Why We Pay Close Attention to Cybersecurity in the API Economy


Wally Wang


What is an API Economy

Gartner raised the concept of API economy in 2016. The original definition is “The API economy is an enabler for turning a business or organization into a platform.” Now it can broadly refer to the ecosystem of business opportunities generated by the delivery of functionality and exchange of data over APIs. According to Akamai, API calls accounted for 83% of web traffic in 2019. Unfortunately, this thriving and well-connected economy has hidden threats, since hackers are also trying to make money in it.

Image source: WEF (https://www.weforum.org/agenda/2021/01/digital-content-safety-cybersecurity-application-programme-interface/)

Why the Cyber World Needs API Security Software So Badly

1. API abuse is a serious problem. According to Gartner, web-enabled apps now have 40% of their attacks come through APIs rather than user interfaces. The percentage is projected to increase to 90% in 2021. Analysts at Gartner also predicts that by 2022, API insecurity will be the most frequent attack vector resulting in data breaches.

2. Data breaches are very costly. According to IBM, the global average cost of a data breach is $3.9 million. According to Juniper, data breaches cost businesses over $2 trillion (yes, that’s trillion with a T) total in 2019. In addition to the dollar amount, the negative influences on public image and customer trust are hard to quantify.

To mention a shocking event of API data breaches happened last year as an example: Starbucks public gift card website APIs were found being subject to manipulation that passes command to backends, exposing up to 100 million customer records.

3. Traditional security solutions don’t work well with APIs. Dynamic tools have problems figuring out what fields to put into the JSON or XML documents to send to the APIs, while static tools have problems following the complex data flows. The API economy needs tailored solutions to prevent attacks.

Due to reasons mentioned above, we believe there are strong market needs for API security systems and great investment opportunities in this arena.

Why We Invested in CloudVector

A fun fact: CloudVector is a concatenation of “cloud computing” and “attack vector”, recognizing its mission of protecting API data flows from cyber-attack to accelerate digital transformation. It offers an API Detection and Response platform that provides Shadow API Prevention and Deep API Risk Monitoring and Remediation. It now becomes a part of Imperva family.

It was our privilege to provide support along its journey. Here are three reasons why.

1.We Value the Proven Track Record of the Team

The founders are serial entrepreneurs, and more importantly, domain experts in API and cybersecurity. The core team members are executives and leading engineers from Netskope, Agari, McAfee, Juniper, Bromium, Google Cloud, and VMWare. CloudVector is the 3rd venture that they have worked together to bootstrap. They are the dream team with 1) deep technical know-how 2) long history of growing together.

1) Deep Packet Analysis is technically very challenging, so technical know-how is the key. Talents who demonstrate in-depth understanding at the packet level are scare.

2) A venture will not succeed if it has the most brilliant people, but they are against each other. For early-stage investment, the importance of team cohesion is self-evident.

2.AI Makes API Security More Powerful

Artificial intelligence is a powerful weapon in numerous aspects, including fighting cyber-attacks. Cloudvector’s API data layer and anomaly detection response are powered by AI engine, which makes threat protection automated and continuous.

3.One-of-a-kind Problem Solver that Accelerates Digital Transformation

APIs empower enterprises in various ways, such as simplifying software development, offering flexibility to adopt innovations, having new revenue channels by monetizing data, and facilitating collaboration across different platforms and teams. However, many enterprises are hesitant to leverage them due to potential attack vectors. API secuity systesms make it safer to adopt APIs in digital transformation.

The solution that CloudVector provides is unique due to its

1) Zero Impacts on Dev/DevOps. API sensors monitor data in transit without affecting apps. No code change, no runtime shim, no OS/container package change, etc.

2) Allround capacibility. Cloudvector proactively captures data flows from all apps, all infrastructures.

In the macro tailwind of digital transformation, more and more companies are joining the API economy. To maintain a healthy API economy, data flows must be safely managed, and data breaches must be kept to a minimum. We believe that CloudVector will play an important role in safeguarding the API economy.

This may interest you