Moving applications and development to the cloud has delivered both operational and security benefits at scale. However, as organizations begin to automate their infrastructure deployments and configurations using Infrastructure as Code (IaC), a new attack vector has been introduced. In addition, the move to cloud-native architectures increases the use of APIs connecting client applications to cloud hosted, microservices based solutions, introducing another new entry point for adversaries. While scanning for security vulnerabilities in application source code and on-premise network configurations is standard security protocol, many organizations have yet to focus sufficient attention on IaC and API code.
Panel of industry experts and Government leadership:
- Discusses the security implications with IaC and APIs.
- Provides recommendations for addressing these new attack vectors.