Application Security in the Microservices Era

134
512096

As organizations break their applications down into microservices, leveraging containers as the perfect architecture for it, the responsibility for securing these environments is shifting as well, exposing companies to a broader range of security risks and gaps in protection.

Indeed, we are at an inflection point culturally between the role of DevOps and the CISO. While CISOs are faced with the responsibility of keeping their organization secure at all costs, for DevOps teams agility is all that is critical to business operations, and so they often incline towards a ‘good enough’ approach (and sometimes, a ‘hell no!’ approach) with regards to security.

So, what does this mean for businesses and the cybersecurity landscape?

We focused our 2019 market research around the DevOps and DevSecOps community; we wanted to see how common DevOps have become and how strong their influence is with regards to information security decision making. To this end, we surveyed nearly 300 professionals from businesses of all sizes worldwide. What follows below is a summary of our findings.

Businesses Embrace Emerging Technologies and Concepts

Enterprises seem to be very aware that, as part of their digital transformation, the introduction of new frameworks requires an open mind (and wallet) when it comes to new solutions. And they’re trying and/or acquiring additional security measures.

[You may also like: 4 Emerging Challenges in Securing Modern Applications]

For example, 67% of surveyed businesses run microservices/containers, of which 53% already use some sort of container security technology. 43% use a dedicated solution to secure serverless functions during runtime so there are no disruptions and no data leaks.

While this may sound promising, it feels like organizations are taking the “spaghetti on the wall” approach, stacking up multiple technologies but not necessarily optimizing their interoperability. Rather, they hope that having multiple solutions in place will do the job.

Since microservices and container management are still considered emerging technologies, it is imperative that businesses are still in the learning phase of matching the right solutions and practices to the new infrastructure and data flows. However, false confidence in existing security models prevails – leaving unforeseen security gaps that lead to data breaches.

Businesses Follow Required Security Practices

Not only are businesses willing to embrace emerging security technologies, they also largely follow the holy book of information security practices. Cases in point:

  • 70% have security controls on east-west traffic.
  • More than half do code reviews in addition to security testing and WAF solutions they use.
  • 52% reckon their leading criteria for selecting application security technology is the quality of security.

This notion is well demonstrated by API security practices. Per the below chart, businesses are aware of security risks coming through APIs and actively address them; a smart move as APIs are now the glue between tools, apps, systems and environments. 

[You may also like: How to Prevent Real-Time API Abuse]

Following the basic security practices and adopting roles like DevSecOps (more than 90% of organizations already have DevOps or DevSecOps teams, and 58% reported a ratio of between 1:6 and 1:10 DevSecOps to development personnel), in combination with stacking up application security technologies all help businesses develop a high sense of confidence:

Applications Are Still Hacked

Nonetheless, hackers still prevail, as application attacks remain a constant threat. 88% of respondents reported attacks throughout the year, and 90% suffered a data breach. The breadth of attacks respondents experienced daily included access violations, session/cookie poisoning, SQL injections, denial of service, protocol attacks, cross-site scripting, cross site request forgery, API manipulations.

[You may also like: Threats on APIs and Mobile Applications]

56% pointed at misunderstanding of security responsibility boundaries between them and their public cloud service provider. Many still fight different types of attacks against their applications on a weekly basis.

APIs gateways, by the way, don’t seem to do the job. These are mostly used for authentication (37%) and IP filtering (30%), and some basic load-balancing (28%), but obviously can’t block all sorts of API manipulations and abuse.

Generally, solutions based on static rules and rigid heuristics can’t deliver the appropriate level of application security, as these change all the times. And half report their apps are changing constantly, sometimes multiple times a day —  an impossible task for humans to keep control. Doing so requires detecting the change, tuning the policy, validating it and enforcing it. No can do. Automation is required.

The rapid pace of change hands off some power to the new buyer, who is  in charge of the agile development and delivery of applications and microservices, and who designs the SLDC environment and selects the tools. The emerging role of the DevOps and DevSecOps are having a greater influence on security decisions and practices. If you remember, this was our hypothesis that we wanted to check.

