Foundations For a Robust On-Prem and In-the-Cloud Security and DR Strategy
Modern applications are composite, distributed, and potentially deployed in multiple cloud and hybrid environments. This architectural complexity increases their vulnerability to threats and availability issues. Breaches in 2023 show that no entity is immune to breaches. Breaches can occur due to various reasons, including phishing, API vulnerabilities, insecure tools, and third-party issues. Breaches can also occur due to misconfigurations and stolen identities.
Challenges to securing distributed applications often stem from a lack of expertise, especially in multi-cloud deployments, where respondents expressed uncertainty about the security of their apps due to differences in environments and tools.
Even though traditional security measures are still required, the impact of outages and the porous nature of network and infrastructure security can now be addressed by deploying newer architectures like zero trust for access, using identity as a perimeter, and implementing security service and network edges.
High Level Use Cases
Let us look at the high-level use cases for application delivery and security:
- Application delivery focuses on making applications available, performant, and recoverable in the face of denial-of-service attempts, service provider outages, and scaling application services in response to increased usage.
- Application visibility into traffic is necessary to prevent hacking, conduct root cause analysis, and prevent breaches or in case of a breach, be able to conduct a forensic analysis.
- Application security, which includes processing SSL transactions and securing applications from malicious hacking attempts includes securing access to applications, protecting proprietary data, detecting any embedded threats in the incoming requests that may otherwise look legitimate, maintaining a security posture, and securing data storage. Security of a distributed application should also involve securing against inadvertent third-party security breaches.
Building a Strong Foundation – The Building Blocks
The building blocks needed to address the above high-level use cases are categorized into making applications available, making applications secure, and providing application visibility while protecting the cloud and network infrastructure used to access these applications.
- Application scalability uses techniques such as clustering and load balancing to both scale application instance as needed and distribute client request across them. Multiple zones, data centers, server load balancing (SLB), and multiplexing client requests across application instances can be used to ensure high availability and disaster recovery. Global server load balancing (GSLB) is another necessary technique to distribute requests across multiple data centers, cloud providers, or regions. Front-end optimization can augment typical caching and compression to optimize network traffic and make request processing performant.
- Application visibility requires integration of security dashboards across distributed application deployment and various network and application security and availability solutions to provide timely event alerts and logs. Logs play a crucial role in proactive monitoring and response to security events. Logs are also critical for analyzing events and creating attack storylines. It is recommended to stitch events (SIEM) across application and storage access (IAM, CASB, CIEM), privilege escalation (PEM, CIEM), and application requests (WAF, WAAP, API Gateways, RASP) into a storyline and use analytics (SIEM) to narrow into those that are threats and actionable (Threat Detection and Response).
- Methods to secure cloud and network infrastructure may include using denial of service protections, SSL inspection, intrusion detection and prevention systems (IDS/IPS), and network firewalls. Identity and access management (IAM), identity verification, multi-factor authentication, and application authorization are the best practices for securing application and API access and augmenting the concept of zero trust access (ZTA) to enforce all access. Security posture assessment and the need to protect publicly exposed assets should be a priority. User permissions and entitlements are common reasons for breaches, and the principle of least privilege is recommended. Application security also involves responding to events in real time and correlating events to create a storyline of attacks that should be a default practice in a SOC. Many products such as WAF, WAAP, API gateways, and runtime application self-protection (RASP) can strengthen application security on top of secure coding practices.
