsecured APIs create vulnerabilities that could accelerate multimillion dollar security incidents.
· While APIs have tremendously improved access to applications and services in software architectures, the use of third-party APIs introduces dependencies and failure risks, especially for mission-critical applications.
Recommendations
Software engineering leaders responsible for API technologies should:
· Manage and govern all APIs by investing in discovery, cataloging and automatic validation and by using an adaptive governance approach to manage a wide range of use cases and API types.
· Improve API security posture by developing a security strategy for threat protection, API security testing and API access control that leverages newer approaches and vendor solutions.
· Improve architectural resiliency by actively managing the consumption of APIs — that is, the use of both internal APIs and third-party APIs.
Strategic Planning Assumptions
By 2025, less than 50% of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools.
By 2025, more than 50% of enterprises will use GraphQL in production, up from less than 10% in 2021.
By 2025, the percentage of third-party APIs used in applications will average 30%, up from less than 10% in 2021, complicating dependency management.
By 2024, 25% of all insurance transactions involving new ecosystem partners will require open and public APIs, up from less than 5% in 2021.
Analysis
What You Need to Know
APIs are now at the core of digital business, as organizations of all sizes have adopted APIs to improve connectivity and to build composable architectures. API requests comprise 83% of all hits, according to an analysis by Akamai, with API hits growing by 30% year over year and expected to reach 42 trillion hits by 2024. Furthermore, infrastructure and security vendor Cloudflare found that API traffic grew 300% faster than web traffic in 2020.
The explosive growth of APIs is driven by two key trends:
· Organizations are rapidly adopting APIs to deliver services and data, both internally and externally, due to their simplicity and increased access to technology and standards.
· New approaches and use cases involving APIs are emerging, especially as regulations and mandates force API adoption in industries such as banking and healthcare.
The proliferation of APIs is poised to continue for the foreseeable future. While the benefits of an API-driven future are clear, APIs also present significant risks:
· Most organizations are likely to be net consumers of APIs. Outages of these APIs or, worse, security incidents have an impact on the applications using them.
· Unmanaged and unsecured APIs are easy targets for attacks, increasing vulnerability to security and privacy incidents.
· Many SaaS vendors, including new startups, provide services via APIs. The widespread use of third-party APIs brings dependency risks.
· Industry regulations for access to data are adding new requirements to API initiatives.
