• Application Security in the Cloud: Who’s Responsible?

        • Most organisations today either already run workloads in the cloud or plan to experiment with cloud in the very near future. And it’s up to businesses to decide whether they choose cloud infrastructure provided by public cloud providers like AWS, Microsoft Azure and Google Cloud Platform, or cloud infrastructure maintained by their organisation’s IT team.

          In compliance heavy businesses, such as financial institutions, a new trend has emerged: organisations are running an isolated virtual private environment on public cloud infrastructure. Duncan Hughes, Systems Engineering Director, EMEA at A10 Networks delves into the issue of application security in the cloud and how to solve these challenges.

          Securing the App

          No matter where an application is hosted, securing the application delivery remains the primary concern. Some believe that applications are secure simply because they’re deployed in the cloud, which would make application security the sole responsibility of the cloud infrastructure provider. Others feel that security is the responsibility of the application owners – and as such, applications should not be deployed in the cloud due to security risks or unless security is properly baked in.

          Blurred Lines

          It is well documented by public cloud providers like AWS and Azure that application security is a shared responsibility between the cloud infrastructure providers and the application owners. However, the lines are blurred and the division of ownership is not clearly defined.

          Applications deployed in cloud infrastructure are accessed via the network. In this case, viewing the security responsibility from the network infrastructure point of view makes more sense. Traditionally, application owners have an established set of best practices, and setting up network security is a no-brainer. Because the network is part of the infrastructure, cloud providers will provide tools for virtual network security and also for the implementation.

          Cloud providers, however, have no visibility into what happens at the application layer and have no way to help the application owners in this area. The application security layer is the responsibility of application owners. Before we can evaluate a solution for application security, we need to understand challenges including security monitoring, application vulnerabilities, malware and ransomware, application layer DDoS attacks (volumetric or protocol exploits).

          Solving These Challenges

          Fortunately, there are solutions available to overcome the security challenges associated with cloud applications. Web Application Firewalls (WAFs), for example, can handle the common vulnerabilities listed by OWASP. And IP reputation and other signature databases have been created to combat malware and bad BOTs. Many Application Delivery Controllers (ADCs) bundle application security solutions with load balancing and other key application services. Having a complete set of application delivery tools along with security and visibility in a DDoS resilient architecture can create a complicated deployment architecture. Consider a solution that unifies all aspects of the application traffic management, application security with traffic and security analytics into a single system and layers central management and control on top of it. This type of solution will alleviate most of your cloud application security concerns.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • 2/3 employees concerned about catching COVID-19 at work

          2/3 employees concerned about catching COVID-19 at work

          Monday 17th May 2021 by clareb
          More than two-thirds of employees (68%) are worried about contracting Coronavirus when they return to their place of work after UK restrictions ease, a new survey has found. The survey, carried out by JD Cooling Group, an independent supplier of...Read More...
          2/3 European businesses to increase IT spend in 2021

          2/3 European businesses to increase IT spend in 2021

          Tuesday 11th May 2021 by clareb
          Dynabook Europe has revealed the results of its new research report, ‘The Hybrid Shift: Managing an increasingly remote workforce’, which shows that 65 per cent of European IT decision-makers have access to increased IT budgets this year ...Read More...
          Totality Services marks World Password Day with top tips

          Totality Services marks World Password Day with top tips

          Thursday 6th May 2021 by clareb
          Since 2013, the first Thursday of May each year marks World Password Day, promoting better password habits to stay safe online. With so many people working at home due to the ongoing pandemic, often without the IT support and protection provided...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue