热门搜索：

2022年API安全性研究报告

信息技术2022-11-28-Google看***

AI智能总结

This report examines the landscape of API security threats and their impact on the pace of innovation. It finds that the increasing adoption of digital experiences has led to a rise in the use of Application Programming Interfaces (APIs), which represent a significant area of vulnerability for organizations worldwide. The report also highlights the importance of having an active API security posture and the need for consolidation, end-to-end monitoring, and oversight in this space. The research was conducted by Google Cloud between May and June 2022 among technology leaders from companies in the United States with at least 1,500 employees who have a significant influence or decision-making authority on purchases of technology solutions related to API initiatives within their organization.

GoogleCloud APISecurity:Latest Insights&KeyTrends 2022ResearchReport HowAPIsecurityisimpactingthepaceofinnovationatenterprisesand whatITleadersaredoingtomitigaterisks TableofContents ExecutiveSummary3 Threatsabound4 Affectingthepaceofinnovation ActiveAPIsecuritypostureisnecessary CurrentAssessment ConfidentinthefaceofthreatsIsthisconfidencemisplaced? CompaniesprioritizebeingproactivewithAPIsecurity8 Opportunities9 Consolidation,end-to-endmonitoring,oversightneeded6 Moretrainingandcertificationinthisspaceisneeded9 MostagreetheirstrategyneedsimprovementoL APIsecuritystrategynotalwaysatoppriority11 TheimpactofAPlmanagementandAPlgatewaysolutions11 APIsecurityisakeyelement ofalargerAPIstrategy12 2022GoogleLLC.AIrightsreservedN ExecutiveSummary Withtheincreasingadoptionofdigitalexperiences,theuseofApplicationProgrammingInterfaces,orAPlsisontherise.Assuch,APlsrepresentasignificantareaofvulnerabilityfororganizationsworldwide ThefollowingreportexaminesthelandscapeofAPIsecuritythreatsandtheirimpactonthepaceofinnovation.ItdelvesintotheworldviewofthetechnologyleadersasitpertainstoAPIsecurityposture andstrategy,andoffersaperspectiveonopportunitiestoimproveAPIsecurityhealth. ThisreportisbasedonresearchconductedbyGoogleCloudbetweenMayandJune2022among technologyleadersfromcompaniesintheUnitedStateswithatleast1,500employeeswhohaveasignificantinfluenceordecision-makingauthorityonpurchasesoftechnologysolutionsrelatedtoAPlinitiativeswithintheirorganization "WhyAPISecuritylsaKeyElementofaLargerAPIStrategyexplainsthatAPIsecuritypostureisa growingconcernforITexecutivesduetotheprevalenceofthreats,butthatmostorganizationsneedtoimprovetheirAPIsecuritystrategy.Thereisaneedforproactivesecuritycapabilitiesandmeasuresas wellasend-to-endAPIsecuritysolutionssuchasApigee,afullifecycleAPImanagementplatform TheThreatLandscape Threatsabound CompaniesworldwiderelyonApplicationProgrammingInterfaces,orAPls,tofacilitatedigitalexperiencesandunleash Morethanthreeoutof thepotentialenergyoftheirowndataandprocesses.APlsareafiveC-SuiteITDMs criticallinkinblendingproprietarydatawithassetsfromthird parties.Theyalsoserveacriticalroleintheracetomodernize applications,fuelinginteroperabilityand,inturn,efficient reportexperiencingan APIsecurityincident functionality.inthepast12months. ButtheproliferationandimportanceofAPlscomeswitharisk. AsagatewaytoawealthofinformationandsystemsAPlshavebecomeafavoritetargetforhackers. "Therateatwhich APlsaredeveloped Ourresearchconfirmsthewidespreadimpactofthesethreats. todayexceedstherate HalfofthemreportexperiencinganAPIsecurityincidentintheatwhichour past12months.Thatpercentageishigherorlowerdependingorganizationcan onwhoyouask.62%ofC-Suiteexecutivessurveyedindicatedthatthey'vehadasecurityincidentinthepast12monthswhile ensurethesecurityof only37%ofthosewhoareacouplelevelsremovedfromthe eachoftheseAPls." C-Suitesaidthesame. ThiscouldpointtowardthelimitedpurviewoffunctionalIT teams,oritcouldbeanindicationofhowsalienttheissueisfor -ITSupervisor/Manager, ComputerHardware/ Software/Services thosewithgreaterresponsibility.Orboth. APISecurityIncidents 50%62% oforganizationshaveofITDMsintheC-Suite experiencedanAPI securityincidentinthe reporthavingAPIi securityincidentinthe past12monthspast12months Tocompoundtheissue,threatssurfacefromamyriadofAPIsecurityareaswithIT leaderseachidentifyingmorethanthreeareasonaverage.Whilenosingleareastands outasaglaringvulnerability,thethreemostcommonsourcesofpotentialthreatsaresecuritymisconfigurations,outdatedAPls/data/components,andbots/spam/abuse. Misconfigurations,asacategory,arethemostidentifiedthreatareawith2of5ITleaders selectingeithersecuritymisconfigurationormisconfiguredAPIs. SourcesofAPISecurityThreats MisconfiguredAPIs,Security(NET) 40% OutdatedAPls,Data,Components(NET)35% Spam,Abuse,Bots(NET)34% Affectingthepaceofinnovation Thesethreatsandincidentshavereal-worldimplications.APIsecurityisslowingthepace therolloutofanewserviceorapplicationduetoAPIsecurityconcerns.Forthosewho haveexperiencedanincidentinthepast12months,morethanthreequarters(77%)havedelayedtherolloutofanewserviceorapplication. DelayedtheRolloutofaNewServiceorApplicationDuetoAPISecurityConcerns 53%77% oforganizationsdelayedoforganizationsthat therolloutofanewexperiencedanAPI serviceorapplicationduetoAPIsecurity securityincidentdelayed arollout e2022GoogleLLC.AIrightsreservedn ActiveAPlsecuritypostureisnecessary Withsecurityvulnerabilitiesbeingintroducedfromavarietyof sourcesthroughoutdevelopment,itwillcomeasnosurprisethat C-Suiterespondents securityissuesareidentifiedateveryphaseoftheAPIlifecycleweremorelikelythan fromdesigntotestingtodeploymentandbeyond.Naturally.securityissuesaremostcommonlydiscoveredduringtesting performedaspartofthereleasemanagementprocess(67%), ITleaderswhoreport uptoexecutivesto butasubstantialnumberofvulnerabilitiesareidentifiedaspartsayvulnerabilitiesare oftheprocesstodeploytoproduction(64%).Thisindicatedan caughtduringthe areaofriskforvulnerabilitiestobedeployedtoproductionasaconsiderablepercent

点击免费查看完整报告