A new survey by Neosec reports that about half of all respondents rated their API strategies as under development, with 31% stating that their API programs are fully executed across the entire organization. At the same time, 69% said some improvements were needed with API projects, and 19% said many improvements were needed.
The survey asked what companies wanted to accomplish with APIs:
- Improve collaboration with partners and enable partner innovation: 65%
- Share internal APIs among company development teams to deliver products and services faster: 60%
- Use third-party APIs as part of the development of products and services: 53%
- Create APIs as products for use by external developers: 46%
Companies also said they expect APIs to improve customer experiences, speed up innovation, speed up time-to-market and expand product offerings by productizing APIs for consumption. One barrier to this collaboration is that 86% of respondents do not have a single platform for accessing available APIs.
Neosec surveyed 300 senior decision-makers in November 2021. About half of the respondents were from the U.S., with 16% from Germany, France and the U.K.
Edward Roberts, VP of marketing at Neosec, said in a press release that APIs are vital to today’s business strategy, which means prioritizing API security as well.
“As the size of the API landscape continues to grow, the data crown jewels of a business will be found inside these APIs. API abuse is going to become increasingly commonplace because APIs by their very nature expose the business to the outside,” he said. “For every API that is deployed there will be potential abuse associated with it.”
National Cyber Safety Review Board created in the U.S.
This week the U.S. Department of Homeland Security announced the Cyber Safety Review Board that will lead a public-private effort to improve cybersecurity in America. The group includes 15 experts, including Heather Adkins, senior director for security engineering at Google, who will serve as deputy chair.
The group’s first task will be to address the vulnerabilities in the log4j library and produce a report by the summer to recommend steps to take to address this vulnerability.
Annual budgets for APIs and the related infrastructure range from $3 million up to $100 million. Most respondents are spending between $10 million and $25 million at 23% with another group (21%) planning to spend between $25 million and $50 million. Financial services companies plan to spend the most:
- Financial services: $29 million
- IT, tech and telecoms: $21 million
- Manufacturing and production: $22 million
- Retail, distribution and transport: $19.6 million
There are plenty of business challenges to go along with these benefits. Respondents cited complexity and support requirements as the biggest problem with APIs, followed by security and governance. Managing access and vendor lock-in showed up as secondary concerns.
The CSRB will make its advice, information and recommendations publicly available with any appropriate redactions to help companies manage cybersecurity concerns, including the security of APIs. Members of the CSRB group include:
- Robert Silvers, under secretary for policy, Department of Homeland Security (CSRB chair)
- Heather Adkins, senior director, security engineering, Google (CSRB deputy chair)
- Dmitri Alperovitch, co-founder and chairman, Silverado Policy Accelerator; co-founder and former CTO, CrowdStrike, Inc.
- John Carlin, principal associate deputy attorney general, Department of Justice
- Chris DeRusha, federal CISO, Office of Management and Budget
- Chris Inglis, national cyber director, Office of the National Cyber Director
- Rob Joyce, director of cybersecurity, National Security Agency
- Katie Moussouris, founder and CEO, Luta Security
- David Mussington, executive assistant director for infrastructure security, Cybersecurity and Infrastructure Security Agency
- Chris Novak, co-founder and managing director, Verizon Threat Research Advisory Center
- Tony Sager, senior VP and chief evangelist, Center for Internet Security
- John Sherman, CIO, Department of Defense
- Bryan Vorndran, assistant director, cyber division, Federal Bureau of Investigation
- Kemba Walden, assistant general counsel, Digital Crimes Unit, Microsoft
- Wendi Whitmore, senior VP, Unit 42, Palo Alto Networks