Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications

It’s no secret that organizations are embracing the cloud and all the benefits that it entails. Whether its cost savings, increased flexibility or enhanced productivity – businesses around the world are leveraging the cloud to scale their business and better serve their customers. They are using a variety of cloud solutions – both private and public – and relying on multiple cloud hosting vendors to facilitate this growth. But as the saying goes – there is no such thing as free lunch. A hybrid cloud environment leads to an overall loss of control and visibility into the network, and in turn, can bring a host of security challenges.

Disappearing Network Perimeter

cloudy

As more services and applications are moved outside the enterprise perimeter and onto the cloud, the traditional network perimeter is going away. The hosting of applications is often distributed, and while some applications are being migrated to the cloud, others are still in transition or may remain on-premise. Organizations are now faced with the need to protect their applications everywhere – on-premise and in the cloud.

This leaves the door open for attackers. They now have a new target and instead of targeting just the on-premise applications, they are going after applications in the cloud. Organizations that rely solely on on-premise attack mitigation are leaving their cloud-based applications vulnerable to attacks.

Increased Dependency on Multiple Vendors

Most companies use multiple cloud vendors for hosting various aspects of their infrastructure. Some organizations choose to deploy a multi-cloud strategy for redundancy – to limit risk of downtime in case of failures and also reduce the risk posed by relying on a single vendor. In other cases, applications that have different needs in terms of bandwidth and availability are hosted on different cloud services to fit their specific needs. In addition, a multi-cloud strategy can be used to provide geographically diverse service across multiple cloud centers.

The use of a multi-vendor cloud hosting strategy complicates the ability to protect applications. It introduces dependency on the security solutions provided by each cloud vendor, which can offer varying degrees of protection. Overall this further limits the control and visibility of the organization’s infrastructure, making it harder to protect and manage multiple instances.

Rise in Popularity of Web Based Attacks

In today’s evolving threat landscape, the task of ensuring application availability is becoming more complex. As attacks are getting longer, larger and more sophisticated, organizations need to be able to protect their applications from a large variety of security threats, including:

  • Web-based attacks mostly known through the Open Web Application Security Project (OWASP) Top 10, which lists out the most common web-based threats. This category includes threats such as SQL Injections, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which are typically not covered by traditional firewalls and intrusion detection systems (IDS). There is also a host of web-based attacks beyond the OWASP Top 10, such as Brute Force attacks, that should also be considered when looking at application security.
  • Availability based attacks – Distributed Denial of Service (DDoS) attacks at both the network and application layers. This includes the use of automated programs (bots) as well as humans to launch attacks aimed at exhausting application resources.
  • Multi-vector attacks – Sophisticated attacks that leverage multiple attack vectors are a common form of attack today. Rarely do we see attacks that only use one single vector. To deal with multi-vector attacks, organizations need a layered protection solution that can detect and mitigation attacks at all layers of the network.

Organizations’ New Requirements

Overall, organizations are facing several new challenges that lead to greater value requirements from security solutions, such as:

Protecting applications in a dynamic and moving environment. Organizations are faced with a distributed network and disaggregated applications. As such, they need a solution that can provide protections to applications regardless of where they are located. A hybrid solution is the best approach to provide comprehensive protection for applications – both on-premise and in the cloud – and can work across multiple cloud vendors. It removes the dependencies on different third parties and consolidates the protection of applications in a single-vendor, single-technology solution.
Wide protection coverage that covers the full range of attacks from network- and application layer DDoS attacks (including volumetric attacks), to more common web-based attacks (SQL Injections, XXS), all the way to the more advanced web attacks (Cookie Poisoning, XML and web services attacks). With the popularity of multi-vector attacks, having wide protection coverage is critical to eliminate any blind spots in the network that an attacker can leverage.

injections

(Image Source: Shutterstock)

Ease of use and serviceability must be established to lift the burden off the IT and Security teams in the organization. Setting up and configuring some solutions requires a lot of manual work and ongoing maintenance. It’s important to pick a solution that is both easy to set-up and easy to maintain. A fully managed cloud service that includes 24/7 support and monitoring as well as ongoing reports can help provide that.

With the enterprise perimeter disappearing and the increase in third party security dependencies, coupled with the rise in more sophisticated, multi-vector attack campaigns, organizations need to carefully examine the security solutions available to them and make sure they address these new challenges.

shiraBy Shira Sagiv, Director of Security Solutions, Radware

Radware is a global leader of application delivery and application security solutions for virtual, cloud and software defined data centers. Its award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

Syndicated Technology News

email as a service

Cloudflare Collaborates with Google Cloud to Fund Developer Innovation

Collaboration Offers Developers $100,000 in Cloud Platform Credits SAN FRANCISCO, Sept. 19, 2017 (GLOBE NEWSWIRE) — Cloudflare, the leading Internet performance and security company, is collaborating with Google Cloud to help support developer innovation on the Cloudflare Apps Platform. Starting today,…
larry-ponemon

2017 Ponemon Institute Study Finds SMBs are a Huge Target for Hackers

Negligent Employees and Poor Password Policies are the Weakest Links Negligent employees are the #1 root cause behind data breaches across North America and the UK Ransomware is hitting SMBs hard with more than 50% experiencing an attack Attacks are becoming costlier…

Hackers compromised free CCleaner software, Avast’s Piriform says

Hackers compromised free CCleaner software SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent…