The API economy is on a growth trajectory in India with increased digitalization. As more Indian consumers began to work from home last year, they started expecting richer digital experiences. In response, Indian companies offering digital services or digital content sped up their digital transformation efforts in the past year. As applications were increasingly deployed on multiple clouds, organizations began moving towards an API-driven economy; APIs (Application Programming Interfaces) interconnect all the applications residing in different clouds. And API orchestration between apps on different clouds makes the digital experience seamless for consumers. Large applications are also broken up into loosely coupled microservices, which are interconnected by APIs. However, the F5 annual survey titled the 2021 State of Application Strategy report reveals gaps in API security, especially in India.
By Brian Pereira, Editor-in-Chief, CISO MAG
“By 2023, the number of applications that will be born in the cloud (and data centers) will reach 3.7 billion. In 2018, it was 702 million,” said Keiichiro Nozaki, Senior Marketing Evangelist, APCJ at F5.
API surge in India due to application modernization
India leads globally as well as regionally, in terms of application modernization.
Per the survey, 82% of Indian respondents said they are adding a layer of APIs to enable modern user interfaces and/or participate in ecosystems, but not refactoring (modifying the application code itself). So, the API deployment is in “full bloom” in India.
The other options presented to the respondents were:
- Moving to the public cloud (lift and shift), but not modernizing.
- Refactoring – modifying the application code itself.
- Adding modern application components to enable modern user interfaces and/or participate in ecosystems but not refactoring.
Gaps in API security
In the context of Open API, the APIs are publicly accessible on public clouds. So, in this scenario, API security becomes crucial. However, there are gaps in API security.
93% of Indian respondents said they deployed an API gateway. However, only 74% said they deployed API security solutions. Globally, the gap is smaller: 68% of global respondents deployed API gateways and 59% had API security.
“People are aggressively moving to the API architectures that deploy API and do the control and traffic management through API calls. While they may not be prioritizing the idea of how to protect, how to secure those APIs as much as the global average respondents. It is truly great that people are aggressive moving to the API economy in India. However, it is important to ensure that your architecture and the deployment model cover the security portion of this API,” said Nozaki.
However, some believe that the gap for India is much larger than what is shown in the report.
“While the gap here is, you know 74 to 93, in my personal view the gap is much higher because security comes as a strap on, not as a DNA, to most of the Indian organizations,” said Dhananjay Ganjoo, Managing Director, India & SAARC at F5. “And a lot of them spend the money to develop the APP and then (they say) oops! let’s try to figure out how to secure the stack. And that’s what we’re facing in the market in India today. API security is no different — it’s an afterthought.”
To close the gaps in API security, organizations need to move to a DevSecOps culture, which is commonly known as “shift left” in the development cycle. API developers need to think about security at the beginning of the development cycle. Security lapses could lead to leakage of application data, and exfiltration of customer PII could mar the reputation of companies that deliver digital services. So, API security becomes a crucial consideration in an API economy and for Digital India.
About the Author
Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 26 years.
EC-Council’s CISO MAG brings to you a webinar on “The Current State of Application Security.” Register Now!