Every API, service, dependency & sensitive data to map the application attack surface (SBOM)
If a CISO had to think about Apiiro and only think about it in one way, I would focus on this. You don’t often get to go and sit down with the CIO and talk about a win-win situation at a place like Citi. There was a group of people that we call Technology Information Security Officers. They supported close to 6000 applications, and there were roughly 200 of these folks. And their job was to work with the application development teams and ensure the security of the applications portfolio. And they did this by enforcing a controls process to ensure appropriate checks were built into the software development process. This was painful. It was painful for the information security officers. It was painful for the application development teams. One of the most important things as the CISO of any organization is to understand what your most valuable resources are. And the reality is today, people are your most valuable resource. They are the scarcest resource for any good security program.
One of the important things about Apiiro is that it is automating a huge amount of the processes and that automation creates significant efficiencies. It makes the application development life better. But more importantly, it allows an organization to actually centrally control policy that’s being enforced. Historically, you had all the processes that relied on people. Now, by essentially defining policies and having a huge amount of these decisions made by the systems, there’s not only an efficiency that’s gained, there is also consistency that’s gained. Application development teams also like consistency. Right. If they’ve engaged with two different CISOs and got two different answers before, that doesn’t happen anymore, because the vast majority is being done by the system through the automation, TISOs eliminate 80 or 90 percent of their workload, or in effect, they can actually support 10 times as much of an applications portfolio as they might have had to support historically. What I’ve loved about Apiiro when I first met them was they built a platform and from a design perspective, it was almost as if they were sitting on the shoulders of my TISOs understanding the part of their job that was just paper pushing and process and understanding the part of their job that was truly value added. Where you had to really think about the risk and the design choices that were being made. Go talk to your CIOs and say, I have a way to make your life better.