How AccuKnox Zero Trust CNAPP addresses JP Morgan Chase CISO’s Call for Supplier Security Concerns

Patrick Opet, very accomplished Cybersecurity leader, CISO of JP Morgan Chase, recently penned an insightful “Open Letter to Third Party Suppliers,” outlining critical expectations for security in the modern supply chain. His message resonates deeply, especially with RSA Conference discussions focusing on evolving threats.

This post explores how AccuKnox’s Zero Trust CNAPP directly addresses the key concerns voiced by Opet, demonstrating how comprehensive security can be woven into the fabric of development and operations, not just bolted on as an afterthought.

If these points pique your interest, we invite you to connect with the AccuKnox team @ RSA Conference. 

1. Security Should Not Be an Afterthought

The Challenge: Often, the biggest hurdle to robust security is the tension between feature development and security remediation later in the lifecycle. Product and development teams might see security as a separate, time-consuming task that slows down innovation.

AccuKnox Approach: Security must be integral to the design and development process. Activities like Threat Modeling should be standard practice whenever new components or significant changes are introduced. This ensures development teams inherently understand and mitigate security risks from the outset, embedding secure-by-design principles. 💡 AccuKnox actively assists customers in establishing threat modeling practices and provides the tooling necessary to integrate it seamlessly into their workflows.

2. Addressing the Growing Risk of Supply Chain Attacks

The Challenge: The rise of SaaS, consolidated code repositories (GitHub, GitLab), and ubiquitous open-source components dramatically increases the attack surface. Dependencies managed by individuals or smaller teams lacking deep supply chain security expertise multiply the risk.

AccuKnox Approach: We help customers implement development security best practices, including conformance to standards like SLSA Level 3. 

💡 AccuKnox provides unique tooling to secure CI/CD pipelines against tampering, preventing unauthorized processes or actions during the build and deployment phases.

3. Security Must Be Prioritized During Software Releases

The Challenge: Intense release pressure often leads to security checks being bypassed. Teams might shorten testing cycles, skip code reviews, or neglect vulnerability scans to meet deadlines, inadvertently introducing exploitable flaws into production.

The AccuKnox Approach: Rigorous security cannot be compromised for speed. AccuKnox mandates independent vetting of all releases by our cybersecurity team and utilizes a dedicated post-stage environment for security testing before production deployment. 

💡 We practice what we preach (“dogfooding”), using our security solutions to ensure everything from Code to Cognition™ is secured before release.

Ready to Embed Zero Trust Security from Code to Cloud?
See how the AccuKnox CNAPP platform provides unified visibility and control across your entire application lifecycle.
Take AccuKnox CNAPP Tour 
Book a Personalized Demo 

How AccuKnox Zero Trust CNAPP Addresses JPMC’s Key Issues

AccuKnox goes beyond simply delivering security tooling — it actively partners with customers to ensure that all configurations, policies, and enforcement mechanisms are properly set up and fine-tuned for their specific environments. By helping customers establish strong security baselines, redlines, and checklists tailored to their software release cycles, AccuKnox ensures that security becomes an integral part of the development and deployment process. Additionally, AccuKnox assists customers in embedding threat modeling practices into their CI/CD pipelines, enabling teams to proactively identify and mitigate risks early in the software lifecycle. This comprehensive, hands-on approach empowers organizations to build resilient systems while maintaining speed and agility.

The following outlines key areas highlighted by Opet and how AccuKnox addresses them.

AccuKnox has ingrained Zero Trust Implementation
Understand the core concepts of Zero Trust and how AccuKnox applies them to secure modern infrastructure.
Download the Zero Trust Security Whitepaper 
AccuKnox Differentiator – Runtime Security 

Beyond Tooling – A Partnership Approach

AccuKnox doesn’t just deliver software; we partner with our customers. We provide hands-on assistance to configure policies, fine-tune enforcement, and establish strong security baselines, redlines, and checklists tailored to your software release cycles. By embedding threat modeling and continuous security validation into CI/CD pipelines, we make security an integral, efficient part of development, not a roadblock.

In summary: Opet’s call is for security that is inherent, modern, and comprehensive. AccuKnox Zero Trust CNAPP delivers these capabilities by design, providing the proactive, integrated security posture required for today’s complex software supply chains.

You can protect your workloads and achieve runtime security using AccuKnox. AccuKnox CNAPP secures your Kubernetes and other cloud workloads using Kernel Native Primitives such as AppArmor, SELinux, and eBPF.