Advanced application security: at the centre of the digital economy
New digital business ecosystems require new ways of building and securing our applications
The World Economic Forum earlier this year shone a bright light on the future of the so-called ‘digital economy'. Interestingly, panel discussions very quickly shifted from this theme, into the realm of cyber-security – and just how we'll stay safe and secure as we embrace the exciting digital future.
Clearly, we can't truly shift into the new digital economy until we've solved the pervasive issue of how to secure data, applications, networks, credentials, and identities.
But first, just what is the ‘digital economy'?
Originally referring to business models and services that were exclusively delivered online, over the past decade or so the definition has broadened – as digitisation takes hold at various levels throughout more traditional industries.
Harvard Business Review provides a succinct definition: "Digital is not just part of the economy – it is the economy. It's an economy of limitless opportunities for some and disruption and displacement for others." It adds that the digital economy pushes new players into fame and fortune, while others (like Kodak, Blockbuster, Sears and Blackberry) fade into oblivion.
Anton Jacobsz, managing director at Networks Unlimited, a value-adding distributor of F5 Networks locally, believes the shift to the digital economy is a revolutionary change:
"The digital economy places an emphasis on new sets of individual skills and experiences, and new sets of organisational capabilities. Forward-looking enterprises are looking to infuse the principles of digital into every aspect of their operations and their offerings."
Herculon arrives
As seen at the World Economic Forum, cyber-security is emerging as one of the most critical dimensions of the digital economy.
"Security is the foundation on which we can create a bond of trust between company and consumer," says Jacobsz. "In a digital age where consumers are divulging more and more sensitive or personal information, and where geo-location and sensor-based tools are tracking more of our movements, trust becomes paramount."
For this reason, F5 takes an application-centric approach where security, access, and identity management are considered to be essential aspects of any application's development and evolution. "This is the vision of the recently-released Herculon security product line," explains Jacobsz, "to make security an intrinsic part of an application's development, rather than trying to layer security onto an existing app, as an afterthought."
Another clear trend that's emerging as we hurtle towards a fully-digital economy is the use of encrypted networks for complex and targeted application-layer attacks. It's here that the Herculon SSL Orchestrator comes to the fore: giving visibility into the gaps created by attackers' growing use of encryption for application data.
"By eliminating the need for redundant encryption and decryption capabilities, this significantly increases applications' performance – while decreasing infrastructure costs across the security stack."
Rounding out the Herculon range is the DDoS Hybrid Defender, which provides multi-layered defence against the rapidly-evolving DDoS type attacks, by integrating high-performance hardware with the intelligence of F5 Silverline's offsite cloud scrubbing.
Building in the cloud
Cloud architectures are a fundamental feature of truly digital businesses in the new economy – enabling scalability and dynamism that simply wasn't possible with traditional, on-premises infrastructure. Today, leading firms are incubating and nurturing business applications in cloud environments.
"As developers build and test their applications in the cloud, we're seeing a surging demand for an application-security-as-a-service approach to attack mitigation," notes Jacobsz. F5's Silverline WAF Express is a set of preconfigured, self-service tools allowing developers to easily select which applications WAF services are applied to, while F5's Security Operations Centre manages security policies to protect apps from a wide range of threats.
With attacks coming from all angles, prevention strategies in the digital economy must also be multi-dimensional. F5's solution portfolio has been augmented with added monitoring, analysis, post-incident reports, and recommended best practices – known as Security Incident Response Team services.
The insights delivered by this function, and from F5 Labs, give businesses deeper awareness, visibility, and context, notes Jacobsz.
"As we enter a new digital era, security is less about individual point-solutions. In selecting your partner and your vendors it's critical to look beyond products and services, and look at your security firms' holistic capabilities, their industry presence, partnership ecosystems, and thought-leadership."
Please contact Alexa Gerber, F5 product manager at Networks Unlimited for more information: alexa.gerber@nu.co.za.