Zero Trust has revolutionized our approach to application infrastructure but thus far it’s been focused on employee authentication and how to properly authenticate users to other services. However, application development has evolved to API driven distributed services accessed by partners and consumers changing the requirements for zero-trust based authentication and authorization. It is no longer just authenticating a user and what they can do in an application. It’s evolved to what a service can know about a user and what a service can share about a user.
Within an API based transaction there is a need to authenticate the requestor (often on behalf of a user), authenticate the service (API), authenticate the data in the transaction and perform Authorization. Thus, these entities in the transaction all require unique identity and authorization (coarse, fine-grained & consent). Without identity, zero-trust, compliance and enforcement mandates cannot be met effectively and without authorization, weak APIs can be abused to leak sensitive data.
In this session, we will look at how rapid digitalization has complicated security efforts, the role of authentication and consent in zero-trust, and how companies can best navigate today’s high volume of cybersecurity threats.