Martin Walshaw, senior systems engineer at F5 Networks, discusses why decision-makers should reconsider their security focus this Valentine’s Day.
Love is purportedly in the air again, but is it being channelled in the right direction? As customers engage with your apps this Valentine’s, do you have the right strategy to secure a long-term relationship?
In the quick-fire, post-Tinder world, those trusty old Status Quos and battle-worn pick-up lines aren’t cutting it anymore. Staying match fit and desirable simply isn’t as easy as it used to be. It’s a feeling cybersecurity purse string-holders across EMEA are fast becoming accustomed to.
Historically, IT decision-makers splurged their budgets on their first love — the network perimeter. Times have changed, and the honeymoon period is over for traditional IT methods.
Today’s threat landscape is different. Decision-making, particularly in the C-suite, needs a radical rethink to keep pace with the rapidly evolving threat landscape. Now is the time to look at security through an application lens. According to a recent study by the University of Maryland, hackers attempt attacks every 39 seconds. Increasingly, the targets are the perceived weakest links: apps and identities. Research from F5 Labs supports this finding. Extensive analysis of 443 breaches spanning the last decade found that attackers target apps and/or stolen credentials in 86% of cases.
Looking ahead, the attacks are only going to get more voluminous, sophisticated and automated. No company with a static app security strategy can withstand cybercriminals’ sheer frequency and mutability, whether their devilry stems from malicious bots, credential stuffing, DDoS, ransomware, phishing, malware, or a host of other methods.
In such a febrile and unpredictable environment, knowledge is power. Love may be blind but, when it comes to app protection, only full visibility will do. This means covering all application traffic, drawing on advanced security portfolios with additional layers of intelligence that traditional defences leave exposed. The aim is a clean break with prevailing models, where each device provides its own protection in isolation and without context.
The cloud conundrum
Protecting enterprise data assets across dozens of applications and hundreds of servers is never easy. It becomes even trickier when cloud enters the mix.
F5’s 2018 State of Application Delivery (SOAD) report found that 54% of surveyed EMEA businesses determine which cloud is best for each application on a case-by-case basis. Prioritising a cloud scenario based on an app’s features is surely an encouraging trend, paving the way for best-in-class business value and new routes to innovation. It is also fuelling an uptick in multi-cloud deployments: 75% of SOAD respondents claim to use multiple cloud providers.
Yet, while the move towards multiplicity is undeniably exciting, it does exert new and more complex pressures on IT departments to maintain security while also delivering market differentiating services.
According to SOAD 2018, the “most challenging or frustrating” aspect of managing multi-cloud environments in EMEA is achieving consistent security policies across all company applications (42% of respondents). 39% believe the biggest challenge is protecting applications from existing and emerging threats. This has led to an increase in organisations deploying Web Application Firewalls (WAFs), with 61% now using the technology to protect their applications.
Another consequence is that application services have become more important than ever before. On average, SOAD reported that organisations in EMEA leverage 15 different application services to keep their apps fast, safe and available. Security is still regarded as the most important application service in EMEA (44%, compared to 39% globally). Interestingly, a newcomer to 2018’s “most likely to be deployed” list are app services that bridge generational gaps in protocols, environments and app architectures appropriate for business in a digital economy. In EMEA, the most popular “gateway” app services were related to the Internet of Things (34% of SOAD respondents), SDN (32%), API (32%) and HTTP/2 (28%).
A single rose signifies a beautiful gesture. Winning the hearts and minds of customers requires a singular focus on delivering competitive differentiation through innovation. First and foremost, this entails adjusting security strategies to shower more affection on applications and safeguarding data with cutting-edge solutions that enable multi-cloud optimisation.
All security postures should now be reinforced with a suite of application services specifically designed to deliver the best possible security, availability and performance. It means providing secure access on any device, in any environment, and at any time. Every season is a reason for security. Treat your apps with the respect they deserve this Valentine’s Day. You’ll feel better, earn marketplace credibility and, not least, your customers will love you for it.