CISOs and their teams continue to be stretched too thin, supporting virtual workforces, transitioning workloads to the cloud and developing new applications. Build a strong business case for ZTNA-based endpoint security.However, unsecured APIs present a keen application security challenge that cannot be ignored. The business benefits of APIs are real, as programmers employ them for speedy development and integration. Finally, there needs to be a strong focus on API security testing and a distributed enforcement model to protect APIs across the entire infrastructure. CISOs also need to consider how their teams can identify the threats in hidden APIs and document API use levels and trends. A good place to start is to define API management and web application firewalls that secure APIs while protecting privileged access credentials and identity infrastructure data. CIOs and CISOs need to have a plan to protect them using zero trust. APIs are becoming one of the fastest-growing threat vectors, given how quickly devops teams create them to support new digital growth initiatives.
When APIs and the SDLCs they support to rely on perimeter-based security, they often fail to stop attacks. API breaches, including those at Capital One, JustDial, T-Mobile and elsewhere continue to underscore how perimeter-based approaches to securing web applications aren’t working. Perimeter-based security dominates devops environments, leaving gaps cyberattackers continually attempt to exploit. Zero trust needs to be at the core of System Development Lifecycles (SDLC) and APIs.MFA needs to be active on all valid accounts from the first day. Today, locking down valid accounts with Multi-Factor Authentication (MFA) is table stakes. Getting this done first ensures only the contractors, sales, service and support partners who need access to internal systems can get them. Purging access privileges for expired accounts and partners is a must-do it is the essence of closing trust gaps. It is common to find contractors, sales, service and support partners from years ago still having access to portals, internal sites and applications. Closing the trust gaps that jeopardize identities and privileged access credentials is often the priority organizations concentrate on first. Clean up access privileges before starting IAM or PAM.There are ten areas that CISOs can focus on to make progress and start closing more gaps now, based on the insights gained from the Gartner market guide and research completed by VentureBeat: Targeting the trust gaps in tech stacks with ZTNA is delivering results. Their 2022 Market Guide for Zero Trust Network Access is noteworthy in providing insights into all CISOs need to know about zero trust security. As a result, Gartner is seeing a 60% year-over-year growth rate in ZTNA adoption. In addition, securing remote, hybrid workforces, launching new digital-first business growth initiatives and enabling virtual partners & suppliers all drive ZTNA demand. Reducing the risks of supporting fast-growing hybrid workforces globally while upgrading tech stacks to make them more resilient to attack and less dependent on trust are motivating CISOs to adopt ZTNA. Cyberattacks compromised 92% of all data breaches in the first three months of 2022, with phishing and ransomware remaining the top two root causes of data compromises. In the first quarter of 2022 alone, there has been a 14% increase in breaches compared to Q1 2021. Cyberattackers can still access networks by exploiting unsecured endpoints, capturing and abusing privileged access credentials and capitalizing on systems that are months behind on security patches.
Over the last eighteen months, the exponential rise in cyberattacks shows that patching perimeter-based network security isn’t working. Zero Trust Network Access (ZTNA) is designed to remove trust from tech stacks and alleviate the liabilities that can bring down enterprise networks.
Eliminating trust from tech stacks needs to be a high priority
0 kommentar(er)
