Writer: Jordan Sprogis
Editor: Lillian Castro
Reviewer: Cristian Lopez
Key Takeaways
- Akamai and Apiiro just announced they’ve expanded their ASPM partnership to merge code-level visibility with runtime protection in one dashboard.
- It comes at a time when tool fatigue and the “shift-left” trend is growing — basically forcing hosts to take on their fair share of security responsibilities.
It’s National Cybersecurity Awareness Month, and the timing couldn’t be better for security leaders Akamai and Apiiro to expand their partnership.
Last year, they collaborated to improve API visibility within enterprise codebases; now, they’re creating a unified view of application risk across the whole SDLC.
“By combining our API and other security insights with Apiiro’s ASPM, organizations get a single, prioritized view of application risk that helps them move faster, stay compliant, and reduce costs,” said Patrick Sullivan, CTO of Security Strategy at Akamai.
A Shift in Hosting Responsibility
Rewind even just two years ago, and uptime and speed were what defined a good host. But with AI and cloud deployment, everything flipped on its head.
Joe Silva from Spektion has warned before about rushing to incorporate AI into the software supply chain without the right guardrails.
“That rush is going to create new vulnerabilities, especially given how complex these systems are,” said Silva. “These attacks can introduce attack vectors that aren’t as common in commercial software, simply because malicious contributors have easier access.”
Right now, the hosting industry is increasingly dealing with a “shift left” mentality: Hosts are no longer just running workloads, but are also expected to safeguard them. It’s a heavy shift (get it — shift left?) of responsibility that is basically forcing hosting providers to join the security life cycle.
National Cybersecurity Awareness Month may be for the consumer-facing industry, but it’s also a good reminder of what hosts are now expected to do. Customers expect everything from their hosts.
Battling Tool Fatigue
With that in mind, this partnership seems to answer two pain points that CISOs are facing: complete visibility into their applications and APIs without having to add more tools to their roster. We call this “tool fatigue.”
Gartner found that large enterprises use an average of 45 tools, while TechRadar reports the number is closer to 83 tools. But a study from Infosecurity Magazine found cloud adoption and remote work has pushed the average count from 64 to 76 tools.
Even with these variations, the proof is in the pudding: there are a lot of tools.
And for hosts, that kind of sprawl creates its own problems. It means managing several security dashboards — all of which don’t only eat at resources, but also budgets — and makes it harder to track which alerts correlate with a product.
But with the increased attacks on supply chains and APIs, these tools are proven to be needed. The question is how much is too much.
According to Akamai’s own security report, 7 trillion web app/API attacks took place between January 2023 and December 2024. Unsurprisingly, most attacks hit eCommerce. And yet, only 27% have full visibility into their APIs.
Whether a host already runs on Akamai or is juggling a growing list of APIs and app integrations, this tool is a chance to simplify that part of their security stack.
It’s as Idan Plotnik, Co-Founder and CEO of Apiiro, said: “Together we’re giving enterprises the visibility, context, prioritization, and remediation workflows they need to stay ahead of threats without slowing innovation.”
