The results of a new survey released today by CA Technologies suggest that the API economy has finally become mainstream. The survey of 1,425 IT professionals and line-of-business executives, conducted by the market research firm Vanson Bourne, finds that 79% of respondents are exposing data via APIs to accelerate mobile and Web application delivery, improve customer engagements, and create new revenue channels and opportunities.
Among that 79%, almost half (49%) have exposed APIs to suppliers. Another 47% have exposed APIs to customers, while 37% have exposed them to business partners. The survey also finds that one of the primary concerns organizations have about their APIs is security. More than half (56%) said protecting their data from a security breach is a top priority, with 20% citing the need to secure APIs.
Michelle Waugh, vice president of security solutions at CA Technologies, says those security concerns are starting to impact everything from the programming language developers opt to use to the management platform used to manage those APIs.
Specifically, the survey finds that 23% of organizations that have invested in security report seeing improved customer satisfaction and trust, while 21% report more customers are using their service.
Waugh says that developers need to consider security concerns at the time their APIs are developed, rather than after the fact. Specifically, developers need to strike a delicate balance between customer experience and security, she says.
At the same time, Waugh says developers need to appreciate how security technologies will make the business as a whole more comfortable with applications that share data outside the organization. As a result, developers should not only collaborate more with security teams, the two groups should work together to identify strategic business ecosystems that require secure APIs, says Waugh.
Waugh adds that mobile computing applications in particular are forcing the API security issue, especially when it comes to being aware of what the threat landscape looks like in terms of security vulnerabilities that are regularly exploited by hackers. Security measures implemented at the API gateway, she says, can also prevent unauthorized access to APIs, monitor data usage, implement velocity controls and block hack attempts.
Historically, many developers have tended to view security as someone else’s responsibility in the IT organization. But as the business increasingly realizes that participating in the API economy is the key to become a digital business, having security controls baked in to the code is quickly becoming a prerequisite for getting an application into production.