A recent survey says that organizations forsake security concerns in the development of applications and APIs.
According to a new survey, organizations are failing to adequately make use of cybersecurity skills in application development. Radware, a leading provider of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers, published the report, entitled “State of Web Application and API Protection”.
Tip: Software testing: nobody questions the need, but it’s not done enough
Surveying decision makers and influencers
On behalf of Radware, Osterman Research surveyed 205 decision-makers and
influencers in organizations that have a minimum of 1,000 employees during November 2020. The median number of employees at the organizations surveyed was 2,200.
Of the 205 surveys, Osterman conducted 70 in North America (US and Canada). They also conducted 67 in Europe (Germany, France and the United Kingdom). Surveyors performed 68 interviews in other countries (China, India, Brazil, Australia, Chile and New Zealand).
Michael Osterman of Osterman Research warned that threat levels are higher than previously known. “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs,” he said.
Security is getting short shrift for both apps and APIs
The survey showed that for 92% of organizations, security staff have no say regarding the architecture of their applications. Instead the security professionals must secure the apps after design and development.
Radware’s report shows that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over 50% of their applications have exposure to the internet or third-party services via APIs.
The report describes a perfect storm of high data flows with lack of transparency. “The combination of large volumes of sensitive and confidential information that is processed by APIs — coupled with the lack of visibility into how these APIs and third-party applications operate — creates a dangerous situation for most companies in the context of how easily their data can be breached,” the report warns.