In a earlier column, I mentioned how the 2023 version of the Nationwide Affiliation of State Chief Data Officers (NASCIO) top 10 priorities underscored the significance of securing functions and APIs in advanced environments. Now NASCIO has revealed its “State CIO Top Ten Policy and Technology Priorities for 2024,” and whereas some issues held over, there are some noteworthy adjustments.
Identification and Entry Administration and Cloud Companies have moved down in precedence from numbers 5 and 6 to numbers eight and 9 respectively (although maybe not for the explanations you may assume)
Cybersecurity and Threat Administration stays the highest precedence, however Digital Authorities/Digital Companies has moved up right into a tie for first
Synthetic Intelligence (AI), which did not even make the top 10 last yearis now the quantity three precedence
Legacy Modernization has remained the fourth precedence
Let’s roll up our sleeves and dig into these adjustments a bit. I am going to have a look at them with a watch towards API security particularly.
Identification and Entry Administration & Cloud Companies Fall — however Why?
Identification and Entry Administration (IAM) and Cloud Companies have moved down three rungs in precedence from numbers 5 and 6 in 2023 to numbers eight and 9 respectively in 2024. This might not be as a result of the applied sciences are immediately much less necessary, although — they may merely have built-in extra deeply into at this time’s surroundings.
To me, plainly they kind a significant a part of the 2 priorities tied for first — Cybersecurity and Threat Administration and Digital Authorities/Digital Companies — in addition to Legacy Modernization.
In different phrases, state and native governments could have already completed important work on IAM and cloud providers, which they construct on to fulfill larger priorities on this record. If that’s the case, the change in precedence this 12 months very a lot is sensible.
Cybersecurity & Threat Administration Joined on the Prime by Digital Authorities/ Digital Companies
Infrastructure has turn out to be considerably extra advanced and distributed over time. Many enterprises are including extra cloud environments, which deliver with them extra complexity.
On the identical time, more and more digital-savvy constituents have come to anticipate extra from the state and native governments that serve them. Sadly, the power that drives governments to ship cutting-edge digital performance is identical power that will introduce extra threat — the necessity for velocity.
Digital Authorities/Digital Companies creates a necessity for a distributed cloud functionality to simplify complexity and to handle and safe digital property. On this surroundings of elevated complexity and demand, assaults in opposition to functions have continued to extend, together with attacks against APIs. Attackers have gotten clever to the truth that strain to innovate and to raised serve constituents has created an API-driven world. Not surprisingly, attackers wish to capitalize on this.
Addressing constituent expectations with the anticipated alacrity signifies that, in some circumstances, functions and APIs might not be correctly developed, managed, inventoried, and secured. Whereas there are a number of methods to handle this threat, the power to create and implement safety coverage uniformly throughout growth, deployment, and operation is likely one of the fundamental strategies. So is the power to find and safe APIs.
Synthetic Intelligence Makes a Sturdy Debut
If you have not heard tons of buzz round synthetic intelligence (AI) currently, you is likely to be dwelling beneath a rock. In all seriousness, regardless of the hype, AI has some actual functions — and penalties — for state and native governments.
On the attacker facet, AI makes the menace panorama fairly a bit broader by introducing new and novel methods through which cyber criminals can improve each the sophistication of their assaults and the velocity at which they develop their assaults. On the defensive facet, AI gives alternatives to enhance and increase detection and mitigation capabilities.
One factor is definite, although: AI is a expertise that must be utilized to particular issues to be able to be used efficiently. This requires that state and native governments have an AI technique that helps them discover how greatest to defend themselves in opposition to AI-based or AI-augmented assaults, in addition to the way to leverage AI internally to unravel particular safety issues or to raised mitigate threat.
Legacy Modernization Stays a Concern
State and native governments proceed to strategically migrate functions and APIs to the optimum environments. What the optimum surroundings is could differ, in fact. Typically, the migration could also be from on-premises to public cloud. In different circumstances, it might be from on-premises to non-public cloud/knowledge heart. In some circumstances, the migration could even be again to on-premises from the general public cloud.
No matter which functions and APIs are heading to what environments, legacy modernization is nicely underway. The combo of environments that outcomes will should be correctly managed and secured, irrespective of its complexity. Given this, it is sensible that Legacy Modernization stays a high precedence this 12 months.
Why Purposes and APIs Are Central
Subjects of curiosity and priorities shift from 12 months to 12 months in lots of sectors, and state and native authorities is not any exception. One factor that is still fixed, although, is that the highest priorities have to cowl the safety of functions and APIs.
Governments have to be ready to take care of the complexity, in addition to the administration and safety obligations, that include the fashionable infrastructures required to assist these functions and APIs. The NASCIO high 10 definitely captures that.
Author: Joshua Goldfarb
Date: 2024-02-12 13:00:00
