Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications

It’s no secret that organizations are embracing the cloud and all the benefits that it entails. Whether its cost savings, increased flexibility or enhanced productivity – businesses around the world are leveraging the cloud to scale their business and better serve their customers. They are using a variety of cloud solutions – both private and public – and relying on multiple cloud hosting vendors to facilitate this growth. But as the saying goes – there is no such thing as free lunch. A hybrid cloud environment leads to an overall loss of control and visibility into the network, and in turn, can bring a host of security challenges.

Disappearing Network Perimeter

cloudy

As more services and applications are moved outside the enterprise perimeter and onto the cloud, the traditional network perimeter is going away. The hosting of applications is often distributed, and while some applications are being migrated to the cloud, others are still in transition or may remain on-premise. Organizations are now faced with the need to protect their applications everywhere – on-premise and in the cloud.

This leaves the door open for attackers. They now have a new target and instead of targeting just the on-premise applications, they are going after applications in the cloud. Organizations that rely solely on on-premise attack mitigation are leaving their cloud-based applications vulnerable to attacks.

Increased Dependency on Multiple Vendors

Most companies use multiple cloud vendors for hosting various aspects of their infrastructure. Some organizations choose to deploy a multi-cloud strategy for redundancy – to limit risk of downtime in case of failures and also reduce the risk posed by relying on a single vendor. In other cases, applications that have different needs in terms of bandwidth and availability are hosted on different cloud services to fit their specific needs. In addition, a multi-cloud strategy can be used to provide geographically diverse service across multiple cloud centers.

The use of a multi-vendor cloud hosting strategy complicates the ability to protect applications. It introduces dependency on the security solutions provided by each cloud vendor, which can offer varying degrees of protection. Overall this further limits the control and visibility of the organization’s infrastructure, making it harder to protect and manage multiple instances.

Rise in Popularity of Web Based Attacks

In today’s evolving threat landscape, the task of ensuring application availability is becoming more complex. As attacks are getting longer, larger and more sophisticated, organizations need to be able to protect their applications from a large variety of security threats, including:

  • Web-based attacks mostly known through the Open Web Application Security Project (OWASP) Top 10, which lists out the most common web-based threats. This category includes threats such as SQL Injections, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which are typically not covered by traditional firewalls and intrusion detection systems (IDS). There is also a host of web-based attacks beyond the OWASP Top 10, such as Brute Force attacks, that should also be considered when looking at application security.
  • Availability based attacks – Distributed Denial of Service (DDoS) attacks at both the network and application layers. This includes the use of automated programs (bots) as well as humans to launch attacks aimed at exhausting application resources.
  • Multi-vector attacks – Sophisticated attacks that leverage multiple attack vectors are a common form of attack today. Rarely do we see attacks that only use one single vector. To deal with multi-vector attacks, organizations need a layered protection solution that can detect and mitigation attacks at all layers of the network.

Organizations’ New Requirements

Overall, organizations are facing several new challenges that lead to greater value requirements from security solutions, such as:

Protecting applications in a dynamic and moving environment. Organizations are faced with a distributed network and disaggregated applications. As such, they need a solution that can provide protections to applications regardless of where they are located. A hybrid solution is the best approach to provide comprehensive protection for applications – both on-premise and in the cloud – and can work across multiple cloud vendors. It removes the dependencies on different third parties and consolidates the protection of applications in a single-vendor, single-technology solution.
Wide protection coverage that covers the full range of attacks from network- and application layer DDoS attacks (including volumetric attacks), to more common web-based attacks (SQL Injections, XXS), all the way to the more advanced web attacks (Cookie Poisoning, XML and web services attacks). With the popularity of multi-vector attacks, having wide protection coverage is critical to eliminate any blind spots in the network that an attacker can leverage.

injections

(Image Source: Shutterstock)

Ease of use and serviceability must be established to lift the burden off the IT and Security teams in the organization. Setting up and configuring some solutions requires a lot of manual work and ongoing maintenance. It’s important to pick a solution that is both easy to set-up and easy to maintain. A fully managed cloud service that includes 24/7 support and monitoring as well as ongoing reports can help provide that.

With the enterprise perimeter disappearing and the increase in third party security dependencies, coupled with the rise in more sophisticated, multi-vector attack campaigns, organizations need to carefully examine the security solutions available to them and make sure they address these new challenges.

shiraBy Shira Sagiv, Director of Security Solutions, Radware

Radware is a global leader of application delivery and application security solutions for virtual, cloud and software defined data centers. Its award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comics
The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 The lack of security of the Internet of Things captured public attention this year as massive distributed denial of service attacks took down much of the internet. The culprits? Unsecured connected devices that were easily accessed and manipulated to do the bidding of shadowy hackers. When you can’t access Netflix anymore,…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Cyber Criminals Are Business People Too

Cyber Criminals Are Business People Too

Cyber Crime Business You’re on the morning train on the way to work and take a look at the guy next to you. He’s clean-cut, wearing a crisp suit and holding a leather briefcase just like dozens of others. Just another worker headed to the office, right?. Yes, but not in the way you think…

Cyber Security: McAfee on IoT Threats and Autonomous Cars

Cyber Security: McAfee on IoT Threats and Autonomous Cars

IoT Threats and Autonomous Cars Autonomous cars are just around the corner, there have been controversies surrounding their safety, and a few doubts still hang in the minds of people who don’t like the idea of a computer driving their car. However, the biggest news stories surrounding this topic have been to do with how…