In decades past, computer programs would support the work of teams within businesses, usually by storing data and documents. These programs were hosted by owned servers on-premise, using excessive infrastructure to store and compute. Users would have to be physically in the office to login and use the program from a company computer.
Companies began storing increasing amounts of valuable data digitally, and IT security spend increased accordingly. Firewalls and anti-virus programs protected the information, keeping it safely locked up inside the office.
We then migrated to web-based services, heralding the beginning of the work-from-home revolution. It empowered employees and reduced the need for storage and hardware, at a cost, of course.
The app revolution
In recent years, the app revolution has fundamentally changed the way businesses operate. It has increased efficiencies, opened up new streams of revenue and go-to-market strategies for almost every industry sector, and unlocked technology for those beyond the IT team and specially-trained staff members.
Apps that help people manage and streamline their day-to-day tasks are the norm – whether that’s Workday for HR, Concur for finances or Marketo for marketing. Apps aren’t just storage or basic functions, they are integral to the entire workload of teams and businesses.
A marketing team that uses an application like Marketo will not be able to fulfil the majority of their daily tasks if the app is inaccessible, or too slow. This makes cloud environments ideal for hosting the app, making it accessible from anywhere, at any time.
As the cloud ecosystem has matured in Australia and New Zealand, apps are increasingly being hosted in a mixture of private and public cloud architectures, with seamless transitions between the two. Their speed and ease of use allow users to not have to think about where their valuable data actually resides.
Securing the new perimeter
Nefarious operators have been quick to spot the opportunity that apps present. All those firewalls and password-protected desktop computers are just not worth attacking anymore. However, apps present a much easier target, as security has been overlooked in favour of speed and user experience in the development stage.
The industry has long described the variety of security solutions needed as a castle protected by crenulations, a moat, a drawbridge, and anything else the business has the resources to invest in.
But if we’re going to follow this analogy, the reality is the king has left the castle.
The data, identities and access that represents so much value for black-market operators are all outside the protective walls – in apps.
Gartner revealed that 90% of IT security budgets are spent on protecting the traditional network perimeter – i.e. The castle. But 72% of today’s security breaches are not within the traditional perimeter, they are due to compromised user identities and vulnerable applications.
Apps’ unique vulnerabilities
If you are part of the 60% of people we asked in the 2016 State of Application Delivery Report who use 10 or more apps, there is a reasonable chance they will be vulnerable. Attacks such as SQL injections and TLS protocol exploits are particularly effective against apps.
WhiteHat Security reports that applications are regularly vulnerable 151–270 days a year in more than 50 percent of cases. Consequently, for more than half of businesses, over half their applications are regularly vulnerable half the time.
Deploy an insecure application, and you risk breaches, regulatory fines, downtime, and damage to the business. Deploy an application with excessive security policies, and you increase operational complexity, leading to inefficiencies and loss of productivity.
To deploy applications with the right level of protection, without excess overheads, and as fast—or nearly as fast—as the business would like, you need to take the best parts of your enterprise security practice and fuse them with the flexibility of cloud deployment. This can help organisations defend their critical applications at the load-balancing level against sophisticated and numerous attacks.
In Australia and in New Zealand, we’re seeing a rise in virtual security solutions. Designing hybrid environments ensures businesses’ applications are prepared from a security perspective, without compromising on efficiency and speed.
Security services must be deployed as part of an integrated system that deploys all of the application delivery services required. This means different security policies are matched to the requirements of different applications. It balances protection with agility, giving businesses and end-users the operational efficiency required in this app-driven world.
Rob Malkin is managing director of F5 Networks, ANZ.