版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
HowAPIsecurityisimpactingthepaceofinnovationatenterprisesandwhatITleadersaredoingtomitigaterisksGoogleLLCAllrightsreserved2ExecutiveSummary3Threatsabound4Affectingthepaceofinnovation5ActiveAPIsecuritypostureisnecessary6CurrentAssessment7Confidentinthefaceofthreats7Isthisconfidencemisplaced?8CompaniesprioritizebeingproactivewithAPIsecurity8Opportunities9Consolidation,end-to-endmonitoring,oversightneeded9Moretrainingandcertificationinthisspaceisneeded9Mostagreetheirstrategyneedsimprovement10APIsecuritystrategynotalwaysatoppriority11TheimpactofAPImanagementandAPIgatewaysolutions11APIsecurityisakeyelementofalargerAPIstrategy12GoogleLLCAllrightsreserved3Withtheincreasingadoptionofdigitalexperiences,theuseofApplicationProgrammingInterfaces,orsisontheriseAssuchAPIsrepresentasignicantareaofvulnerabilityfororganizationsworldwideThefollowingreportexaminesthelandscapeofAPIsecuritythreatsandtheirimpactonthepaceofinnovation.ItdelvesintotheworldviewofthetechnologyleadersasitpertainstoAPIsecuritypostureandstrategy,andoffersaperspectiveonopportunitiestoimproveAPIsecurityhealth.andJuneamongrsfromcompaniesintheUnitedStateswithatleastemployeeswhohaveasignificantinfluenceordecision-makingauthorityonpurchasesoftechnologysolutionsrelatedtoAPIinitiativeswithintheirorganization.growingconcernforITexecutivesduetotheprevalenceofthreats,butthatmostorganizationsneedtosaneedforproactivesecuritycapabilitiesandmeasuresaswellasendtoendAPIsecuritysolutionssuchasApigeeafulllifecycleAPImanagementplatform.CompaniesworldwiderelyonApplicationProgrammingofacilitatedigitalexperiencesandunleashnergyoftheirowndataandprocessesAPIsareacriticallinkinblendingproprietarydatawithassetsfromthirdlroleintheracetomodernizeapplications,fuelinginteroperabilityand,inturn,efficientfunctionality.ButtheproliferationandimportanceofAPIscomeswitharisk.AsagatewaytoawealthofinformationandsystemsAPIshavebecomeafavoritetargetforhackers.Ourresearchconfirmsthewidespreadimpactofthesethreats.HalfofthemreportexperiencinganAPIsecurityincidentinthepercentageishigherorlowerdependingcatedthatthey’vehadasecurityincidentinthepast12monthswhileomtheThiscouldpointtowardthelimitedpurviewoffunctionalITteams,oritcouldbeanindicationofhowsalienttheissueisforthosewithgreaterresponsibility.Orboth.GoogleLLCAllrightsreserved4GoogleLLCAllrightsreserved5TocompoundtheissuethreatssurfacefromamyriadofAPIsecurityareaswithIToutasaglaringvulnerability,thethreemostcommonsourcesofpotentialthreatsaresecuritymisconfigurations,outdatedAPIs/data/components,andbots/spam/abuse.categoryarethemostidentiedthreatareawithofITleadersngeithersecuritymiscongurationormisconguredAPIsAffectingthepaceofinnovationThesethreatsandincidentshaverealworldimplications.APIsecurityisslowingthepaceofinnovationformanyorganizationsMorethanhalf(53%)oforganizationshavedelayedtherolloutofanewserviceorapplicationduetoAPIsecurityconcerns.Forthosewhodelayedtherolloutofanewserviceorapplication.GoogleLLCAllrightsreserved6postureisnecessaryWithsecurityvulnerabilitiesbeingintroducedfromavarietyofsourcesthroughoutdevelopment,itwillcomeasnosurprisethatidentiedateveryphaseoftheAPIlifecyclefromdesigntotestingtodeploymentandbeyond.Naturally,securityissuesaremostcommonlydiscoveredduringtestingpartofthereleasemanagementprocessbutasubstantialnumberofvulnerabilitiesareidentifiedaspartoftheprocesstodeploytoproductionThisindicatedanareaofriskforvulnerabilitiestobedeployedtoproductionasaconsiderablepercentofpossiblesecurityissuesareidentifiedinthelaterstagesofAPIlifecycle.ndvulnerabilitiesareidentiedwithrealtimeionbythreeoutofveITleadersemphasizingthattheneedforanactivesecuritypostureisanecessityinthisenvironment.ConfidentinthefaceofthreatssAPIthreatlandscapemostorganizationsthreequartersofetherequiredtoolsandsolutionsandyneedtechnologyleaderswouldedAPIsecuritycenterofexcellenceandtheirsecuritytoolsandsolutionsareointedinanywayCertaingroupsaremoreconfidentoftheirsecurityposturethanGoogleLLCAllrightsreserved7GoogleLLCAllrightsreserved8Isthisconfidencemisplaced?dappearthatthereisagapbetweentheexistenceofsecurityincidentsandconfidencethatthetoolsaredoingthejob.CoulditbethatorganizationsareignoringtheinthelastyearaswellastheOrisitsimplythatsecurityincidentsareacceptedasacostofdoingbusinessinthedigitalspace?reinthemiddleSomemaybeunderestimatingthreatsandtheextenttowhichtheyimpacttheirorganization,whilealsobeingrealisticthatAPIsecurityisconstantlyevolving,andthreatsareapartoflife.CompaniesprioritizebeingproactivewithAPIsecurityTostayaheadofsecuritythreats,manyorganizationslookforsolutionsthatallowthemtobeproactivewhileminimizingtheburdenontheirsecurityteams.Accordingtoourresearchcapabilitiesthatproactivelyidentifysecuritythreats(60%)andimproveistsforthenextyearHowevermostarenotreadyorwillingtoprioritizetakingtheleaptowardincorporatingArtificialntelligenceandMachineLearningintotheirAPIsecurityyetelentlessthreatlandscapeandalitanyofvulnerabilitiestoaccountforacrosseverystageoftheAPIlifecycle?Asidefromfactorsthatareneartablestakes,likeeasyintegrationwithexistingtoolsandsupportforthelatesttechnologies,consolidationandend-to-endsolutionsaresomeofthemostimportantfactorstolookforwhenevaluatingAPIsecuritysolutions.ThisismorefocusedoneasyintegrationwithexistingAPItools,mendationsmorethanCwhileCvaluessolutionsthatarebuiltforcloudnativeeoveraconsiderablyhigherpercentageofCpreferconsolidatedAPIsecuritysolutionsoverpointsolutions.MoretrainingandcertificationinthisspaceisneededAsidefromtechnologicalsolutions,manylooktotrainingandproceduralimprovementsasameansofcombatingthreats.TopprioritiesforAPIsecurityincludeestablishinganAPIsecuritylearningandcertificationstandard(38%),improvingtheirdocumentationtoincorporatesecuritybestpractices(38%),andmodifyingexistingprocessestocatchAPIpleaseapproachtoimprovingtheirAPIsecuritywithnosingleinitiativestandingoutaboveothers.GoogleLLCAllrightsreserved9GoogleLLCAllrightsreserved10irstrategyneedsimprovementgtoourresearchmostorganizationsdonthaveacompleteAPIsecurityrategyinplaceAmajoritywouldsaythattheirstrategyneedsimprovementattheveryleast.ctbetweentheperceptionsofIThatnumberincreasestoGoogleLLCAllrightsreserved11strategynotalwaysatoppriorityyorganizationssimplylacktheresourcesandorganizationsoftenfeelasthoughAPIsecurityisn’tprioritized.Thiscanleadtosomeanimositywithintheranksofthesecurityteam.litteredacrosstheirorganizationwithresponsibilitiesoftendividedamongteams.Infact,APIsecurityresponsibilitiesequentlyvaryfromcompanytocompanydependingonneedsindustryandcompanystructurePIgatewaysolutionsavezationwideAPImanagementAPIGatewaysolutionimplemented.ThoseorganizationsarelesslikelytofeelthattheirsecurityzedAPIsecurit
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 申请学习宫腔镜和腹腔镜的申请书
- 2024年四川省消防操作员《中级技能-监控方向》科目真题冲刺卷3月份B卷
- 2024年天津市消防设施操作员《基础知识》科目真题冲刺卷下半年A卷
- 2024年新疆消防操作员《中级技能-监控方向》科目真题冲刺卷3月份B卷
- 黑龙江省鹤岗市2024届毕业升学考试模拟卷数学卷含解析
- 黑龙江省安达市一中学2023-2024学年中考数学仿真试卷含解析
- 口语交际:面对挫折教学设计 鄂教版
- Unit 2 Sports and Fitness Lesson 3 Running and Fitness 教学设计-2023-2024学年高中英语北师大版(2019)必修第一册
- 江西省属事业单位笔试真题
- 小升初入学知识衔接学案课时12023-2024学年七年级上册英语高效课堂教学设计(牛津深圳版)
- 航空发动机出租行业深度调研及发展策略研究报告
- 2024-2030年中国造船市场融资规模分析与发展形势展望研究报告
- 新概念第一册笔记(短语和句型)
- 中央空调改造投标方案(技术方案)
- 广东省佛山市2024年九年级上学期开学物理试卷附答案
- 2024年全国军队文职人员招聘之军队文职公共科目考试经典测试题附答案
- 2024(新高考2卷)英语试题详解解析 课件
- 兽医服务合同范本
- 2005版劳动合同范本
- 医院食堂菜谱
- 从电影《我不是药神》看法律与道德的冲突与协调
评论
0/150
提交评论