API Security: What You Need to Do to Protect Your APIs
Analyst Report by Gartner
Gartner says businesses “must execute an effective API security strategy to protect their APIs”
"In a March 2021 research report, Gartner emphasizes that “despite growing awareness of API security, breaches continue to occur. API management and web application firewall vendors, as well as new startups, are addressing the problem. But application leaders independently must design and execute an effective API security strategy to protect their APIs.” Establishing an API framework has become even more critical for teams to secure their microservices, along with continuous monitoring so that alerts are provided for teams whenever there is a change. This ensures that security standards are being met on an on-going basis, not just when audits occur.
Gartner identifies key challenges:
- "Attacks and data breaches involving poorly secured application programming interfaces (APIs) are occurring frequently."
- "Protecting web APIs with general purpose application security solutions alone continues to be ineffective. Each new API represents an additional and potentially unique attack vector into your systems."
- "API threat protection technologies are making progress, but aren’t fully mature yet. They lack in areas, including automated discovery and API classification."
- "Modern application architecture trends — including mobile access, microservice design patterns and hybrid on-premises/cloud usage — complicate API security since there is rarely a single “gateway” point at which protection can be enforced."