By Oscar Visaya
IN past decades, computer programs supported business teams by storing data and documents. As these programs were hosted by on-premise servers with excessive infrastructure, users had to physically be in the office to gain access. More often than not, documents could only be accessed from company-issued devices. Over time, companies began storing increasing amounts of valuable data online and information-technology (IT) security spending increased accordingly. Firewalls and antivirus programs protected the information, keeping it safely locked up inside the office.
Slowly, we migrated to Web-based services, which heralded the work-from-home revolution. It empowered employees to work when and where they pleased, and reduced the need for storage and hardware. This, in turn, powered the rise of apps.
The app revolution
THE app revolution has fundamentally changed the way businesses operate. It has increased efficiency, opened new streams of revenue and changed go-to-market strategies in almost every sector. The rise of apps also unlocked technology and made it available to users beyond the IT team and specially trained staff members.
Today, apps that help people manage and streamline their day-to-day tasks have become the norm. They have ceased to be simple storage solution and are now integral to the workflow of teams and even businesses as a whole. Inaccessible or slow apps are the bane of everyone’s existence and prevent teams from optimizing their performance.
The need for speed and accessibility makes cloud environments ideal for hosting apps, enabling users to access information and collaborate in real time from anywhere.
However, all good things come at a price.
Securing the new perimeter
CYBERCRIMINALS have been quick to spot the opportunity that apps present. Instead of attacking firewall- and password-protected desktop computers, they are simply targeting apps. As app developers often overlook security in favor of speed and user experience, cybercriminals are usually able to find vulnerabilities that can be exploited for nefarious purposes
The security industry has used a castle as a metaphor to describe businesses’ security architecture. Just as a castle is protected by outer walls, a moat, a drawbridge and other structures to make it impregnable, businesses also invest in security solutions to secure their data. However, if we’re going to follow this analogy, the reality is that the king has left the castle. The data, identities and access that represent so much value for black-market operators are all outside the protective walls—in apps.
Gartner revealed that 90 percent of IT security budgets are spent on protecting the traditional network perimeter, i.e., the castle. The shocker, however, is that 72 percent of today’s security breaches are not within the traditional perimeter: They arise because of compromised user identities and vulnerable applications.
As the fastest-growing app market in Southeast Asia (http://www.applift.com/blog/philippines-app-market), the Philippines is very much susceptible to these cyber attacks. With the Philippines’s mobile Internet penetration growing at a rate of 1.5x every year, businesses need to focus on enhancing app security.
The Philippine government has taken notice this need, recently launching a cyber-security plan that seeks to safeguard the country’s information and communications technology environment through a robust cyber-security infrastructure. The plan mandates government agencies to protect consumers and uphold their right for a free and open Internet.
Apps’ unique vulnerabilities
BUSINESSES are becoming increasingly aware of the need to strengthen their application security posture. A 2016 survey of over 600 security professionals conducted by Ponemon Institute and F5 Networks, showed that over 50 percent of respondents believed attacks on the application layer are not only more frequent, but also more severe and difficult to contain than attacks on the network layer. Deploy an insecure application, and you risk breaches, downtime and damage to the business. Deploy an application with excessive security policies, and you increase operational complexity, leading to inefficiencies and loss of productivity.
To deploy applications with the right level of protection, without excess overheads and as fast—or nearly as fast—as the business would like, you need to take the best parts of your enterprise security practice and fuse them with the flexibility of cloud deployment. This can help organizations defend their critical applications at the load balancing level against numerous sophisticated attacks.
Security services must be part of an integrated system that deploys all the application delivery services required. This means different security policies should match the requirements of different applications. This system balances protection with agility, giving businesses and end-users the operational efficiency required.
In this app-driven world, the castle walls are no longer sufficient protection. Companies that recognize the need to protect data that resides in-app and invest early in the right security architecture can rest easy that their king is safe.
Oscar Visaya is the country manager of F5 Networks Philippines. The views he expressed in this column do not necessarily reflect those of the BusinessMirror’s.