In an application-centric, cloud-native world, businesses have a heightened concern for cybersecurity risk related to API use of late: Specifically, 63% of respondents in a recent survey said they are most worried about distributed denial of service (DDoS) threats, bot attacks and authentication enforcement for APIs.

APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk.

According to an Imperva poll of 250 IT professionals, more than two-thirds (69%) of organizations are exposing APIs to the public and their partners, and organizations are on average managing 363 different APIs.

Public-facing APIs are a key security concern because they are a direct vector to the sensitive data behind applications. Eighty percent of organizations use a public cloud service to protect the data behind their APIs, with most people using the combination of API gateways (63.2%) and web application firewalls (63.2%).

“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” said Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”

Ninety-two percent of IT professionals believe that DevSecOps, the combination of development, security and operations, will play a part in the future of application development. This highlights an increased desire from many organizations for security to be built in from the very beginning of software development rather than as an after-thought, Imperva noted.

“It is very encouraging that the majority of respondents to our survey expect DevSecOps to be involved in the future of application development,” Ray said. “Cybercrime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cybersecurity threats.”