MacStadium announced the General Availability of Orka Desktop 3.0, a powerful, user-friendly tool that allows developers, testers, and macOS admins to create, test, and manage macOS virtual machines (VMs) on local Apple silicon-based computers.
Reflecting on The State of API Security: Alarming Takeaways and Trends From RSA 2024
September 05, 2024
Another RSA Conference has come and gone, but not without imparting the wisdom of its attendees who took part in Traceable AI's second annual survey of over 125 cybersecurity professionals.
The results from this year's survey portrayed a clear message: organizations are struggling to keep up with the continuously evolving challenges of API security.
APIs have long been the cornerstone upon which modern applications are built, enabling the seamless flow of data and functionality across systems. APIs are everywhere, they have evolved into a bridge that integrates a variety of services, platforms and devices, enabling businesses to innovate at a rate never seen before. From mobile apps and web services to IoT devices and microservices architectures, APIs are what is powering the digital experiences that we have come to rely on.
However, as the number of APIs has surged and their complexity has increased, so too have the associated risks. The potential for breaches has grown exponentially, with each API presenting a possible vulnerability for cyber threats. APIs, by their very design, are intended to share data and functionality with external users, which unfortunately also makes them appealing targets for cybercriminals seeking to uncover and exploit security flaws to gain unauthorized access.
The results from the survey portrays the challenges that organizations face in securing their API ecosystems. Although APIs are pivotal in driving digital transformation, many organizations find it challenging to adapt to the rapid pace of technological evolution and the changing landscape of cyber threats. This challenge is intensified by insufficient visibility into API inventories, uneven application of security measures and a scarcity of specialized expertise and resources.
Key insights from the survey include:
Need for greater awareness and adoption of API security solutions
38% of organizations have an API security solution in place, while 42% do not, and 20% are unsure.
Growing recognition of importance of API security
55% of respondents reported paying more attention to how APIs factor into their cybersecurity strategy over the past year.
Need for better visibility and control over API Sprawl
43% of organizations do not struggle with API sprawl, while 33% are unsure if they are managing it effectively, and 24% acknowledge they are struggling.
Need for clarity of ownership regarding API security within organizations
CISOs and security teams (44%) are increasingly taking ownership of API security, followed by Dev/DevOps teams (19%).Even more alarming is that 24% of respondents did not know who owns API security in their organization.
Organizations need dedicated resources for API security efforts
50% of organizations do not have a dedicated team or team member for API security, while 32% do, and 18% are unsure.
Need for robust detection and response capabilities to identify and mitigate API Attacks
14% of organizations experienced an API attack in the last 12 months, while 61% did not, and 25% were unsure.
Need for improvement in leveraging advanced techniques to enhance API security posture
Among organizations that experienced an API attack, 41% were unsure if they baseline API behavior to detect anomalies, while another 41% confirmed they do not.
Security budgets have notably stayed the same
46% of organizations reported that their security budget stayed the same within the last 12 months, while 43% saw an increase, and 11% experienced a decrease.
Navigating the Path Forward
The results from the survey brings the current state of API security and the challenges organizations are facing with securing their API ecosystems into the spotlight.
These findings highlight the imperative need for organizations to treat API security as a fundamental component of their comprehensive cybersecurity strategy. As the pace of digital transformation quickens and APIs become more integral to business processes, organizations must stay alert to the constantly evolving threats.
Moving forward organizations need to understand the importance of visibility, collaboration and proactive measures when it comes to mitigating API security risks. By cultivating a culture of collective accountability for API security, allocating the necessary tools and expertise and keeping up to date with the latest developments/best practices within the API security sector, companies can establish more robust and secure API environments.
It is clear that API security will remain a top priority for organizations of all sizes and across all industries. Moving forward, the path will meet challenges, but by leaning into the lessons and perspectives of industry experts, companies can enhance their readiness to handle the complex landscape of API security in the years to come.
Industry News
September 18, 2024
September 18, 2024
Komodor announced Klaudia, a Generative AI (GenAI) agent for troubleshooting and remediating operational issues, as well as optimizing Kubernetes environments.
September 18, 2024
Inflectra announced the launch of Rapise v8, a test automation solution that uses the power of Generative AI to deliver true autonomous testing.
September 17, 2024
Check Point® Software Technologies Ltd. has been recognized as one of theWorld’s Best Companies of 2024 by TIME and Statista.
Check Point made its debut on the list due to its strong employee satisfaction, revenue growth, and ESG efforts.
September 17, 2024
Oracle announced the availability of Java 23, the latest version of the programming language and development platform.
September 17, 2024
JFrog announced a new product integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
September 17, 2024
Tigera announced several new features for Calico Cloud and Calico Enterprise to improve the efficiency of remediating vulnerabilities in container images, and ensure compatibility with the latest deployment options for OpenShift.
September 17, 2024
Gearset announced the acquisition of Clayton, a code analysis platform designed specifically for Salesforce.
September 16, 2024
Docker is introducing a new way for developers and organizations to access its suite of products – including Docker Desktop, Docker Hub, Docker Trusted Content, Docker Scout, Docker Build Cloud, and Testcontainers Cloud.
September 16, 2024
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the OpenSearch Software Foundation, a community-driven initiative that will support OpenSearch and its search software, which is used by developers around the world to build search, analytics, observability, and vector database applications.
September 16, 2024
Copado announced the Copado AI platform encompassing a suite of AI-powered DevOps agents.
September 16, 2024
Kong announced the release of Kong Gateway 3.8, a major update that sets a new standard for API management.
September 16, 2024
Perforce Software announced that its mobile application testing platform, Perfecto, will support Apple's latest iOS version, iOS 18, on Monday, September 16, 2024.
September 12, 2024
Check Point® Software Technologies Ltd. has been recognized as a Leader in the latest GigaOm Radar Report for Security Policy as Code.
September 12, 2024
JFrog announced the addition of JFrog Runtime to its suite of security capabilities, empowering enterprises to seamlessly integrate security into every step of the development process, from writing source code to deploying binaries into production.
