By: Parag Khurana,Managing Director, F5 Networks, India & SAARC
A significant majority of business these days is conducted on apps. If yours isn’t, then it will be within next 2 years. As mobile acquires mainstream consciousness; the need for a secure application is becoming a primary concern of business leaders- not just IT teams. Global corporations are looking to manage costs by finding balance in a multi-cloud environment, combine this with that an app is a hackers’ first port of call; makes information security a high priority subject in boardrooms.
CLOUD: THE CASE FOR HYBRID
When clouds came by they were an ideal solution. They facilitated scalability, affordability, managed services, and reduced workload. A cloud business could save cost and yet be flexible & agile in an evolving market. However, many companies realized, that while public clouds had benefits, they were one part of a solution and proprietary data could not be entrusted to a public system without tighter controls. Hence, the need for Hybrid clouds.
APPLICATION SECURITY CHALLENGE
So if Hybrids are so great, then what are the challenges? The biggest strength of a cloud-based application is also its weakness. Their ability to store a significant amount of sensitive information without additional verification makes many companies wary of sharing sensitive data. Subsequently, we have seen that finance, human resource, and billing information continue to be on private clouds.
This is where the second vulnerability sets in. Any organization is a dynamic entity and when the information moves between private and public clouds it becomes difficult to secure the entry and exit points of data. This risk isn’t theoretical. A recent Gartner study reveals that as many as 72% of security breaches are due to compromised user identity and vulnerable applications.
WHY AND HOW OF CLOUD FIRST
A successful cloud strategy secures data at the level of the application layer and has security built into the business infrastructure. This ensures users are secure as they move around the web. Underlying principal being
- Identify the user
- What are they doing
- The context of usage (i.e. is this user supposed to be doing this)
The key challenge is to ensure speed and usability while securing the application. While most users find a delay of a few seconds tolerable to allow for verification but will certainly find the delay frustrating if the delay is repeated every time they want to access the app as a whole.
This is where the new age UX specialists come in handy. Previously monolithic pieces of software are today available in capsules with some part available on the public cloud and some on private cloud based on factors such as speed of delivery and security protocols. As applications become central to business, these skills will separate a good business from a good, secure business.
Smart companies are increasingly app-centric and creating services with a right balance of speed and security. It helps with customer engagement and in a rapidly evolving, increasingly social world it’s a strategy that is in tune with the times.
(Unless otherwise stated, all data is from F5’s report, The State of Application Delivery in 2017)