Most organizations today deploy web applications in hybrid and multi-cloud environments. However, existing models for application security are outdated and no longer up to the task of providing high-grade, consistent, and frictionless application security in the clouds. Radware’s new application security architecture aims to solve this problem. Its innovative, API-based, out-of-the-box solution provides industry-leading application security, consistent protection across any cloud, and reduced latency without the need to share customer SSL keys.
The cloud era is over; Now is the age of multiple clouds
Organizations no longer migrate to the cloud; they are already there. According to IBM 2021 multi-cloud turbonomic state report, 96% of organizations implement at least one public cloud environment.
Now comes the next iteration: the multi-cloud. According to the same IBM study, 60% of organizations run two or more public cloud environments and 30% run three or more public cloud environments. Adding to the complexity is the fact that a third of organizations operate private cloud environments in addition to their public cloud implementation. This means that most organizations today are “multi-cloud” or “hybrid” organizations.
Consequently, security administrators and application owners who have web applications deployed in these distributed environments now face a new challenge. Their call to action is to maintain consistent, high-grade application protection across their variety of platforms, while ensuring there are no gaps in security, management, or reporting.
Your problem is that traditional application security tools are no longer up to the task.
Existing AppSec solutions can’t keep up
Today, application security in cloud environments is generally handled in three ways:
- WAF services in the cloud based on CDN: These solutions run on top of established CDNs, external to the public cloud environment. All traffic is routed through the CDN network before being routed to the public cloud application server. While these solutions can provide cross-cloud protection and centralized control, they require DNS routing changes, which creates complex logical routing paths and adds latency as well as another point of failure. Since most of the traffic nowadays is encrypted, it is also required to share the SSL key of the application with the 3dr-party CDN provider.
- Native security tools from IaaS providers: Native AppSec tools offered by IaaS providers are typically integrated directly into the IaaS stack and are convenient to implement, but often provide a low level of security. Also, because they are tied to a particular cloud environment, they do not include the cross-cloud capabilities needed to protect other public cloud, private cloud, or on-premises environments.
- WAF virtual appliances: Depending on the vendor, these devices can offer a high level of protection, but come at the cost of high management and operational overhead. Furthermore, they are often point solutions that require additional (external) tools for protection against bots, APIs and DDoS.
What it takes for modern cross-cloud application security
For applications to be completely secure in the modern threat landscape, they require modern solutions that support application security in the cloud without friction. These solutions should include:
- High-level, advanced application protection: Applications need security mechanisms that provide high-grade protection against all application attack vectors, including rare and zero-day attacks.
- comprehensive security: Applications need security tools that protect them not only against application attacks, but also against emerging threat vectors and attack surfaces, such as bots, API exploits, and application-layer (L7) DDoS attacks.
- Cross-platform consistency: Security mechanisms should be independent of the underlying platform and provide consistent security, logging, and management across on-premises, private cloud, and public cloud environments.
- No routing changes: Security mechanisms should not require any routing changes to application configurations, add additional hops between the application client and server, or introduce additional stops.
- No added latency: Application security defenses should not add any unnecessary latency to client communications.
- Frictionless Deployment: Security tools should be integrated as much as possible with modern agile development tools and procedures to avoid interruptions in the CI/CD process or gaps between application deployment and application security.
- Provide complete visibility: In a dynamic and complex computing and application environment, having complete visibility into everything that is happening at any given time is critical.
New Radware Security Architecture
To address all modern application and cross-application security requirements, Radware introduced the Radware SecurePath™ application security architecture.
Radware SecurePath™ is a new API-based cloud application security architecture designed from the ground up to optimally protect applications deployed in any cloud and data center—on-premises, private cloud, and all cloud environments. public cloud) while improving security, uptime, and security. and performance
Key benefits include:
- next generation protection: Radware’s industry-leading application security combines a Web Application Firewall (WAF), bot management, API protection, and DDoS protection, as well as using a positive security model based on advanced machine learning algorithms.
- Uniform protection in all environments: Radware’s architecture provides comprehensive, consistent, high-grade application protection regardless of where applications are hosted.
- Optimal deployment architecture for any cloud: Radware’s application security architecture can be implemented as an “online” SaaS service or as an API-based off-road SaaS service. This unique deployment model works across any data center and cloud platform with minimal latency and disruption to uptime and availability.
- Centralized management and visibility: Radware’s unified security portal offers complete cross-cloud visibility from a single dashboard and granular management of all applications, regardless of where they are deployed.
- Without sharing SSL certificate: Radware’s API-based architecture does not require the application’s SSL certificate to be shared with third parties, preserving customer confidentiality and meeting regulatory requirements.
- No routing changes: The API-based off-route solution allows application requests to go directly from the client to the application server without interruption.