Justin McCarthy, co-founder and CTO, StrongDM

            "In 2023 I believe we'll see rebellion against systems that aren't respectful with our time. Systems that
            generate ample noise and minimal signal. When it comes to the demands on our attention in 2023 and
            beyond, less is more.

            Security technology is one area that has been requiring too much of our attention and energy for too long.
            It's  frustrating  because  there's  so  much  friction  where  it  isn't  necessary.  There's  a  better  way  but
            consumers of security technology will have to demand it and developers and engineers have to work on
            it.

            One small example: authentication. As we move into 2023 we'll look to WebAuthN, Passkeys, and other
            passwordless systems to improve the user experience and reduce the burden on IT teams. That's where
            we'll really start to feel the difference. And with this feeling will come elevated expectations that then get
            transferred to every other aspect of our IT systems and security environments. Hopefully, it will push us
            to ask why it can't be simplified?"


            Richard Bird, Chief Security Officer, Traceable

            1.) “In terms of trends we need to shine a light on, 2023 will be the year that the leaders in the majority
            of companies, organizations and agencies around the world wake up on any given morning and think,
            ‘Whoa, I have a security problem!’ As we close out 2022, most enterprises either don’t realize the size of
            the risk they currently face with their unsecured and largely unmanaged API ecosystem or they are
            willfully ignoring the risks by believing that API gateways and web application firewalls are protecting
            them.  We  should  be  very  happy  that  the  current  state  and  maturity  of  API  security  affords  us  the
            opportunity to get it right in 2023. API security is a greenfield within most companies and organizations
            today, which means we are in a moment where we can choose tools, processes and frameworks that will
            deliver huge improvements in security and risk mitigation. The alternative, if we don’t capitalize on this
            moment, is that in 2024 and beyond API security tactics and performance will be dictated and demanded
            of us by regulators and we will no longer have the flexibility and agility to meet these challenges without
            the overhead of compliance pressures.”

            2.)  “2023  will  be  the  break-out  year  for  API  security  as  a  focus  area  for  many  of  the  Fortune  1000
            companies. The lack of control, security and governance around APIs isn’t just exposing companies to
            serious risks, but also to massive amounts of operational inefficiencies caused by APIs being developed
            and deployed independently across multiple devops teams. This means that there are huge numbers of
            “zombie”  APIs,  abandoned,  but  never  removed  from  a  company's  systems.  There  are  costly
            redundancies due to the inability for companies to enforce and inform DevSecOps on internal standards
            for API creation and deployment. Without visibility into the API ecosystem at a company, you can bet that
            money is being wasted on the creation of redundant APIs happening nearly every day. That redundancy
            comes at a cost, inefficiency isn’t free.”






            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       94
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.