PodChats for FutureCIO: Securing third-party apps

One of the defining characteristics of the digital economy is our increased dependence on third-party organisations. Whether we are manufacturers, retailers, hotels, financial institutions or government, we rely on a network of suppliers and business partners to create and deliver goods and services.While this interdependence allows us to achieve economies of scale, it also introduces risks to our business.Consider the case of Japan automaker, Toyota. In February 2022, Toyota shut down operations in Japan after a major plastic supplier, Kojima Industries, suffered a data breach. Kojima had remote access to Toyota manufacturing plants, greatly increasing Toyota’s risk. As a result of the temporary shutdown, Toyota suffered financial and operational losses.These third-party risks extend all the way to our technology suppliers. Consider the case of SolarWinds and Kaseya – both are trusted names in their industries. When both suffered a breach, the attack cascaded down to their customers.So how do you protect your business when the potential threat is from outside your control. With us today on PodChats for FutureCIO is Siddharth Deshpande, Field CTO, Asia Pacific, Palo Alto Networks, to talk to us about securing the outside from within.Siddharth, welcome to PodChats for FutureCIO.1.        What are the hidden risks and threats posed by Third-Party Code? 2.        How can Infrastructure-as-code play a key role in supply chain protection? a.       Misconfiguration vulnerability.3.        How can code security prevent vulnerabilities and compliance violations in container images?4.        What is the significance of policy-as-code in the provision of controls built into code?5.        Most of the modern application code is made up of open-source dependencies. How can the industry build confidence in open-source security?6.        As organisations pursue cloud-native applications, and work more collaboratively with third-party partners, what is your advice for CIO/CISO and CTO in securing third party applications?

There are no comments yet.

Please log in to write the first comment.