4. Component-level Security
Component-level security is a critical issue for software supply chains. Software vulnerabilities can be introduced at any stage of the software supply chain, from original design to post-deployment patching. For example, the recent Log4Shell breach was traced to a vulnerability in the Java Log4j Library, which was present in the Open-Source software supply chain used by millions of devices.
The adoption of cloud-native technologies includes the use of containers in microservices architectures. Containers have streamlined the way applications are built, tested, deployed, and redeployed, but their use has also led to a new attack surface. Container security requires visibility and protection during all stages of a container lifecycle.
Organizations need solutions that can provide visibility into the security posture of container-based workloads across multi-cloud environments.
5. Cybersecurity Governance
A well-defined cybersecurity governance framework is critical for an organization to protect its critical information assets from unauthorized access, use, disclosure, alteration, or destruction. Without this type of framework in place, organizations are susceptible to a wide range of cyber threats.
Various cybersecurity metrics can be used to measure an organization’s security posture. These metrics can be used to track the effectiveness of security controls and identify areas that need improvement. Fortunately, a tremendous amount of progress has been made in security analytics and machine learning over the last few years, so businesses can gain more insight into their security situation and make improvements.
New Benefits Come with New Risks
Today, the digitization of operational processes has led to productivity, efficiency, responsiveness, and overall profitability gains. But even though technological and organizational convergences between IT and OT have dramatically impacted organizations, access to newly connected systems has opened new threat vectors. Given the unique challenges of OT systems and devices, organizations need new solutions designed to span their IT and OT networks and meet the operational needs of both sides of the organization.
Author: Daniel Kwong, Field Chief Information Security Officer (CISO) for South East Asia and the Hong Kong region, Fortinet
