F5 recently published a report on application use and results have been showing the high adoption rate in application deployment. We talked to Kunaciilan Nallappan, APAC Marketing Director of F5 Networks, about challenges and also the future of applications security.
Indeed, recent years has seen an increase in businesses moving to cloud, as it is an efficient solution to scale base on changing needs. Moving applications from on premise datacentres to the cloud can increase resource capacity and ensure availability while reducing system management and IT infrastructure costs. However, it isn’t easy to secure and protect data in the cloud, and compared to on premise options, there is still a certain disparity in levels of security, depending on how and what resources you’re investing in.
“The key question to ask is how to maintain a consistent user experience. Applications and data have moved to the cloud but user credentials often still sit on premise. Regardless of this, the same policy framework needs to be replicated to ensure protection of the data. Identity federation ensures that users are authenticated within the safety of the corporate network, following which it will be re-directed to the application residing in the cloud.”
This is especially prominent when Internet of Things (IoT) comes into play.
“Security becomes even more important within the context of IoT because it impacts transportation, utilities, government and critical infrastructure. For example, in a world where power meters are getting replaced by smart meters, which come with an IP-enabled connection, cyber criminals can potentially hack into the power system nerve centre via a compromised remote meter. It becomes an imperative to build security into the devices itself, while ensuring there’s still enough protection sitting in front of the core app, in case of a compromise.”
Regardless of how fast the technology is changing, it is up to local businesses to adopt these technologies and mind set. There have been ideas bouncing around the industry about ASEAN regions being late adopters due to existing infrastructures as well as culture and mind set. Nallappan observes that the region moves in different speeds based on nations and generalised statements won’t cut it.
“The ASEAN region is very heterogeneous, with different countries at different stages of economic development, and hence varying degrees of cloud adoption. Singapore clearly leads the region in cloud adoption as a result of initiatives by the government. This is followed by countries like Malaysia, Indonesia and Thailand who have all announced initiatives on this front. Nations like Vietnam, Myanmar and Cambodia are still in the process of building up their technology infrastructure and therefore may take some time for mainstream cloud adoption.”
During the second MSC Malaysia Cloud Conference, Malaysia Digital Economy Corporation (MDEC) has mentioned that Malaysia's cloud business has grown 53 percent YoY, but Malaysian businesses need to increase their cloud adoption efforts to realise enhanced business gains as well as to close the gap with other countries in the region.
According to F5’s results, 45% of businesses deploy between 1 and 200 applications, while 17 % deploy between 201 and 500 applications. This means reliable access to mission-critical applications is still vital for businesses, but data security is also an area that is in most businesses minds – with so much at stake, it is only natural that businesses look for assurance that their digital assets will be secure.
“The growing number of applications and the proliferation of apps means that businesses are more vulnerable to cyber threats as these apps are deployed outside of the enterprise datacentre and on mobile devices. This movement has caused a shift in the “perimeter” needing to be secured. Inarguably, apps are the gateway to vault of data, whether corporate or consumer. I will say look at protecting your apps, fortify the entrance.”
As mentioned by Nallappan, the number of applications deployed are not dwindling. However, these applications are not all housed in a single location; in fact, more often, they see applications sitting outside the business’ infrastructure. This makes businesses more vulnerable to attacks.
“With multiple devices accessing data from anywhere via many applications which act as the front for such data, the enterprise threat footprint has expanded. Data security concerns are real. There is a need to protect applications close to where they reside as they are the gateway to the critical data, which often is the most important intellectual property of firms. Therefore, it is important to rethink the traditional security architecture to provide for a more application centric protection, adopt a balanced posture in prevention and reaction.”
However, despite all paranoia and needs for assurance, Nallappan very aptly puts it with this - “There is no 100%, full-proof way of preventing an attack. At F5, we recommend a balanced approach towards preventing and reacting to cyber security.”
“Focus on preventing attack on the application in addition to the network by considering the adoption of a web application firewall. In addition, a robust context based application access control policy helps contain any breach and makes detection easier. It is also important to understand what’s going on in the application traffic, which is increasingly being encrypted (SSL). While SSL helps protect the data, it makes it impossible for network firewalls to analyse it as they are unable to decrypt it. Hence for an effective application & data protection, SSL visibility is a key requirement.”