1 minute read
Market forecast for 2023
by d2emerge
Cyberattacks and data breaches don’t pause with an economic slowdown. When prioritizing security investments, security leaders should continue to invest in security controls and solutions that protect the organization’s customer-facing and revenue-generating workloads, as well as any infrastructure critical to health and safety for those organizations in industries such as utilities, energy, and transportation, according to Forrester in its Planning Guide 2023: Security & Risk
“API-first is the de facto modern development approach, and APIs help organizations create new business models and methods of engagement with customers and partners However, security breaches due to unprotected APIs and API endpoints are common and no single type of tool fully addresses API security,” the guide states
API management tools address authentication and authorization issues, while API-specific security tools are used for scanning and discovery Additionally, some security tools extend further to provide runtime protections and microgateways to protect against API attacks Traditional security tools such as WAFs and bot management solutions are also expanding to cover these attacks, the report added
Gartner’s O’Neill said that he is seeing large vendors take steps forward in providing strong API protection and are acquiring some of the smaller specialist vendors that have come along for API protection as well
According to the 2022 State of APIs report, 69% of developers said that they expect to use APIs more in 2023 while 25% said that they expect about the same Only about 6% stated that they expect less or they didn’t know z going to be a problem if those APIs suffer a security breach, if they are unavailable, or if they are just simply changing and creating breaking changes So API discovery is a hard problem because you have to look in multiple places for the APIs ”
There are also some solutions on the market that enable users to tap into application firewalls in the infrastructure at the CDN level to look at the traffic and see what API calls are happening
“That approach can in many ways be too late because those APIs that you ’ re discovering are already in production But still, it’s better than not discovering them at all,” O’Neill said z
