Cloudentity “2021 State of API Security, Privacy and Governance” Shows API Security Issues

Cloudentity’s latest study “2021 State of API Security, Privacy and Governance” shows 44% of enterprises experience API security issues, including substantial API authorization issues concerning privacy, data leakage and object property exposure with one or both of internal and external-facing APIs. Additionally, 97% of respondents reported that identity and authorization issues with APIs have had a direct impact on their organization in the form of delays to new applications or service enhancements. The report also reveals the top contributors of API identity ad authorization risks are lack of data lineage, difficulty diagnosing issues, component-driven development complexity and inconsistent security policy management.

Yariv Shivek, VP of Product, Neosec had this to say:

     “Authorization issues continue to be the most prevalent problem in API security (see also OWASP API Top 10), but certainly not the only one. It is a testament to the unique challenges posed by API security, that even the organizations surveyed (all big established enterprises with 10,000 or more employees) struggle with authentication and authorization issues, as well as other API security risks.”

     “The imperative of blending “shift left” with “secure right” can be seen in the mix of issues raised. When it comes to “secure right,” almost half the respondents (47%) rely on log analysis to identify API identity and authorization issues in their organizations, a process I believe is best automated with big-data ML-driven behavioral analytics.”

Yariv mentioned the OWASP API Top 10. You can have a look at it here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: