Many companies are currently busy with a strategic relocation of their applications into the cloud. At the same time, they are making their development processes increasingly agile and are focusing on DevOps approaches in container-based environments. As a consequence, development landscapes in growing numbers of companies are evolving into hybrid multi-cloud environments. These changes are having a significant effect on IT security infrastructures. The conventional, centralized Web Application Firewall is coming under pressure.
Kuppinger Cole Executive Report – download free
out what the IT analysts at Kuppinger Cole are forecasting for the future of web application security and authentication in multi-cloud environments.
A centralized Web Application Firewall is no longer enough
A centralized, on-premises Web Application Firewall (WAF) is no longer sufficient to provide protection against cyber risks. On the one hand, in hybrid environments this solution results in an undesirable network communications overhead. On the other hand, a centralized WAF component rapidly becomes a bottleneck, especially in agile development regimes and DevOps. This can only be prevented by integrating WAF functionality into the cloud platform. United Security Providers was one of the first houses to offer a WAF and is now supporting businesses in meeting these challenges by also offering USP Secure Entry Server® in a container-based solution.
Security functions for a hybrid environment
For security, businesses require a solution which allows them to reliably protect their web applications, mobile apps and services against cyber risks. It should not matter whether these are run on premises or in the cloud. Until today, there has not been any solution for hybrid infrastructures that had mature WAF functionalities. USP Secure Entry Server®, in addition to its conventional installations as a hardware or software appliance, can now also be provided as a container-based deployment. USP Secure Entry Server® thus covers all the requirements on security and DevOps approaches outlined above.
Enforcing a uniform security baseline
Centralized management ensuring uniform implementation of IT security policies becomes indispensable if business are, in the future, no longer only to run their WAFs locally, but also run them concurrently in the cloud and as a container.
Even if application security, that is specifically the WAF, is passed to the responsibility of the application lifecycle and hence into the remit of those responsible for the application, it must remain possible to set a general, cross-company security baseline.
It must therefore be possible to place a basic configuration at the disposal of the person responsible for the application. This should contain the common security baseline and should allow no, or only limited, modifications. Consequently, another role would have to undertake maintenance of this basic configuration (for example a WAF service owner) and this maintenance would have to be subject to the governance of the CISO.
Business wants all users – be they customers, staff or partners – to be able easily to access the applications and services provided for them. But although access must be easy and user-friendly, multi-factor authentication, in short MFA, is an absolute requirement where there is a need to protect sensitive data. To achieve this we need seamless, flexible, risk and context-based authentication, which is centrally managed and is controlled by a central policy server. USP Secure Entry Server® supports all the current authentication means used in multi-factor authentication and thus makes it possible to provide the method most convenient for users for each application.
Central reporting and detection
The drawbacks of hybrid and distributed WAF nodes is that the company security baseline can only be enforced with difficulty, and secondly that no centralized, consolidated reporting function is available. Both of these disadvantages are easily addressed and resolved with the centralized solution embodied in USP SES.
Read the Kuppinger Coles Executive View Report
Download Kuppinger Cole’s Executive View free here and find out for yourself what analysts are thinking in this field and how they view the future of cyber security.