Managing multiple challenges in a multi-cloud world can undermine organisations’ confidence to withstand a cyber-attack. The explosive proliferation of applications in the cloud has created a vast new playing field for cyber-criminals. Today, the fear of attack is constant.
According to F5 Networks’ fourth annual State of Application Delivery (SOAD) report, security confidence tends to fall as moves to the cloud increase. 75% of EMEA respondents in the global customer study revealed they now embrace multi-cloud deployment scenarios. Digital transformation and competitive differentiation are the endgame, but there are plenty of pitfalls on the way.
Applying consistent security policies across all company applications was deemed to be the “most challenging or frustrating” aspect of managing multi-cloud environments (42% of surveyed EMEA businesses). In addition, 39% believe the biggest challenge lies in protecting applications from existing and emerging threats. Across the board, security remains the top concern for application deployment (44% respondents, compared to 39% globally)..
Barrage of botnets
Malicious botnet activity accounts for a huge proportion of breaches, ranging from the headline-grabbing Mirai botnet DDoS attacks to web-scraping, spam, scalper and credential-stuffing bots. The challenge is further accentuated by malware (i.e. trojans and viruses to adware and rootkits). These are typically installed via malicious e-mail attachments for disruptive and reputationally damaging activities, such as financial gain, botnet device enrolment, spam propagation or account takeovers.
Today, apps can be deployed from anywhere, including data centres, private and public clouds, containers, SaaS platforms, and much more. The spread of multi-cloud architectures, if inadequately managed, can lead to application sprawl and overwhelming security complexity.
The opportunity for businesses now is to rethink where the priorities lie in today’s evolving IT landscape. This is where advanced security automation and orchestration systems come in to play, helping to streamline and standardise IT processes, reduce operating costs and improve time to market.
Optimal operational automation needs to encompass the configuration, deployment, and scaling of applications and servers. Removing manual processes and using automated systems provides decision-makers with the ability to identify threats quicker, enabling application threat protection before it is too late. Furthermore, the ability to manage data protection from a single source, and to move data between public and private clouds, will allow businesses to achieve the agility they need to improve performance and meet evolving customer demands.
According to SOAD 2018, three in four (75%) of EMEA businesses believe the use of automation in the operation of IT infrastructure to be “somewhat” or “very” important. This point is reiterated by key decision-makers, including C-level executives and security professionals. Over half (55%) are using automation partially or fully in production, and another 28% are piloting its use. Incorporating highly programmable traffic management solutions that dynamically adapt security policies and proactively stop malicious bots will optimise a security team’s time. With robust defence solutions, it is possible to be ‘always on’ protecting against automated DDoS attacks, web scraping, and brute force attacks before they even occur.
Another best practice approach is to test web applications to find potential vulnerabilities. Bolstering web application protection and using of multifactor authentication will make it difficult for bots to gain access. To stay ahead of the curve, a growing number of businesses in EMEA are adding web application firewalls into their security mix. According to SOAD 2018, 61% are using the technology today to safeguard both public and private cloud presence.
Vote of confidence
Businesses adopting new work practices to secure applications and transform their operations with automation and orchestration will gain a tremendous return on investment and manage the multi-cloud world with greater certainty.
Confidence is a two-way process. Businesses adjusting their security strategies to focus more on applications and standardise on advanced security solutions have the freedom to deploy apps with efficient control, flexibility and safety. They also gain confidence to innovate and sustain business performance. Discerning customers who value their identity and information will inevitably and increasingly choose brands based on their security and data management credibility.
[su_box title=”About Tristan Liverpool” style=”noise” box_color=”#336588″][short_info id=’104363′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.