Third-Party Integrations: Friend or Foe?

Microservice architecture is becoming increasingly common with the democratization of cloud computing power, and more and more organizations are realizing that it's often simply easy to pay for a particular service instead of building it from scratch. The result is that many large organizations often have to grapple with hundreds if not thousands of such third-party integrations. However, performing risk analysis about these interactions—especially when it relates to the sharing of data—can be extremely time-consuming if not impossible.

In this talk, we will briefly cover typical third-party integration flows within an organization, from request to implementation. We will identify common gaps in security visibility and access, and discuss various solutions with their degree of efficacy as we have measured. We will argue that it is through these improvements that you will be able have not just a more holistic, but more consistent risk map of your organization's assets.

The aim of this talk is to show that the boring, grueling work in security is just as important as exciting 0-days! We hope to also show that there are still new exciting metrics and incident response systems you can derive from these processes.