How to Adapt Security to Counter Web Application Attacks
As digital transformation and an increasingly mobile-first world drive businesses toward the cloud, more and more organizations are adopting an as-a-service model for their IT infrastructure.
While this transition is critical for business success and engaging today’s clients, it comes with a risk of security vulnerabilities. Any web application using HTTP/HTTPS is exposed to threats from malicious attacks that cause downtime, website defacement and data loss. These issues seriously impact business performance, revenues and customer loyalty.
The trouble is, many of the access methodologies that exist today — particularly virtual private network and remote desktop — allow broad access to all resources on the network. Thus, any malware sitting on the user’s device is free to roam as far as the access method allows. While cloudification has many advantages in terms of agility, flexibility and overall cost, it also brings challenges. In the cloud, businesses only have low-level control of the network components. Users also can’t physically be in the IT environment. Plus, no one is on the network in the cloud — everyone must come in from outside. The network between users and private applications in the cloud is the internet.
Addressing Web Application Vulnerabilities
Organizations are experiencing data loss and downtime due to security breaches orchestrated by insiders or externals. According to Computer Weekly, in October 2016, three hospitals run by the Northern Lincolnshire and Goole Hospitals NHS Foundation Trust were forced to cancel patient appointments and shut down systems for repairs after a ransomware attack. This cyberattack underlines the very present threat to health care organizations. It also shone a spotlight on how many NHS trusts still rely on legacy IT systems that leave them vulnerable to attacks.
According to most predictions by security commentators, ransomware or malware that locks up data and demands payment for its release is set to evolve and make up the majority of cyberattacks in 2017.
In addition, cyberthreats and distributed denial of service (DDoS) attacks that exploit weaknesses in mobile and Internet of Things devices are also expected to continue grow. DDoS attacks utilize numerous computers to direct a large volume of superfluous traffic to the target that either slow down or force the target offline by overwhelming its resources. These attacks are launched to disable a targeted organization’s online presence or key business processes. The damage — and the associated costs — can be astronomical and lasting.
Building a Better Solution
Because of cloudification, enterprises need a better solution for users to reach applications, wherever they may be. Access architectures must move to a model that eliminates infrastructure dependencies between the user and the resources. Software-as-a-service (SaaS) adoption in enterprises is growing quickly, but in addition to the security measures of a traditional enterprise perimeter, SaaS companies must front-end their applications with internet-scale protections from DDoS attacks. They also have to add acceleration to mitigate performance and latency issues and implement specific application-layer attack protections. To succeed, enterprises should adopt the principle of least privilege, which eliminates broad access to the network and provides connectivity only to the resources that partners need in order to get their work done.
Enterprises should also move their traditional network security perimeter to the cloud. Through these systems, companies have traditionally built network perimeters, also known as demilitarized zones. These provide several network security layers using a portfolio of networking appliances, including:
- DDoS protection appliances.
- Application delivery controllers.
- Intrusion detection/prevention systems.
- Web application firewalls (WAF).
- Authentication, authorization and auditing servers.
- Wide-area network optimization.
IBM provides comprehensive security solutions for cloud, on-premises and managed services. IBM Edge Delivery Services (EDS), powered by Akamai, offers a strategic solution to address cloud and application security requirements. EDS is an intelligent distributed cloud internet platform that offers comprehensive protection solutions to web services at the edge of the internet. This solution includes site shield, fast domain name server protection, WAF at the edge servers, DDoS protection built in and advanced managed services. EDS also delivers scale, performance acceleration and high availability to any web services using HTTP/HTTPs.