Inconsistencies in API server security may be the cause of future cyber-attacks, even if companies implement their APIs on custom-coded, in-house platforms or via on-demand, commercial offerings.
This is the conclusion of a recent market study carried out among 100 businesses across a variety of industries in North America, Europe, and Asia-Pacific. The representatives of these companies were asked if they used APIs, why they chose to go this route, and how they secured them.
Over half of the respondents (51%) said they deployed their APIs because this allowed external developers to build apps on top of their service, probably the main reason APIs are so popular today.
On the other hand, more companies explain they use APIs to allow partners to interact with their data (67%), to improve employee mobility (62%), and to make their services and apps cloud-compatible (57%).
Procedures and guidelines for addressing API security are needed
Regardless of their reasons, the study reveals that many companies do not know yet how to deal with API platform security concerns. There's a 53-47 percent split between companies who feel API security should be managed by special security teams and those who think that developers (programmers) are the ones who should handle this task.