F5 API Sprawl Rept. Finds Nine In 10 Enterprises Had An API Security Incident In 2020

By   ISBuzz Team
Writer , Information Security Buzz | Nov 05, 2021 11:10 am PST


F5’s new report “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” exposes security threats posed by the global proliferation of APIs. It cites sectors such as retail and financial services, and notes more generally that: “More than nine out of ten of enterprises experienced an API security incident in 2020. Every API thus becomes a point on the security perimeter that can be potentially compromised if not properly architected or protected.”

“The number of APIs by 2030 will be in the 100s of millions, making it a significant scalability, manageability, and security challenge for our customers and the industry. It does not matter what parameters of the model we tweak; API sprawl will be a global problem. Discovery, networking, integration, and security are set to become significant challenges for the entire Dev and Ops ecosystem.” “APIs are prone to fraud and malicious behavior. External APIs must be validated continuously for trust, and internal API keys can be compromised, giving attackers access to critical infrastructure. If data is the new oil, then APIs could unfortunately become the new plastic, with byproducts wreaking havoc on the ecosystem.”

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
George McGregor
George McGregor , VP of Marketing
November 5, 2021 7:12 pm

<p>The report does discuss the issue of \"secrets sprawl\", highlighting how secrets such as API keys are often exposed when spread across a distributed infrastructure. It only takes one such key to allow an attacker to access illicitly an application service through an API and gain access to critical infrastructure. However, the report does not fully explore how the exploitation of such stolen secrets can actually be blocked in real-time. Such solutions do exist and should be evaluated by anyone who wants to take API security seriously.</p>

Last edited 2 years ago by George McGregor

Recent Posts

Would love your thoughts, please comment.x