API Security Best Practices
December 26, 2019

Gartner API Security Best Practices


Are your APIs protected?

With the exponential growth of APIs in today’s digital world, it raises the importance of ensuring that your APIs are secure. As more and more APIs are created, becoming the glue that connects services around the world, more endpoints are exposed and provide vulnerabilities to be breached.

While awareness of API security is becoming more widespread, that hasn’t stopped the occurrence of breaches and data hacks making the news. It only takes one breach for your business to incur fines, litigation, and irreparable damage to the brand’s reputation.

Rod Cope, Perforce CTO, discusses the key takeaways from the Gartner Analyst Note on API Security and how security is a "first-class citizen baked into Akana."

How to Protect Your APIs

While you can never be sure that you are fully protected against attacks – every new API provides a new and unique exposure, and hacking methods continue to evolve – there are best practices that can be followed to minimize the vulnerability of your APIs.

For a comprehensive report on what your enterprise can implement for application and product portfolio governance, download the Gartner Analyst Note “API Security: What You Need to Do to Protect Your APIs.”

Get the Report

Below you will find an overview of the key findings of this report, including the Key Challenges and Recommendations:

Protecting APIs

Read the full report for additional detail on Gartner’s recommendations, such as:

Discover Your APIs Before Attackers Discover Them

Gartner says, “Many API breaches have one thing in common: the breached organization didn’t know about their unsecured API until it was too late.”

Akana Solution:

With Akana’s Full Life Cycle API Management capabilities, metadata driven automation is combined with manual approvals to ensure checks and balances all throughout the life cycle.

There is no tool that will automatically discover all your APIs. However, API governance within the Akana platform enables you to define and track multiple assets and their versions and dependencies to manage your portfolio. You can also apply security regardless of whether the APIs are published or still in development, used internally or public-facing in the developer portal.

Adopt a Continuous Approach to API Security

As per Gartner, “Adopt a continuous approach to API security across the development and delivery cycle, designing security into APIs.”

Akana Solution:

All security aspects in Akana are consistently addressed through configurable policies that can easily be reused across APIs.

Akana adds automation to the security of your APIs with metadata-driven policy management.  This extended metadata bundles everything that comprises the API, including its policies and scripts, to facilitate promotion from one environment to the next.

You can also configure approvals and notifications before promotions, adding checks and balances to metadata-driven automation. This adds efficiency and accuracy to the promotion process, ultimately deciding whether an API is deployed.

Protect Your APIs Across Your Entire Architecture, Not Just at the Perimeter

Gartner says, “Widespread use of internal APIs adds the requirement to secure internal usage.”

Akana Solution:

Manage access rights within Akana with a built-in OAuth authorization server. Asset creation within the Akana API management platform includes fully customizable workflow with multi-level approvals (both manual and automated) as needed with full auditing.

Governance within Akana is strengthened with customizable user fields. Stakeholders have access and authorization rights to APIs and the flexible metadata-driven promotion process. If enabled, promotion only occurs with stakeholder approval.

Akana’s Life Cycle Management also includes configurable role-based gating. Enterprises can easily specify RACI (Responsible/Accountable/Consulted/Informed) roles into promotion workflows, which become part of the audit record.

How Effective is Your API Security Strategy?

Are you doing enough to secure your APIs? Learn the Gartner API security best practices to protect against attacks and data breaches.

Get the Report


Source: Gartner: API Security: What You Need to Do to Protect Your APIs, Mark O'Neill, Dionisio Zumerle, Jeremy D'Hoinne, 28 August 2019.

General Disclaimer:
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akana. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.