Securing your apps to protect the larger network

Security services must be deployed as part of an integrated system that deploys all of the application delivery services required.

Parag Khurana Feb 06th 2017 A-A+

From the early age of computer technology, programs would support the work of teams within businesses, store data and documents on owned servers that were on premise. The computation and storage of this data would be done through significant infrastructure on campus. Users could only access this data by being physically present at the work terminals. As companies began storing increasing amounts of valuable data digitally, and IT security spend increased accordingly. Firewalls and anti-virus programs protected the information, keeping it safely locked up inside the office.

We then migrated to web-based services, heralding the beginning of the work-from-home revolution. It empowered employees and reduced the need for storage and hardware, at a cost, of course.

The app revolution

The last few years, with the advent of apps, we have seen a revolutionary change in the way business is conducted. Companies have witnessed raised efficiencies, unlocked potential revenue streams and go-to-market strategies across industry sectors. Apps also empowered staffs beyond the IT team that were not specially trained.

There is an affinity to use apps that help people manage and streamline their day-to-day tasks. Many such apps include Workday for HR, Microsoft Office Suite for productivity, Linkedin Sales Dashboard for lead generation and using a host of communication apps that are integral to the entire workload of teams and businesses.

In India most people leapfrogged onto using apps for doing business thus unlocking productivity and increasing efficiency. Indians are extremely comfortable in using apps for communication (WhatsApp messenger has a 91.72 % weekly active penetration rate)[1]. In fact, the top three apps in India are used for communication and networking. The speed and ease of use makes users opt for these apps while not realizing the exposure to the valuable data that resides there.

Securing the new perimeter

Nefarious operators have been quick to spot the opportunity that apps present. All those firewalls and password-protected desktop computers are just not worth attacking anymore. However, apps present a much easier target, as security has been overlooked in favor of speed and user experience in the development stage.

The industry has long described the variety of security solutions needed as a castle protected by crenulations, a moat, a drawbridge, and anything else the business has the resources to invest in.

But if we’re going to follow this analogy, the reality is the king has left the castle.

The data, identities and access that represents so much value for black-market operators are all outside the protective walls – in apps.

Gartner revealed that 90% of IT security budgets are spent on protecting the traditional network perimeter – i.e. The castle. But 72% of today’s security breaches are not within the traditional perimeter, they are due to compromised user identities and vulnerable applications.

Apps’ unique vulnerabilities

If you are part of the 60% of people we asked in the 2016 State of Application Delivery Report who use 10 or more apps, there is a reasonable chance they will be vulnerable. Attacks such as SQL injections and TLS protocol exploits are particularly effective against apps.

WhiteHat Security reports that applications are regularly vulnerable 151–270 days a year in more than 50 percent of cases. Consequently, for more than half of businesses, over half their applications are regularly vulnerable half the time.

Deploy an insecure application, and you risk breaches, regulatory fines, downtime, and damage to the business. Deploy an application with excessive security policies, and you increase operational complexity, leading to inefficiencies and loss of productivity.

To deploy applications with the right level of protection, without excess overheads, and as fast—or nearly as fast—as the business would like, you need to take the best parts of your enterprise security practice and fuse them with the flexibility of cloud deployment. This can help organisations defend their critical applications at the load-balancing level against sophisticated and numerous attacks.

With a heightened sense of vulnerability among companies in India, there is a growing demand for virtual security solutions. Designing hybrid environments ensures businesses’ applications are prepared from a security perspective, without compromising on efficiency and speed.

Security services must be deployed as part of an integrated system that deploys all of the application delivery services required. This means different security policies are matched to the requirements of different applications. It balances protection with agility, giving businesses and end-users the operational efficiency required in this app-driven world.

The author is managing director-India & SAARC, F5 Networks

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).

 



[1] According to China-India Internet Market Comparative Report by Cheetah Global Lab