Securing the application economy over the next decade
CA’s recommendations to the President’s Commission on Enhancing National Cybersecurity stress identity-centric solutions.
“In the new cyber threat environment, Identity and Access Management (IAM) and Application Programming Interface (API) management technologies are central to protecting systems, networks, devices and data, and to enabling secure interactions with customers and citizens.”
This is the key point CA Technologies made in its response to the recent Request for Information put forth by President Obama’s Commission on Enhancing National Cybersecurity, a select group of public and private sector leaders and experts in the security space that was recently established to make recommendations to mitigate cyber risks, while also encouraging technology development.
Applications have become the critical point of engagement for organizations of all sizes, optimizing experiences and providing a direct and constant connection to end users. APIs make it possible for organizations to open their backend data and functionality for reuse in new application services. API management software authenticates devices and data and is fundamental to securing the applications, devices and data inherent in the burgeoning Internet of Things (IoT). IAM software authenticates individuals and services and governs the actions they are permitted to take.
Identity is today’s security perimeter
Identity is now the attack vector of choice for cyber criminals. In virtually every large network breach in recent memory, compromised identities were the common thread. Protecting identities is foundational to robust security in the application economy. Effective access management enables users to perform tasks critical to fulfilling their roles, but restricts them from exceeding this permitted access.
In a world where identities constitute the new security perimeter and are the single unifying control point across all apps, devices, data and users, effective IAM is increasingly important with respect to privileged users, who have greater access to back-end systems and databases.
APIs are, however, vulnerable to many of the security threats that have plagued the Web, in addition to a range of new API-specific threats. It is therefore vital to deploy strong, API-specific security at the edge of an organization’s API architecture, both to authenticate devices and data, and to secure and protect the APIs themselves.
In addition to highlighting the critical role of IAM and API Management software in securing the digital economy, CA made the following recommendations for the Commission in its response:
What do you think are the most important recommendations for strengthening public and private sector cybersecurity over the next decade? I invite you to share your thoughts below.