Cloud is the norm for Australian organisations, with 80% of all enterprise applications to be hosted in cloud environment by 2025. In a post-GDPR world, organisations can no longer afford to take risks when it comes to securing applications in the cloud. We only need to look at the recent PageUp data breach, deemed by some as ‘Australia’s Equifax’, to understand just how vulnerable applications are. The big question is, in today’s on-demand society, how can we secure apps without compromising speed and scalability?
The mainstream use of multiple clouds means that our approach to application delivery needs to be carefully considered in order to maximise app performance while offering common policy, security and visibility across all cloud and legacy environments.
According to the State of Application Delivery survey, app developers care about speed, scale and security. The research found that they prioritised app acceleration (34%), Web Application Firewalling (WAF) (26%), load balancing (21%), Transmission Control Protocol (TCP) optimisation (20%) and content caching (17%) among other application services.
However, without a cloud native solution and a per-application services approach, there is a risk that developers will be hamstrung into creating slower, vulnerable solutions that are not able to manage surges in traffic or growth.
Bespoke application security
In 2017, F5 Labs reported that applications are the biggest targets of cyber-attacks, revealing that they are the initial target of 53% of data breach attempts. Application assaults increased 43% and Distributed Denial of Service (DDoS) attacks were also reported to have increased by a shocking 115% between Q3 and Q4 of 2017. What we can gather from these numbers is that 84% of cyber-attacks happen at the application level, not the network level.
Additionally, in a 2017 Atlassian survey, 50% of companies reportedly had to wait for their IT operations centre to declare a major threat before responding, as they still did not have the capabilities to manage incidents effectively.
Applications have become integral to the way we work and live, and therefore inevitably the need for application-specific security is increasing. A blanket approach is no longer effective. What works for one app, may not work for another. App-specific security measures ensure effective, time-efficient action can be taken in the event of an attack or breach.
Cloud native security solutions offer many benefits that can help companies streamline their operational efforts in the event of an attack or breach. Taking a per-app approach can enhance this ability even further. We see application services evolving to a per-app model that enables DevOps, NetOps and SecOps teams to deploy consistent and appropriately sized security services for every app, regardless of where those apps run.
A per-app approach allows for precise identification of threats, breaches and failures. This means organisations can get straight to the systems involved rather than spending valuable time figuring out which systems might be involved. Per-app architectures minimise the “blast radius” of any single breach.
Bridging the gap
Another benefit of having a cloud-native strategy is that application architects can create bespoke native apps for the cloud, rather than re-factor legacy apps. As new workloads are deployed into the cloud, a fully featured per-app services solution can be right-sized to support each one, bridging the cost gap between physical and cloud infrastructure. This delivers the same performance, manageability, security and visibility for cloud-native apps as was available in legacy architectures.
The vast majority of organisations are looking to the cloud to be a key part of their digital transformation journey. This has meant the cloud has become the de-facto app environment.
Embracing a per-app architecture approach to application delivery ensures that developers are not only getting their need to scale, secure, and accelerate apps, but also support the self-service model they expect from cloud - whether on-premises or off. Application services are critical and a per-app approach is the key to achieving this outcome.