Hi All,
NSA just published CSI Advancing Zero Trust Maturity Throughout the Application and Workload Pillar
In the current digital landscape where malware and emerging online threats continue to evolve and become more sophisticated, it is imperative that organizations prioritize cybersecurity as essential to their operations. Information Technology (IT) professionals are keenly aware of the security challenges facing applications, but workloads are every bit as important to consider in this domain. Workloads represent computational tasks, which encompass multiple programs or applications performing those tasks by utilizing computing, data, networking, and storage resources. Workloads evolve over their lifecycle through mission development, test, and production scenarios. "A workload is an expression of an ongoing effort of an application AND what is being requested of it … Applications tend to shape the characteristics of the workload itself by how it processes the data, or the software limits inherent to the solution." [1] Workloads can be comprised of services across multiple clouds, with application programming interfaces (APIs) connecting to third parties and sensitive databases that require different levels of access. To navigate the complexities of managing workloads across computing environments and workflows, organizations are turning to advanced tools such as backend APIs, workload automation software, artificial intelligence (AI) predictive analytics, and cloud management platforms. [2] These tools enable organizations to achieve their mission of interconnectedness, scalability, and usability by interacting with and exchanging data. This exchange of data creates opportunities for malicious actors to target business applications and workloads, as well as the methods used to safeguard them, leading to security challenges. This cybersecurity information sheet (CSI) provides recommendations for achieving progressive levels of application and workload pillar capabilities and further discusses how these capabilities integrate into a comprehensive Zero Trust (ZT) framework. [3] National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) owners should use this and other guidance to develop concrete steps for maturing their application and workload security.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------