Page 162 - Cyber Defense eMagazine January 2023
P. 162
Why You Can't Have True Zero Trust Without API
Security
By Richard Bird, Chief Security Officer, Traceable
Global adoption of Zero Trust security models is soaring and with good reason. Due to organizations’
embrace of digital business models and enablement of hybrid workforces, more users and devices are
accessing organizations’ networks than ever before. A Cloud Security Alliance survey finds that 94
percent of organizations are implementing Zero Trust strategies, and 77 percent will increase their
spending on Zero Trust over the next 12 months. President Biden’s Executive Order on Cyber Security,
issued in May 2021, has also given this security model a public boost. The order requires federal agencies
to develop and implement Zero Trust architectures at pace.
The concept of Zero Trust was popularized by Forrester analyst John Kindervag in 2010. Organizations
that embrace Zero Trust “never trust, always verify.” That means continuously validating every user and
device accept attempt and enforcing the principle of least privilege granted to right-size user privileges to
the job at hand. As a result, Zero Trust has historically been focused on improving network access and
identity access management security.
So far, so good. Yet, the reality is that distributed networks are growing exponentially. In addition,
organizations are tilting from running monolithic business applications to using myriad microservices to
create and deploy new applications. Organizations then use application programming interfaces (APIs)
to connect clients to servers; send and receive sensitive data; and execute increasingly complex
interdependent business processes.
Cyber Defense eMagazine – January 2023 Edition 162
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.