Evolving Security Requirements for Modern Applications

By Apac CIO Outlook | Monday, December 03, 2018

Companies have traditionally tried to create a hardened IT network perimeter keeping potential cyber threats at bay by using network security platforms like firewalls as protection. Firewalls can only inspect unencrypted traffic, which may become an advantage in attacking the system. Attackers are now exploiting changes in application design and their implementation. They frequently use network paths between application components to negotiate cloud networks and internal data centers. The utility of traditional network security appliances declines in the cloud and distributed networks.

Modern applications, on the other hand, utilize virtualization-based cloud and data center solutions. Containerization and micro-service architectures lead to rising network traffic between workloads, encompassing data centers and cloud networks. This traffic moves east-west rather than the traditional north-south, reducing the effectiveness of traditional security appliances. Security that can be applied to east-west architectures in consistency with the enterprise’s automation and orchestration tools become necessary for modern application architectures. Conventional network security tools, even with constant improvement, fall short, opening the market for more effective ones. Heavily automated security functions that can integrate with standard toolsets which also provide centralized programmatic configuration methods have become the need of the day. Micro- and nano-segmentation develops from this requirement.

Traditional network security approaches do not distribute intricate security policies at the workload or container level even while staying contained in the physical host. Trying to meet this requirement has resulted in implementing complex, fragile routing configurations leading to loss of key advantages in virtualized networks, exploitable to enable lateral movement in the service.

The centralized management of network security policy on workloads allows the passive detection and mapping of application data flow, which is invaluable to highly automated networks. In combination with active application performance management systems, these adjust network patterns and optimize service delivery.The organizations of today rely heavily on cloud and virtualized network services, so they should invest in the deployment of security architecture to adapt adequately to their requirements.