Key Criteria for Evaluating API Security Solutionsv1.0

An Evaluation Guide for Technology Decision Makers

Table of Contents

  1. Summary
  2. API Security Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take

1. Summary

Application programming interfaces (APIs) have been a growing attack surface—and a commensurately growing problem—for more than a decade. There have been some spectacular intrusions based on API security issues. The API security market attempts to address those issues so that attackers are less successful.

In our view, in most organizations, public-facing APIs have become a larger attack surface than regular interactive web pages, and this is an ever-increasing trend. Given the large and growing number of APIs that attackers can target to gain access to sensitive data and systems, protecting them is increasingly an imperative. With applications spanning multiple cloud vendors and the data center, perhaps even including a hosting provider, the number of publicly accessible APIs is growing exponentially. Add to that the growth of microservices architecture, and it’s clear there’s a big risk that must be managed. API security products are among the primary methods of limiting that risk.

This market is aimed specifically at protecting APIs, not at protecting applications. For organizations that are just starting to get their security infrastructure up and running—who do not have a web application firewall (WAF) or data loss prevention (DLP) strategy—our Application and API Protection Key Criteria report might be worth a read. For those who are comfortable with the level of protection their WAF provides, this report covers the piece of API-specific functionality that WAF is missing.

The GigaOm Key Criteria and Radar reports provide an overview of the API security market, identify capabilities (table stakes, key criteria, and emerging technology) and evaluation metrics for selecting an API security solution, and detail vendors and products that excel. These reports will give prospective buyers an overview of the top vendors in this sector and will help decision makers evaluate solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.