New Research Study Reveals Urgent Need for Modern Security Solutions Amid Rapid Transition to API- and Cloud-Centric Applications

Rhea-AI Summary

Fastly, Inc. (NYSE: FSLY) released research with Enterprise Strategy Group revealing the urgent need for modern security solutions in a rapidly evolving digital landscape. The study highlights that organizations use an average of 11 security tools, spending nearly $3 million annually, yet face challenges with ineffective traditional tools that impede growth and generate false positives. Nearly half of security alerts are false, causing unnecessary downtime. Despite the anticipated rise in API use, many organizations struggle to maintain adequate security across their new architectures.

Positive

• None.

Negative

• Organizations are using on average 11 security tools, resulting in increased costs and complexity in security management.
• 91% of organizations run security tools in log or monitoring mode, indicating they are ineffective and often blocked harmless traffic.
• Almost half of all security alerts are false positives, leading to unnecessary operational downtime.
• Over half of organizations find web application and API security more difficult now than two years ago, suggesting a growing challenge to secure new application architectures.

Fastly, Inc. (NYSE: FSLY), a global edge cloud platform provider, today released new research in partnership with Enterprise Strategy Group (ESG) that uncovers a crucial need for a unified, modern, and simplified approach to security. The study, based on insights from information security and IT professionals representing hundreds of organizations globally, revealed growing concerns around adequately securing the rapidly rising number of mission-critical cloud services and API-centric applications. Outdated offerings, false positives, and ineffective blocking are among the main causes driving this global concern.

Fastly research infographic in partnership with Enterprise Strategy Group (ESG). (Graphic: Business Wire)

As organizations around the world are faced with the task to digitally transform, many of the traditional tools and services no longer support the modern needs and architectures of the digitized world. While the increased need for flexibility, agility, and speed continues to drive the evolution of application development and increased deployment of microservice-based architectures, many organizations have not updated their security tooling and continue to rely on traditional web application and API security tools to protect their business.

“One of the biggest security challenges we are seeing today is that technologies are rapidly evolving to better serve the growing demand for digital experiences, but the security offerings that protect those technologies are not experiencing that same level of transformation -- and often erode the benefits of modern technology stacks,” said Kelly Shortridge, Senior Principal Technologist at Fastly. “Security tools should fuel innovation, actively support service resilience, and minimize disruption to software delivery workflows, rather than slowing build cycles and producing disjointed, unactionable, or irrelevant data.”

Research from the study concludes:

• On average, organizations use 11 web application and API security tools and spend close to $3 million dollars annually. Security is becoming more complex and costly as organizations are required to protect traditional architectures, in addition to new architectures and cloud environments.
• Traditional security tools are ineffective and impede business growth. Current security tools frequently block harmless business traffic, impacting the organization’s bottom line. As a result, 91% of organizations run tools in log or monitoring mode, or shut them off entirely.
• Nearly half of all security alerts are false positives. False positive downtime frequently causes similar downtime to actual attacks, suggesting current security tools are causing more problems than they solve for.
• More than half of organizations believe most or all of their applications will use APIs in the next two years. Despite an anticipated increase in API implementation, half of organizations stated that web application and API security is more difficult than two years ago and indicated struggles to maintain adequate security across new application architectures. Driving these difficulties is the shift to public cloud and API-centric applications without a modern security solution to support those innovations.

“The responsibility for protecting enterprise assets, data, and users from cyber threats no longer falls solely on the security organization, even as the threat landscape becomes increasingly complex. Application security in particular, is a team sport that requires input and cross-functional collaboration across many parts of an organization,” said John Grady, Senior Analyst at ESG. “As a result, security professionals have become frustrated with the complex and siloed nature of traditional application security solutions that fail to address these issues. Modern businesses require uniform tools and approaches that can minimize vulnerabilities between their public cloud infrastructure, microservices-based architecture, and legacy applications, while supporting a variety of personas.”

To download the full report: Reaching the Tipping Point of Web Application and API Security, visit https://www.fastly.com/web-application-and-api-security-tipping-point.

Methodology

To gather data for this report, ESG conducted a comprehensive online survey of information security and IT professionals knowledgeable about their organization’s application development practices and involved in security purchase processes (61%). The survey also included developers, engineering, and DevOps leaders who build and deliver applications for their organization (39%). Respondents were distributed across North America (41%), Europe (30%), and Asia Pacific and Japan (29%). Respondents were employed at organizations with 10 or more employees. Specifically, 10% were employed at small organizations (i.e., those with 10 to 499 employees), 15% at midmarket organizations (i.e., those with 500 to 999 employees), and 75% at enterprises (i.e., organizations with 1,000 or more employees). Respondents represented numerous industry and government segments, with the largest participation coming from manufacturing (23%), financial services (14%), retail/wholesale (14%), technology (11%), healthcare (8%), and communications (8%). The survey was fielded between March 17, 2021 and March 31, 2021.

About Fastly

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the internet. Fastly’s platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development with unmatched visibility and minimal latency, empowering developers to innovate with both performance and security. Fastly’s customers include many of the world’s most prominent companies, including Pinterest, The New York Times, and GitHub.

About ESG

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community. Learn more at www.esg-global.com.

Source: Fastly, Inc.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210712005032/en/

FAQ

What is the main finding of Fastly's recent research on web application and API security?

Fastly's research highlights a critical need for modern and unified security solutions to address the complexities of cloud services and API-centric applications.

How much do organizations spend on web application and API security tools according to Fastly's research?

Organizations spend nearly $3 million annually on an average of 11 web application and API security tools.

What percentage of security alerts are false positives as reported by Fastly?

Fastly's research indicates that nearly half of all security alerts are false positives.

Why are traditional security tools ineffective according to the Fastly research?

Traditional security tools are considered ineffective as they often block harmless traffic, which leads 91% of organizations to run them in a limited capacity.

What future trend is anticipated for APIs according to Fastly's study?

More than half of organizations believe that most or all of their applications will utilize APIs within the next two years.