Application Security in Today’s Multi-Cloud World

Managing applications in heterogeneous cloud environments introduces new challenges for IT, DevOps and application owners. One of these challenges of is that each environment offers different capabilities, resulting in inconsistent management and deployment of application delivery and security services, policies and configurations.

As applications migrate to the cloud, gaining actionable visibility into application health and service-level agreements (SLAs) becomes critical since each application may require a different tool to monitor performance.

In such a dynamic environment where each application has its own set of requirements, it is almost impossible to accurately plan for the application delivery and security licenses required for each environment. As a result, IT departments face risks when budgeting for application delivery and security solutions.

Microservice & Security

As organizations transition to the cloud, many are adopting microservice architecture to implement business applications as a collection of loosely coupled services. Some of the reasons to move to this architecture is to enable isolation, scale, and continuous delivery for complex applications. Many of these loosely coupled services are also Function-as-a-Service (FaaS) and use Representational State Transfer (ReST) APIs.

[You may also like: Microservice Architectures Challenge Traditional Security Practices]

That’s a lot of attack surface which wasn’t exposed when the applications were monolithic. Adopting microservices doesn’t remove the traditional security and application availability concerns.

Hackers are also taking advantage of internet turning dark – increasing adoption of SSL encrypted traffic.

(Source: Google Transparency Report, captured 2020-03-03)

Attacks are More Successful

The recent ransomware attacks highlight the need to secure against denial of service and application attacks. The primary goal of cyber‐attacks is service disruption, followed by data theft. Service disruption creates poor customer experience, and perpetrators know that and use a broad set of techniques to cause harm. These include bursts of high traffic volumes, which do not leave time for mitigation teams to get a grip, usage of encrypted traffic to overwhelm security solutions resource consumption, and crypto‐jacking that reduces the productivity of servers and endpoints by enslaving their CPUs for the sake of mining cryptocurrencies.

[You may also like: The Move to Multiple Public Clouds Creates Security Silos]

Attacks are also more targeted and more successful – more result in a complete outage rather than merely service degradation. According to Radware research, data breaches are expensive, and the costs are only going up. Those reporting attacks that cost 10 million USD/EUR/GBP or more almost doubled last year — from 7% in 2018 to 13% in 2019. Half of the respondents estimated that an attack cost somewhere between 500,001 and 9.9 million USD/EUR/GBP.

Every cloud has a different options, product offering and ways of securing applications. This is one critical area where you MUST standardize profiles and policies for your applications. Application protection is a lot more than just preventing OWASP Top 10 attacks. In addition to protecting applications against XSS, SQL Injection, and others it is also about protecting against API abuse, bad bots, vulnerability exploits and application denial of service.

Best Practices

To ensure secure application delivery the best practices include:

  1. Applying consistent policies across multiple deployments
  2. Preventing configuration errors from creeping in during deployment by automating as much as possible
  3. Addressing issues such as phishing and social engineering that play a large part in human failures
  4. Ensuring that the applications are accessed by the right users that are authorized and authentic
  5. Keeping all attacks out of the corporate / virtual private networks
  6. Gaining actionable visibility

As many of us are now working remotely, organizations have moved many of their applications to the cloud to take advantage of the flexibility. This does address the immediate need to scale access but creates many security challenges that must be addressed to keep both customer data and corporate IP and businesses safe from hacking attempts. Part of the solution is to address the human aspects of security weakness by educating and automating, the other aspects are to adopt best practices and implement multi-layered approach to securing these applications.

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has been a part of executive teams of four software and network infrastructure startups, all of which were acquired. Before Radware, Prakash led product management for Citrix NetScaler and was instrumental in introducing multi-tenant and virtualized NetScaler product lines to market. Prior to Citrix, Prakash held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center