• Home

  • Documents

  • API SNAPSHOT - Cequence Security · this stage going Serverless. And when it comes to deployment...
1
The Future of API Security API SNAPSHOT More and more IT executives are seeing the importance of APIs in their digital transformation projects. Given its widespread adoption across many industries, it’s natural for many organizations to think more deeply of how their API environments are secured. But how mature are organizations when it comes to API security? And who calls the shots when making the most important security decisions? In this brief study in collaboration with Pulse, we asked 100 IT executives about what their biggest security concerns were as well as what strategies they’re employing to stay ahead of the curve. Stepping back to see the lie of the land, the landscape of the use of APIs clearly shows important trends within IT departments. The majority of companies use them for Public-facing Web Apps (63%) as well as 3rd party integrations (81%). These are usually within Servers (80%) or Containers (56%) with only 35% at this stage going Serverless. And when it comes to deployment environments, AWS (65%) beats Azure (49%) with Google much further behind at 13%. How are APIs being used APIs Environments Deployment SECURITY CONCERNS API Security Approaches What are organizations’ preferred API security deployment model? GREATER API SECURITY Who calls the shots? 71% - Among common API security concerns, the leaking of data or loss of IP was the security lapse most worried about by IT executives. Automated bot attacks 45% Business logic abuse 21% 21% were concerned about business logic abuse and another 45% about their organization being susceptible to automated bot attacks. 46% - When asked when IT leaders were planning on implementing API security, said it would be within the year (6-12 months) whereas only 18% said they had planned to do so immediately. The large majority of organizations were planning on using gateways to protect their APIs whereas half of all respondents (50%) will protect APIs via tighter Access Control. A number of groups can weigh in as the driver or owner of a project. This study found that groups related to Cyber or App Security (63%) and Network Security were the most likely to be the driver or owner of an API Security project. Similarly when it comes to holding the purse strings, it was found that Cyber and App Security groups were most likely to be in charge of the budget. More than half of all respondents (53%) also said that Network and Infrastructure groups played an important part in budgeting decisions. Finally, when it comes to being the tech decision maker, more than half of all respondents said that once again Cyber/App Security, Infrastructure and Network Security groups were crucial to making key tech decisions at the organization. Find out more about how to protect your APIs from bot attacks and vulnerability exploits with the Cequence Application Security Platform. A majority of organizations now understand the importance of API security for their public-facing and mobile apps. Why are organizations increasingly interested in SaaS-based enterprise class security solutions that protects APIs from outside attacks? 48% were also looking to implement API security point products. The remaining 36% either had no plans to implement API security or would do so well into the future. 50 % 48 % 34 % 28 % 16 % 5 % 3 % 14 % Customer owned managed public cloud - AWS SaaS Customer owned managed – Data center/private cloud Customer owned managed public cloud - Azure Customer owned managed public cloud - GCP Customer owned managed public cloud - Other Cyber or App Security Network and Infrastructure 63 % 53 % “It would be great if a solution like this can tackle most of these key issues without us getting involved in development.” - VP in Professional Services - VP in Consumer Goods “It will save us a lot of effort and cost.” - CIO in Software “SaaS is attractive as it helps me keep headcount and costs low.” Great to have this capability “baked-in” “We can’t afford to stay on top of this with internal resources." - CIO in Healthcare - VP in Manufacturing RESPONDENTS COMPANY SIZE 67% C-Suite VP 33% Enterprise Companies Medium (less than 10,000) Large (more than 10,000) 26% 74% LOCATION North America, EMEA and APAC Demographics https://www.pulse.qa/ Insights powered by API Compliance regulatory violations Access control and authentication for users and machines Data leakage or loss of IP 51 % 71 % 58 % API 100 100 100 1101 1101 11011101 41 % 34 % 63 % Public facing web apps 81 % Partner/Ecosystem/3rd party integration Mobile Apps Internal Apps Servers Containers Serverless 80 % 56 % 35 % What environments are their API-based applications based in? What are APIs deployed on? 65 % 13 % 49 % AWS Google Azure

API SNAPSHOT - Cequence Security · this stage going Serverless. And when it comes to deployment environments, AWS (65%) beats Azure (49%) with Google much further behind at 13%

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: API SNAPSHOT - Cequence Security · this stage going Serverless. And when it comes to deployment environments, AWS (65%) beats Azure (49%) with Google much further behind at 13%

The Future of API Security

API SNAPSHOT

More and more IT executives are seeing the importance of APIs in their digital transformation projects. Given its widespread adoption across many industries, it’s natural for many organizations to think more deeply of how their API environments are secured.

But how mature are organizations when it comes to API security? And who calls the shots when making the most important security decisions? In this brief study in collaboration with Pulse, we asked 100 IT executives about what their biggest security concerns were as well as what strategies they’re employing to stay ahead of the curve.

Stepping back to see the lie of the land, the landscape of the use of APIs clearly shows important trends within IT departments. The majority of companies use them for Public-facing Web Apps (63%) as well as 3rd party integrations (81%). These are usually within Servers (80%) or Containers (56%) with only 35% at this stage going Serverless. And when it comes to deployment environments, AWS (65%) beats Azure (49%) with Google much further behind at 13%.

