"In a March 2021 research report, Gartner emphasizes that “despite growing awareness of API security, breaches continue to occur. API management and web application firewall vendors, as well as new startups, are addressing the problem. But application leaders independently must design and execute an effective API security strategy to protect their APIs.” Establishing an API framework has become even more critical for teams to secure their microservices, along with continuous monitoring so that alerts are provided for teams whenever there is a change. This ensures that security standards are being met on an on-going basis, not just when audits occur.
Gartner identifies key challenges:
"Attacks and data breaches involving poorly secured application programming interfaces (APIs) are occurring frequently."
"Protecting web APIs with general purpose application security solutions alone continues to be ineffective. Each new API represents an additional and potentially unique attack vector into your systems."
"API threat protection technologies are making progress, but aren’t fully mature yet. They lack in areas, including automated discovery and API classification."
"Modern application architecture trends — including mobile access, microservice design patterns and hybrid on-premises/cloud usage — complicate API security since there is rarely a single “gateway” point at which protection can be enforced."
* Gartner, API Security: What You Need to Do to Protect Your APIs, 2021, Mark O'Neill, Dionisio Zumerle, Jeremy D'Hoinne, Refreshed 01 March 2021, Published 28 August 2019
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.