The rapid proliferation of APIs (interfaces) and the associated governance and security risks could spiral out of control. The F5 study “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” warns of this.
According to this, there are currently around 200 million APIs that are used for Internet applications ranging from digital payments to online entertainment to the smart home. By 2030, that number could rise to 1,7 billion.
From 200 million APIs to 1,7 billion
Even more problematic than growth is the widespread distribution of APIs without common standards, strong governance, or sufficient focus on version control and security requirements. This uncontrolled growth is caused by microservices architectures, agile software development and the modernization of applications. Without adequate controls, many APIs are duplicated and poorly documented and maintained.
Added to this is the organizational complexity caused by silos due to independent solutions. According to F2021's 5 State of Application Strategy Report, 68 percent of organizations are running four or five different application architectures, compared to 41 percent in 2020.
API proliferation: The possible consequences
This API sprawl creates operational and security challenges. Because it can hardly be tracked where the APIs are located. Frequent updates can affect connectivity, versioning, and documentation, increasing operational overhead significantly. The security risk also increases. More than 90 percent of companies have had an API security incident in the last year. IBM also found that two-thirds of cloud security incidents over the past year involved misconfigured API keys that allowed improper access.
"Uncontrolled API sprawl opens up vulnerabilities that will eventually be exploited," said co-author Rajesh Narayanan, Senior Director and Distinguished Technologist at F5. “The proliferation of APIs in a distributed infrastructure means that sensitive data that allows privileged access to a system is becoming more scattered and therefore more vulnerable. A hacker only needs to compromise a single API key to gain access to critical infrastructure.”
Control wild growth
APIs will continue to be crucial for the digital economy in the future: as a driver for innovation and value creation. But its growth harbors both dangers and opportunities. Therefore, they need to be managed in a more coordinated way so that the problems emerging today do not become large-scale systemic threats.
"The proliferation of APIs is an inevitable consequence of modern software architecture," adds Narayanan. “So we need to find ways to deal with them in a practical and scalable way. Businesses should start building, consuming, and managing APIs now to continue thriving in the API-driven economy.”
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.