Disruptive changes in application development include the ongoing cloud migration disrupting the tech stack, new application design patterns bringing microservices to the forefront, and DevOps changing dev/release practices. The common thread across these changes is increasing reliance on Application Programming Interfaces (APIs). In this paper, Securing APIs, we work through how application architecture and attack surfaces are changing, how application security needs to evolve to deal with these disruptions, and how to empower security in environments where DevOps rules the roost. So you are better prepared to protect whatever applications look like moving forward.
After many decades as security professionals, it’s depressing to keep seeing the same issues and mistakes. It feels like we’re stuck in hacker Groundhog Day. But there is a way to give yourself a fighting chance against these issues – return to the fundamentals. Things like ensuring visibility for every asset, and maintaining a strong security configuration and posture for those assets. You also need to patch systems efficiently and effectively when vendors issue updates. In this Security Hygiene: The First Line of Security paper, we’ll provide a reminder as to the importance of the fundamentals and present a process to ensure you can fix issues efficiently and effectively.
We’ve been espousing the idea of data-centric security for years, focusing on protecting the data, so you can worry less about securing devices, networks, and associated infrastructure. In practice, data-centric security has been underwhelming — it gradually became clear that having security policy and protection travel along with the data, as it spreads to every SaaS service you know about (and a bunch you don’t), was just too much to count on. In this Data Security in the SaaS Age paper, we rethink both the expectations and potential solutions to protect the data stored in SaaS applications.