Most organizations today deploy web applications across multi-cloud and hybrid environments. However, existing models for application security are obsolete and no longer up to the task of providing high-grade, consistent, and frictionless application security across clouds. Radware’s new application security architecture aims to solve just this problem. It’s innovative, API-based, out-of-path solution provides industry-leading application security, consistent protection across any cloud, and reduced latency without requiring sharing of customer SSL keys.
The Age of Cloud is Over; Now It’s the Age of Multi-Cloud
Organizations are no longer migrating to the cloud; they’re already there. According to IBM’s Turbonomic State of Multi-Cloud 2021 report, 96% of organizations deploy at least one public cloud environment.
Now comes the next iteration: the multi-cloud. According to the same IBM study, 60% of organizations run two or more public cloud environments, and 30% run three or more public cloud environments. Adding to the complexity is the fact one-third of organizations operate private cloud environments in addition to their public cloud deployment. This means that the majority of organizations today are “multi-cloud” or “hybrid” organizations.
Consequently, security managers and application owners who have web applications deployed across these distributed environments are now facing a new challenge. Their call-to-action is to maintain high-grade, consistent application protection across their array of platforms, while making sure that there are no gaps in security, management, or reporting.
Their problem is that traditional application security tools are no longer up to this task.
Existing AppSec Solutions Can’t Keep Up
Currently, application security in cloud environments is typically handled one of three ways:
- CDN-based cloud WAF services: These solutions run on top of established CDN networks, external to the public cloud environment. All traffic is routed through the CDN network before being routed to the application server in the public cloud. While these solutions can provide cross-cloud protection and centralized control, they require DNS routing changes, which create complex logical routing paths and add latency, as well as another point of failure. As most traffic nowadays is encrypted, the also require sharing the application’s SSL key with the 3rd-party CDN vendor.
- Native security tools of IaaS vendors: The native AppSec tools that IaaS providers offer are usually built directly into the IaaS stack and are convenient to implement, but frequently provide a low level of security. Moreover, since they are tied to a particular cloud environment, they don’t include the cross-cloud capabilities needed to protect other public cloud, private cloud, or on-premise environments.
- WAF virtual appliances: Depending on the vendor, these appliances can offer a high level of protection but come at the cost of high operational and management overhead. In addition, they usually are point solutions that require additional (external) tools for bot, API, and DDoS protection.
What’s Needed for Modern, Cross-Cloud Application Security
In order for applications to be fully secure in the face of the modern threat landscape, they require modern solutions that support frictionless cross-cloud application security. These solutions must include:
- Advanced, high-grade application protection: Applications need security mechanisms that will provide high-grade protection against all application attack vectors, including uncommon and zero-day attacks.
- Comprehensive security: Applications need security tools that will protect them not only against application attacks, but also against emerging threat vectors and attack surfaces such as bots, API vulnerabilities, and application-layer (L7) DDoS attacks.
- Consistency across platforms: Security mechanisms must be agnostic to the underlying platform and provide consistent security, logging, and management across on-premise, private cloud, and public cloud environments.
- No routing changes: Security mechanisms should not require any routing changes to application configurations, add extra hops between the customer and the application server, or introduce additional stops.
- No added latency: Application security defenses should not add any unnecessary latency to client communications.
- Frictionless deployment: Security tools must be integrated as much as possible with modern agile development tools and procedures to avoid disruptions in the CI/CD process or gaps between application deployment and application security.
- Provide full visibility: In a dynamic and complex application and computing environment, having complete visibility into everything going on at any given time is paramount.
Radware’s New Security Architecture
To address all the requirements of modern, cross-application application security, Radware introduced the Radware SecurePath™ application security architecture.
Radware SecurePath™ is a new API-based, cloud application security architecture designed from the ground up to optimally protect applications deployed across any cloud and data center — on-premise, private cloud, and all public cloud environments – while improving security, uptime, and performance.
Key benefits include:
- State-of-the-art protection: Radware industry leading application security combines a web application firewall (WAF), bot management, API protection, and DDoS protection, as well as uses a positive security model based on advanced machine-learning algorithms.
- Consistent protection across environments: Radware’s architecture offers consistent, high-grade, comprehensive application protection regardless of where applications are hosted.
- Optimal deployment architecture for any cloud: Radware’s application security architecture can be deployed either as an “inline” SaaS service or an API-based, out-of-path SaaS service. This unique deployment model works across any data center and cloud platform with minimal latency and disruption to uptime and availability.
- Centralized management and visibility: Radware’s unified security portal offers complete cross-cloud visibility from a single dashboard and granular management of all applications, regardless of where they are deployed.
- No SSL certificate sharing: Radware’s API-based architecture does not require the application’s SSL certificate to be shared with third parties, preserving customer confidentiality and complying with regulatory requirements.
- No routing changes: The API-based, out-of-path solution enables application requests to go directly from the client to the application server without interruption.