Datos Insights interviewed 12 mature users of API security solutions, stripping away the veneer of vendor marketing to reveal what customers really think about API security solutions. These unfiltered client perspectives, published in our recent report API Security Solutions: Customer Perspectives, anonymously share API security sentiment from those responsible for protecting APIs against attacks. Customers had an average of 25 months of solution experience, putting them in the know on API security solutions.
Users shared their experiences with solution functionality, effectiveness, and vendor satisfaction. Several key findings from the report include:
- The rapid growth of APIs within the enterprise demands a built-for-purpose solution: Customers can no longer address API security solely by trusting third parties and in-house application development teams to code APIs that thwart attacks securely.
- API inventory was the number one use case: Customers held to the mantra of “if you cannot see it, you cannot protect it.” Visibility into API assets and discovery of shadow and zombie APIs was cited as the top use case to address API sprawl. Customers noted their estimate of the number of APIs in use was substantially less than reality.
- Contrary to vendor claims, API security solutions are not plug-and-play: Customers felt that vendors oversold the ease of API solution deployment and did not clearly state the difficulty in infrastructure integration, the need for custom connectors, and the overall deployment effort.
- Although satisfied with current solutions, customers shared a willingness to change: Customers recognize that API security approaches are rapidly evolving, with most keeping an eye out for better solutions, broader API traffic visibility, and cost value. Product fatigue will drive some customers to content delivery network solutions that offer robust API protection.
- API security solutions exceeded customer expectations: Despite deployment complexity and vendor immaturity, customers were united in stating that API solutions exceeded their expectations and significantly reduced their risk of API compromise.
Client perspectives were drawn from vendors participating in a Datos Insights Vendor Guide, where each vendor completed a 200-point request for information (RFI) covering company, product, and customer dimensions. Client perspectives separate product features analysis from user sentiment to provide the user dimension of product and vendor satisfaction.
This report is the final of a four-part series on API security. The predecessor reports include: API Security: Market Landscape, March 2023; Web Application and API Protection (WAAP): Market Landscape and Product Deep Dive, July 2023; and Datos Insights Vendor Guide: API Security Solutions. Contact me here to ask any API-related questions or share your API protection experiences.