APIs and cloud apps are greatest threats to enterprise security readiness
A survey of over 400 CISOs finds they are are grappling with a wide range of risks and challenges, especially linked to accelerating utilization of technologies like cloud-based applications and the use of Application Programming Interfaces (APIs).
The study from CISOs Connect, an invitation-only community of cyber experts and part of Security Current, finds the IT components rated as most needing improvement are: APIs (42 percent), cloud applications (SaaS) (41 percent), and cloud infrastructure (IaaS) (38 percent).
Industry use of API technology has exploded over the last few years due to the shift to component-based microservices architecture used extensively in modern applications, and the growing adoption of cloud services. Not to be overshadowed, too, are web applications in general, which are proving to be particularly susceptible to a wide variety of client-side attacks such as formjacking and Magecart.
Security processes seen as most needing improvement are: data discovery and classification (38 percent), data backup and recovery, as well as vulnerability remediation (36 percent each), and development security operations (DevSecOps) (35 percent). There's clear interest in zero trust too, with 96.5 percent of CISOs surveyed having a project either underway or in development, with half saying it’s one of their top three priorities for the coming year..
Third-party risk is a concern too, with 41 percent of CISOs planning to add or upgrade third-party security and risk management technology over the next year. Other technologies high on shopping lists include network/micro-segmentation (65 percent), container security (57 percent) and security service edge (SSE) platform (55 percent).
The report's authors conclude, "CISOs continue to have their work cut out for them. On many fronts, great progress has been made; determined, sometimes heroic efforts keep organizations far more secure than they would otherwise be. But right now, at least, there is no letting up. The evolution of new models like zero trust and new solutions like API protection platforms and client-side web application security will help CISOs extend capabilities and capacity to augment what their over-stretched teams can do. Thoughtful adoption, careful planning, and perhaps a little bit of luck will help these leaders keep their organizations safe."
The full report is available from the Security Current site.