When it comes to cybersecurity the primary enemy is integration. Without integration, all our applications and systems would be inherently secure. Alas, most applications only provide business value when they are connected to another application. The inherent problem that creates from a cybersecurity perspective is any IT environment is only as robust as its weakest application link.
An Accenture Technology Vision 2019 report published this month highlights how problematic this integration has become. The report finds that only 29 percent of the 6,672 business and IT executives surveyed know whether partners are working as diligently on security and compliance as they are. Cybercriminals are constantly scanning for vulnerabilities within organizations that can treat as a gateway to penetrate a larger ecosystem. Even ecosystems manage by industry behemoths such as Apple and Google are vulnerable. It was revealed this week that more digital pirates are creating clones of applications that wind up being deployed on the Apple Store because the credentials of developers have been compromised. Google and Microsoft are dealing with a similar issue. Cryptominers have embedded their malware in applications being downloaded via Google Play and the Microsoft Store.'Without integration, all our applications and systems would be inherently secure. Alas, most applications only provide business value when they are connected to another application.' ~ Mike VizardClick To Tweet
Any organization plotting a digital business transformation is going to find these and other breaches relating to credentials become compromised to be at the very least cause for pause. In fact, Forrester estimates 80 percent of all breaches can be traced back to issues involving some form of abuse of privileged access. The more integrations that get spawned with each digital business interaction the more likely it becomes for there to be even more abuse. That’s why so many cybercriminals are focusing their time and effort on small businesses these days. A small business typically can’t afford the same level of cybersecurity as an enterprise IT organization. But most of them are trusted trading partners with much larger entities that are the ultimate attack target.
What’s clearly required going forward is a zero-trust approach to application deployment and integration. A zero-trust model to cybersecurity assumes organizations are not going to automatically trust anything inside or outside its perimeters. Every interaction must be verified before anything or anyone is granted permission to access an IT environment. That may be simple enough. But in practice, it winds up being extremely difficult to maintain. Developers are constantly invoking application programming interfaces (APIs) almost anywhere they find them and there’s always an instance where some crisis or another result in cybersecurity protocols and policies being bypassed. The good news is that modern IT platforms are increasingly baking zero-trust access controls into the core platform. Those technologies, in turn, make it simpler to operationalize best DevSecOps processes that require developers to, for example, include security controls before an application can be deployed in a production environment.
In fact, when it comes to zero-trust approaches to IT platforms and DevSecOps processes it’s no longer a technology issue. Rather, it’s now about coming up with the budget to first acquire those platforms and then, secondly, developing the political will inside the organization to implement them.
It should be apparent to all by now that digital business transformation initiatives will require organizations of all sizes to up their cybersecurity game. The challenge and the opportunity are to put those cybersecurity technologies and controls in place now to ensure the current level of excitement about digital business transformation doesn’t turn into a bitter, disappointing experience later on..@forrester estimates 80% of all breaches can be traced back to issues involving some form of abuse of privileged access. Can #ZeroTrust help? Click To Tweet
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.