How are APIs being usedAPIs

Environments Deployment

SECURITY CONCERNS

API Security Approaches

What are organizations’ preferred API security deployment model?

GREATER API SECURITY

Who calls the shots?

71% - Among common API security concerns, the leaking of data or loss of IP was the security lapse most worried about by IT executives.

Automated bot attacks

45%

Business logic abuse

21% 21% were concerned about business logic abuse and another 45% about their organization being susceptible to automated bot attacks.

18% 36%

46% - When asked when IT leaders were planning on implementing API security, said it would be within the year (6-12 months)

whereas only 18% said they had planned to do so immediately.

The large majority of organizations were planning on using gateways to protect their APIs whereas half of all respondents (50%) will protect APIs via tighter Access Control.

A number of groups can weigh in as the driver or owner of a project. This study found that groups related to Cyber or App Security (63%) and Network Security were the most likely to be the driver or owner of an API Security project.

Similarly when it comes to holding the purse strings, it was found that Cyber and App Security groups were most likely to be in charge of the budget. More than half of all respondents (53%) also said that Network and Infrastructure groups played an important part in budgeting decisions.

Finally, when it comes to being the tech decision maker, more than half of all respondents said that once again Cyber/App Security, Infrastructure and Network Security groups were crucial to making key tech decisions at the organization.

Find out more about how to protect your APIs from bot attacks and vulnerability exploits with the Cequence Application Security Platform.

A majority of organizations now understand the importance of API security for their public-facing and mobile apps.

Why are organizations increasingly interested in SaaS-based enterprise class security solutions that protects APIs from outside attacks?

48% were also looking to implement API security point products.

The remaining 36% either had no plans to implement API security or would do so well into the future.

46%

50%

48%

34%

28%

16%

5% 3%

14% Customer owned managed public

cloud - AWS

SaaS

Customer owned managed – Data center/private cloud

Customer owned managed public cloud - Azure

Customer owned managed public cloud - GCP

Customer owned managed public cloud - Other

Cyber or App Security

Network and Infrastructure

63%

53%

“It would be great if a solution like this can tackle most of these key issues without us getting involved in development.”

- VP in Professional Services

- VP in Consumer Goods

“It will save us a lot of effort and cost.”

- CIO in Software

“SaaS is attractive as it helps me keep headcount and costs low.”

Great to have this capability “baked-in”

“We can’t afford to stay on top of this with internal resources."

- CIO in Healthcare

- VP in Manufacturing

RESPONDENTS COMPANY SIZE

67%

C-SuiteVP

33%

Enterprise Companies

Medium (less than 10,000)

Large (more than 10,000)

26%

74%

LOCATION

North America, EMEA and APAC

Demographics

https://www.pulse.qa/Insights powered by

API

Compliance regulatory violations

Access control and authentication for users and machines

Data leakage or loss of IP

51%

71%

58%

API

100

100100

1101110111011101

41%

34%

63%Public facing web apps

81%Partner/Ecosystem/3rd party integration

Mobile Apps

Internal Apps

Servers Containers Serverless

80% 56% 35%

What environments are their API-based applications based in?

What are APIs deployed on?

65%

13%

49%

AWS

Google

Azure

Serverless architecture

Serverless architecture

Business
Introduction to Serverless PHP - akrabat.com · Serverless Serverless is all about composing software systems from a collection of cloud services. With serverless, you can lean on

Introduction to Serverless PHP - akrabat.com · Serverless Serverless is all about composing software systems from a collection of cloud services. With serverless, you can lean on

Documents
Go Serverless: Secure Cloud via Serverless Design Patterns · Secure Cloud via Serverless Design Patterns Abhinav ... Send the events and file data] Go Serverless: Secure Cloud via

Go Serverless: Secure Cloud via Serverless Design Patterns · Secure Cloud via Serverless Design Patterns Abhinav ... Send the events and file data] Go Serverless: Secure Cloud via

Documents
Serverless Architecture Patterns - Manoj Ganapathi - Serverless Summit

Serverless Architecture Patterns - Manoj Ganapathi - Serverless Summit

Software
Introduction to Serverless PHP - on.notist.cloud · Serverless (e.g. OpenWhisk) Rob Allen ~ @akrabat. Serverless? The first thing to know about serverless computing is that "serverless"

Introduction to Serverless PHP - on.notist.cloud · Serverless (e.g. OpenWhisk) Rob Allen ~ @akrabat. Serverless? The first thing to know about serverless computing is that "serverless"

Documents
Lambda Serverless & Serverless Microservices · Lambda functions API Gateway Typescript Serverless framework Serverless Microservices Some AWS services and Demo session 2 / Confidential

Lambda Serverless & Serverless Microservices · Lambda functions API Gateway Typescript Serverless framework Serverless Microservices Some AWS services and Demo session 2 / Confidential

Documents
An NCC Group Publication SERVERLESS ARCHITECTURE: THE ... · An NCC Group Publication | Serverless Architecture 3 Scalability in Serverless Computing Serverless computing offers the

