GigaOm Key Criteria for Evaluating API Security Solutionsv3.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Executive Summary
  2. API Security Sector Brief
  3. Decision Criteria Analysis
  4. Analyst’s Outlook

1. Executive Summary

Application programming interfaces (APIs) are now central to modern software development, but as their use has skyrocketed, intrusions that successfully exploit API security issues have grown in equal measure. Given the large and growing number of APIs that attackers can target to gain access to sensitive data and systems, protecting these essential resources is increasingly imperative.

In most organizations, public-facing APIs have become a larger attack surface than regular interactive web pages, and with applications spanning multiple cloud vendors and the data center, perhaps even including a hosting provider, the number of publicly accessible APIs is growing exponentially. Add to that the growth of microservices architecture, and it’s clear there’s a big risk that must be managed. API security solutions are among the primary methods of limiting that risk.

While not entirely new, this space is only recently coming to market prominence as organizations begin to realize how many APIs they rely on that may or may not be protected by existing infrastructure. In fact, many organizations don’t know how many APIs they have running, let alone whether or in what ways those APIs are protected.

This realization and new interest has led to an increase in vendors offering a variety of solutions that prospective customers should consider to increase their API security posture.

This technology space is aimed specifically at protecting APIs, not at protecting applications. For organizations that are just starting to get their security infrastructure up and running—who do not have a web application firewall (WAF) or data loss prevention (DLP) strategy—our 2023 application and API security Key Criteria report will be worth a read. For those who are comfortable with the level of protection their WAF provides, this report covers the API-specific functionality that WAF is missing.

Business Imperative
From a business perspective, ensuring robust API security is critical for several reasons:

  • Protecting sensitive data: APIs often handle sensitive information such as customer data, financial details, and proprietary information. Ensuring these APIs are secure helps to protect this data from breaches and leaks, which can have severe financial and reputational consequences.
  • Maintaining trust: Customers and partners expect their data to be handled securely. A breach can erode this trust and damage the brand’s reputation, leading to loss of customers and potential partners.
  • Regulatory compliance: Many industries are subject to strict regulations regarding data protection and privacy (such as GDPR and CCPA). Secure APIs help ensure compliance with these regulations, avoiding hefty fines and legal issues.
  • Operational continuity: A security breach can disrupt operations, leading to downtime and loss of productivity.
  • Competitive advantage: In today’s competitive environments, having strong security measures can be a differentiator.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of an API security solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of an API security solution, we provide an overall Sector Adoption Score (Figure 1) of 4.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that an API security solution is an important priority for businesses to consider when planning and implementing their overall cybersecurity strategy.

The factors contributing to the Sector Adoption Score for API security are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating API Security Solutions

Sector Adoption Score

1.0

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for API Security

This is the third year that GigaOm has reported on the API security space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective API security solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading API security offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.