A large number of companies today have deployed web applications across multiple clouds and hybrid environments. Yet the existing models for application security are not robust, and are old. They cannot live up to the task of providing top-notch, consistent and seamless application security across cloud servers.
This is where Radware’s new application security architecture comes in handy. It aims to solve not just this problem but other relevant problems too. It is an innovative architecture, based on API and a typical out of the box solution which promises to provide industry-leading application security solutions.
Moreover, it also promises to provide consistent protection across any kind of cloud and reduces latency without the need of sharing customer SSL keys.
Cloud has paved the way for the age of multi-cloud
These days organizations are no longer just moving to the cloud because they have already been there for quite some time.
As per the report of IBM, titled Turbonomic State of Multi-Cloud 2021, almost 96 percent of companies deploy at least one public cloud environment.
Now let us move on towards understanding the multi-cloud. As per the same study, almost 60 percent of companies are running two or more public cloud environments, and 30 percent run three or more public cloud environments.
Adding to the complexity is the fact that almost a third of these companies are operating private cloud environments in addition to their public cloud option. This indicates that a vast majority of firms today are multiple cloud, or in short, hybrid organizations.
As a consequence, security managers and application owners having web applications deploy across such distribute environments are nowadays facing a new challenge. Their call-to-action is to maintain top-grade and consistent application protections across their variety of platforms. At the same time, they are ensuring that there are no gaps in security, management or reporting.
The main issue however is that the traditional application security tools they have are no longer up to such a task.
Application Security (AppSec) solutions that are existing cannot keep up
At the moment, application security in cloud environments is usually manage in one of the following three ways:
• Cloud WAF services based on CDN: These solutions function on the top of well-established CDN networks, external to the public cloud environment.
All traffic is route via the CDN network before it is being route to the application server in the public cloud. While these solutions can give cross-cloud protection and centralized control,
they need DNS routing alterations hence creating complicated logical routing paths and addition of more latency and another point of failure.
With traffic today being encrypt, they also need sharing the application’s SSL key with the 3rd party CDN vendor.
• Native security tools IaaS vendors:
The native app security tools offer by most IaaS providers are often built directly into the IaaS stack and are easy to implement.
Yet they frequently give a low level of security. Moreover, as they are tie to a particular cloud environment, they don’t include the cross-cloud capabilities need for protecting
other public cloud, private cloud or other environments present on site.
• WAF virtual appliances: Depending on the vendor providing them, such appliances can provide
a top level of protection but they come at the expense of high operational and management overheads.
Additionally, they usually are point based solutions needing additional tools for bot, API and DDoS protection.
What is needed for modern day cross-cloud application security?
For applications to be completely secure in the face of the landscape of modern threats, they require
modern solutions supporting frictionless cross-cloud application security. These solutions include the following:
• Advanced top-grade application protection: Apps need security mechanisms which can give top class protection against all app attack vectors.
• Comprehensive security: Applications need security tools that will
protect them against app attacks and emerging threat vectors and attack surfaces like bots,
API vulnerabilities and Application-layer (L7) DDoS attacks.
• Deployment without friction: Security tools need to be well integrate with modern agile development tools and methods. Anti DDoS protection can be guaranteed once the CI/CD progress or gaps between application deployment and application security are fulfilled.
