Organizations Are Changing, Application Security Must Change Too

March 21, 2019 | by Ameya Talwalkar

application security

RSA Conference, arguably the biggest security conference in the world, recently finished in San Francisco.

As I reflect back on my conversations at the conference with security practitioners from a broad range of industries, I realize that there are certain trends that these organizations are dealing with – and looking to vendors for help.

  • It’s a multi-cloud and multi-CDN world out there – Enterprises are using multiple cloud and CDN offerings for various reasons – economic benefits, decentralized IT environments, preference for best of breed solutions, and more.
    • Security solutions must support multi-cloud, multi-CDN environments; but implementing application security in the CDN is extremely limiting in terms of flexibility. Application security solutions need to keep pace with these changing architectures.
  • Dev-Sec-Ops has to be as fast as Dev-Ops – Powered by the elasticity of cloud environments, new automation tools and strong business needs, enterprises are now updating applications at a rapid pace. On average, a typical consumer-facing application gets updated every two weeks.
    • Application security solutions must not slow down the pace of rapid development and deployment of applications. Solutions that require time-consuming application integration or cause any kind of friction during deployment will not survive.
  • Explosion of APIs and end-points – Due to the hyper-connected nature of today’s businesses, security teams are being asked to protect hundreds (sometimes thousands) of applications – web, mobile and APIs. Just to give you an example, a small but fast-growing social media customer of Cequence has close to 30 different APIs/end-points for users to log in. Therefore the attack surface has increased exponentially over the past few years.
    • Security solutions must cover ALL targeted end-points accessible from the Internet and therefore the bad actors. We met several happy customers of our competition, who have taken between 6 months to 2 years to successfully deploy these security solutions in front of their most critical application. But they are exhausted to now consider doing the same for hundreds of similar applications.
  • Rapid movement towards microservices, serverless computing – Enterprises are moving fast towards using these new deployment models. It allows them to achieve the ideal scale, agility and flexibility that fits their business needs. But like many other technology trends and innovations before, security is an afterthought in these new deployment models.
    • Security solutions must blend into these new deployment models. Discovering new applications being deployed in the service mesh and automatically protecting them, without forcing inorganic routing of all application traffic is key requirement to support.
  • Data Residency and Data Privacy is top of mind – With GDPR in place and more stricter regulations like CCPA impending, data privacy and data residency are top of mind concerns for enterprises, especially when it comes to application security
    • Application security solutions which are purely SaaS solutions or hybrid SaaS (analytics in the cloud) will have a couple of things to consider in order to comply to these regulations – Increase cost with geo distributed SaaS service and decreased efficacy due to loss of certain application data.

As I consider these trends in the context of our strategy at Cequence Security, I feel very confident that we have the solution architecture and underlying technology to meet and exceed our customers’ expectations. Our patented Application Security Platform (ASP) is built to support these emerging trends, and we have always maintained a few key design principles:

  • Application security goes where ever the application goes
  • Application security requires deep knowledge and context of the application
  • Application security must not slow down application development and deployment
  • Application security must treat all applications equally important – Web, mobile, API
  • Application security must not be a headache for our customers with respect to compliance with new Data Residency and Data Privacy laws.

I’m pleased to say that we are winning with this strategy –winning customers, and winning awards, which you may have noticed on our about us page.

Ameya Talwalkar

Author

Ameya Talwalkar

President, Chief Executive Officer & Founder

Additional Resources