Securing applications in the multi-cloud: Where should organizations start?

The cloud represents a gamechanger in the way businesses access and use technology, but it’s also brought with it major implementation challenges. The most fundamental of these is simply that the cloud comprises multiple services and platforms, which has made integration a critical piece in the cloud strategy puzzle.

According to Radware’s The State of Web Application and API Protection report, 70% of production web applications now run in cloud environments. Application development and deployment is also becoming more diverse, which means that most organizations are now dealing with hybrid, heterogeneous environments that span public clouds, private clouds and on-premise data centers.

[You may also like: If You Can Answer These Questions, You Have Good Application Visibility]

To ensure coherent, comprehensive application protection in a diverse environment, organizations must begin thinking about security differently. Failure to get this element spot on leaves data in the cloud vulnerable, generating a world of cybersecurity risk organizations are desperate to avoid.

Radware asked its in-house experts for the advice they’d give to organizations managing and securing applications in the cloud. Where should they start?

Decouple from your CDN and cloud hosting provider

Marius Baczynski, Radware director of cloud security services

When your applications are in the cloud, migrate your application security to a specialist cloud security service decoupled from your CDN and cloud hosting provider. This approach provides some important benefits:

• Rapid application onboarding capabilities and unlimited scale to cater to exponential growth in application consumption.
• Sophisticated security capabilities compared with native public cloud solutions.
• A single security policy control point for your entire application estate (including any applications which remain on-premise).
• Freedom to change your connectivity, CDN, and hosting providers without impacting your application security policy.
• Native out-of-path deployment options to reduce points of failure, improve application performance, enhance your regulatory capabilities, and help maintain strict public cloud SLAs.
• Significant OPEX reduction compared with an on-premise alternative.

Cloud-based application security is built in the cloud and designed for the cloud — the ideal solution for any organization’s cloud migration journey.

[You may also like: A New Security Approach for the New Age of Multi-Cloud]

Use a web application firewall so your development teams can innovate without interruption

Howard Taylor, Radware CISO

Agile software development, multi-cloud deployments and the demand for more sophisticated digital experiences have conspired to create an environment where data is left vulnerable. The urgency to deliver complex applications and new features with zero time to market has become standard practice. Businesses are under increasing pressure to innovate and move faster, conducting sensitive business and customer transactions over a wide range of networks and devices, each one with its own set of risks. So how do you stay ahead of the competition without sacrificing security?

The reality is development tools, middleware, and other software components are subject to zero-day vulnerabilities, back doors, and other flaws that may bring a business to its knees. Not to mention the coding errors that are not detected due to the speed of the process.

This is the place for a Web Application Firewall (WAF) to shine. A WAF isolates your business web application from a myriad of threats and provides a strong, flexible defense. You can rapidly tune a WAF to mitigate the latest risks, enabling your development teams to design and implement fixes to their applications without interruption. The WAF will provide your teams time to perfect the imperfect!

Deploy a single pane of glass

Gabi Malka, Radware COO

Transitioning to the public cloud is a journey. The reality is hybrid environments are here to stay. Most organizations end up with a multi-cloud strategy supported by several vendors. To make sure your security posture is tight and well controlled across all form factors, it’s important for security to seamlessly flow across on- and off-premise environments orchestrated and governed from single pane of glass. The alternative is managing multiple, segregated, vendor-specific tools and integrations that are not only sub-par in cyber protection, but also more complex to monitor, operate, and align over time.

Conclusion: Some solutions will be small and simple, but others will require a long-term outlook

Radware’s The State of Web Application and API Protection report found that during 2020, 98% of respondents recorded attacks on their applications. Clearly, countering this threat level demands that security become integrated at every level or organizations will find themselves embracing the cloud while opening the door to a new era of risk.

Cloud providers claim they offer solutions to some of these security challenges, but the shared security model this implies should never be taken on trust. When problems surface, it is the organization whose reputation will be on the line, not the provider’s.