Virtualization Technology News and Information
New Report Reveals APIs and Cloud Applications are CISOs' Greatest Threat to Security Readiness
Just-published research, The CISOs Report, Perspectives, Challenges and Plans for 2022 and Beyond, reveals that Chief Information Security Officers (CISOs) are grappling with a wide range of risks and challenges, especially linked to accelerating utilization of technologies like cloud-based applications and the use of Application Programming Interfaces (APIs). The report is based on a survey of more than 400 Chief Information Security Officers (CISOs) working across a broad set of companies and industry sectors in the US, Canada and other select nations.

Quickly evolving technologies, compounded by the effects of remote work, create new layers of risk.

Recent shifts in the IT landscape have resulted from the dramatic escalation of remote work, cloud adoption, BYOD and changing development practices. The security impacts of those changes are reflected in where CISOs see the most need to strengthen their defenses.

CISOs rate their organization's IT components most needing security improvement as:

  • APIs - 42%
  • Cloud applications (SaaS) - 41%
  • Cloud infrastructure (IaaS) - 38%

Industry use of API technology has exploded over the last few years due to the shift to component-based microservices architecture used extensively in modern applications, and the growing adoption of cloud services. Not to be overshadowed, too, are web applications in general, which are proving to be particularly susceptible to a wide variety of client-side attacks (e.g., formjacking, Magecart).

CISOs rate their organization's security processes most in need of improvement as:

  • Data discovery and classification - 38%
  • Data backup and recovery, as well as vulnerability remediation - 36% each
  • Development security operations (DevSecOps) - 35%

CISOs are taking action on Zero Trust.

While early on some were quick to relegate Zero Trust as hype, it is not. A full 96.5% of CISOs surveyed are either underway with or actively planning for a Zero Trust initiative. Only 7.5% claim to already have a robust implementation, but even those will require ongoing improvement to extend key practices to the application and data layers as cyber threats continue to evolve. Over 50% say implementing or enhancing their Zero Trust model is one of their top three priorities for the coming year.

Third-party risk pervades.

While supply chains have become essential to the success of almost all businesses, CISOs see plenty of supplier and partner challenges to overcome. Third-party risk tops a long list of cyber vulnerabilities causing CISOs the most concern, rating 3.89 on a scale of 1 (lowest) to 5 (highest). This finding tracks with the escalation of supply chain security issues over the last two years. Supply chain attacks rate 3.93 out of 5 as the cyber threat that causes the most concern. Forty three percent of survey respondents indicate that better addressing partner or supplier risk is among their top three priorities for the coming year.

Given third-party concerns, 41% of CISOs plan to add or upgrade third-party security and risk management technology over the next year. Other technologies high on the shopping list include network/micro-segmentation (65%), container security (57%) and security service edge (SSE) platform (55%).

To access the complete report, please visit:

Published Wednesday, June 01, 2022 12:12 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2022>