We had a great time at API World 2023! Being immersed in the world of APIs and getting to talk with professionals who are shaping the future of technology was invigorating.
Although I saw many innovative things, there were three themes in particular that kept surfacing:
1. Not all developers care about security like I do
As a cyber founder, I live in a a security bubble. Almost all the content I consume and conversations I have are heavily biased towards security. All the engineers I work with are extremely concerned with security. I think about security 24 hours a day. So I was genuinely surprised at some of the attitudes I heard from some developers at API world who just didn't seem to care much about security.
I had one developer actually tell me, "that's what we have a security team for.” Another told me that, “I just need to pass the scans.” Another told me, “My API has no security risks.”
This was a good reminder that, as a security founder, we need to be able to help companies at all stages of their security journey. Not every company is going to have a healthy security culture in their development organization, and for those companies we need to be able to still provide value and help them make progress, one step at a time.
2. The staying power of legacy IT
Most of the customers I speak with use modern cloud native architectures, relying on technologies like Kubernetes, Istio, or Envoy. Because of this, sometimes I forget how long API management as a space has been around, dating back to the early 2000s with API gateway and API management companies built on technologies even older than NGINX.
What I was reminded of is how much of a challenge it is for traditional enterprises to move off these older technologies, not just because of the technical level of effort, but because of the amount of bespoke customization and effort that they have invested into these technologies, such as implementing key parts of their business logic at the API gateway layer. For example, one customer I spoke with tried to migrate off of their existing API Gateway to Apigee (which is regarded as a fairly modern API gateway), but after several months gave up because of the amount of complexity and business disruption it would cause.
The security implications of this are fairly staggering. Security in the API gateway and management space has been largely stagnant for the last 20 years relying on simple tools like regex filters and ACLs. There continues to be a huge opportunity to provide modern API security to enterprises relying on these legacy tools.
3. AI is Everywhere, But It's Not Always Impressive
Walking around the conference, it felt like every other booth had some sort of "ChatGPT or Copilot for X" pitch. But most of these left no impression on me whatsoever. Just because your product uses AI doesn't mean it's revolutionary.
AI is not a gimmick to tack onto a feature list. It needs to be part of a thoughtful solution to a real problem.
Until Next Year
It will be interesting to see how these three key areas evolve over the coming year. I’m excited that Impart is on track to break up the API security stagnation that has taken hold over the last 20 years. Our unique approach gives you and your team the ability to collaborate with other teams, reduce work, and deliver a better, safer product.
Sign up for a demo to see exactly how we’re innovating in API security!