An NCC Group Publication SERVERLESS ARCHITECTURE: THE ... · An NCC Group Publication | Serverless Architecture 3 Scalability in Serverless Computing Serverless computing offers the

Documents
Serverless Azure

Serverless Azure

Technology
Conquering Serverless - Serverless Computing...Serverless is cheap enough for every developer to have their own application instances Serverless local development and testing is hard

Conquering Serverless - Serverless Computing...Serverless is cheap enough for every developer to have their own application instances Serverless local development and testing is hard

Documents
Investor Presentation - Cequence Energy · 2014-12-22 · Investor Presentation September 2009. The Cequence Team • Former Director, Cyries Energy Inc., ... StarPoint Energy Ltd.,

Investor Presentation - Cequence Energy · 2014-12-22 · Investor Presentation September 2009. The Cequence Team • Former Director, Cyries Energy Inc., ... StarPoint Energy Ltd.,

Documents
Innovation with Serverless€¦ · What is serverless. Sub-second billing. Benefits of serverless. Micro-pricing. Ease of scale. Manage less. Architecting for Serverless “We must

Innovation with Serverless€¦ · What is serverless. Sub-second billing. Benefits of serverless. Micro-pricing. Ease of scale. Manage less. Architecting for Serverless “We must

Documents
Securing Serverless Architectures - AWS Serverless Web Day

Securing Serverless Architectures - AWS Serverless Web Day

Technology
Serverless Application - es2.com.au · Customers who use AWS Serverless: Customers who use Azure Serverless: Click to add text Source: AWS re:Invent 2018: A Serverless Journey: AWS

Serverless Application - es2.com.au · Customers who use AWS Serverless: Customers who use Azure Serverless: Click to add text Source: AWS re:Invent 2018: A Serverless Journey: AWS

Documents
Docker Serverless

Docker Serverless

Technology
Application Repository AWS Serverless · AWS Serverless Application Repository Developer Guide What Is the AWS Serverless Application Repository? The AWS Serverless Application Repository

Application Repository AWS Serverless · AWS Serverless Application Repository Developer Guide What Is the AWS Serverless Application Repository? The AWS Serverless Application Repository

Documents
Serverless On Stage - Serverless URL Shortener

Serverless On Stage - Serverless URL Shortener

Software
Serverless Spring

Serverless Spring

Technology
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar

Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar

Software
An NCC Group Publication SERVERLESS ARCHITECTURE: THE FUTURE OF CODE DEPLOYMENT … · An NCC Group Publication | Serverless Architecture 3 Scalability in Serverless Computing Serverless

An NCC Group Publication SERVERLESS ARCHITECTURE: THE FUTURE OF CODE DEPLOYMENT … · An NCC Group Publication | Serverless Architecture 3 Scalability in Serverless Computing Serverless

Documents
Democratizing Serverless—The Open Source Fn Project - Serverless Summit

Democratizing Serverless—The Open Source Fn Project - Serverless Summit

Software
Serverless Extensibility

Serverless Extensibility

Technology
Serverless Delivery

Serverless Delivery

Software
Going serverless

Going serverless

Technology
Nascent Notions On Serverless Computing€¦ · 2 Serverless Computing 3 Server Based Model vs Serverless Model 4 Why to use Serverless? 5 Leading Serverless providers 6 The Serverless

Nascent Notions On Serverless Computing€¦ · 2 Serverless Computing 3 Server Based Model vs Serverless Model 4 Why to use Serverless? 5 Leading Serverless providers 6 The Serverless

Documents
Serverless IoT at iRobot - QCon San Francisco · 2020-06-05 · Serverless IoT at iRobot Ben Kehoe @ben11kehoe Cloud Robotics Research Scientist. ... Serverless Serverless-ness goes

Serverless IoT at iRobot - QCon San Francisco · 2020-06-05 · Serverless IoT at iRobot Ben Kehoe @ben11kehoe Cloud Robotics Research Scientist. ... Serverless Serverless-ness goes

Documents
Serverless & PHPthe future serverless? is PHP's future serverless? try! learn! share! bref.sh null serverless-php.news @matthieunapoli. Title: Bref - February 2020 Created Date:

Serverless & PHPthe future serverless? is PHP's future serverless? try! learn! share! bref.sh null serverless-php.news @matthieunapoli. Title: Bref - February 2020 Created Date:

Documents
Serverless Frameworks · serverless frameworks based on carefully designed set of criteria spanning the serverless application lifecycle • We view a serverless framework as: a software

Serverless Frameworks · serverless frameworks based on carefully designed set of criteria spanning the serverless application lifecycle • We view a serverless framework as: a software

Documents
Serverless use cases with AWS Lambda - More Serverless Event

Serverless use cases with AWS Lambda - More Serverless Event

Technology
January 2012 - Cequence Energy Ltd

January 2012 - Cequence Energy Ltd

Documents
Using Knative On Your Own Terms Serverless Serverless at

Using Knative On Your Own Terms Serverless Serverless at

Documents