A new study by Ovum and Distil Networks released today shows that a third of all APIs are designed and implemented without any input from an enterprise’s security team. This can continue through to ongoing management of an API, where there is often disagreement internally over whether security aspects should be managed in an ongoing manner by the API design team, or by the wider IT security department.
The study, “API Security: A Disjointed Affair”, interviewed 100 companies across a range of industries in North America, Europe and the Asia-Pacific regions. Over 40% of those responding to the survey are managing more than 25 APIs, with 20% saying they have published and are managing more than 50. Many of these are reported to be open APIs, intended to foster an external developer ecosystem or as a key tool in enabling partner connectivity.
Most (87%) of those interviewed for the survey did have an API management system in place, although perhaps surprisingly, 63% had opted for an in-house solution rather than relying on one the industry’s API management service providers.