[You may also like: Are Your DevOps Your Biggest Security Risks?]

Who’s Calling the Shots?

Well, not the security staff. IT is still the #1 influencer on tool selection, policy definition and implementation of application security solutions (IT controls the budget, but nevertheless it is alarming that 70% of the CISOs don’t have the final say).

Digital Transformation Is More Than Digital

Our conclusion from the research is that attacks are still successful because enterprises did not fully consider the impact of digital transformation on their business.  

In digital transformation, technology spearheads the change. And while new technologies and frameworks are being bought and adopted (that’s the easy part!), technology itself cannot deliver on the promise. Despite businesses’ willingness to follow proper security practices, attacks remain successful. Why?  Because enterprises didn’t take the second step of the digital transformation – the non-digital step, of acquiring new skill sets, adjusting business processes and redefining roles and responsibilities.

That is the where application security fails. If security professionals are allowed to do their jobs and make security a business enabler, then we may finally see security running at the speed of business.

Read “Radware’s 2019 Web Application Security Report” to learn more.

Download Now

134 COMMENTS

  1. Right here is the right site for anyone who wishes to
    understand this topic. You realize so much its almost hard to argue with you (not
    that I personally would want to…HaHa). You certainly put a brand new spin on a topic that’s been written about for decades.
    Excellent stuff, just great!

  2. First of all I want to say awesome blog! I had a quick question which
    I’d like to ask if you do not mind. I was interested
    to find out how you center yourself and clear your thoughts before writing.
    I’ve had a tough time clearing my mind in getting my ideas out.
    I truly do take pleasure in writing however it just seems like the first 10 to 15 minutes are
    usually wasted just trying to figure out how to begin. Any suggestions or hints?
    Kudos!

  3. I do consider all the ideas you have presented to your post.
    They’re very convincing and can certainly work. Still, the posts are very brief for
    beginners. May you please lengthen them a bit from subsequent time?
    Thank you for the post.

  4. Thanks for every other magnificent post. Where else
    may anybody get that kind of info in such a perfect
    method of writing? I’ve a presentation subsequent week, and I’m on the search for such info.

  5. This is really fascinating, You are an overly professional blogger.
    I’ve joined your feed and look ahead to searching for extra of your excellent post.
    Also, I’ve shared your site in my social networks

  6. With havin so much content do you ever run into any
    issues of plagorism or copyright infringement?
    My website has a lot of completely unique content I’ve
    either written myself or outsourced but it appears a lot of it
    is popping it up all over the internet without my permission. Do you know
    any techniques to help protect against content from being stolen? I’d certainly appreciate it.

  7. This is the perfect web site for anyone who wants to understand this topic.

    You understand a whole lot its almost tough to argue with you (not that I personally would want to…HaHa).
    You certainly put a new spin on a topic that has
    been discussed for years. Great stuff, just great!

  8. With havin so much content do you ever run into any issues of plagorism or copyright infringement?
    My site has a lot of completely unique content I’ve either created myself or outsourced but it looks like a lot
    of it is popping it up all over the web without my agreement.
    Do you know any ways to help protect against content from being stolen? I’d certainly appreciate it.

  9. hi!,I reаsⅼly like your writing very mucһ!
    share we be in contact extra about your article ⲟn AOL?
    I reգuire a specіalist in this аrra to solve my problem.

    May be that is you! Loоking forward to see you.

  10. Greate post. Keep writing such kind of info on your site.
    Im really impressed by it.
    Hi there, You have performed a great job.
    I will certainly digg it and personally recommend to my friends.
    I am confident they’ll be benefited from
    this site.

  11. An impressive share! I have just forwarded this onto a co-worker who was doing a little research on this.
    And he in fact bought me breakfast because I found it for
    him… lol. So let me reword this…. Thanks for the meal!!

    But yeah, thanx for spending time to talk about this matter here on your web page.

  12. I’m amazed, I must say. Seldom do I come across a blog that’s both educative and entertaining, and without a
    doubt, you’ve hit the nail on the head. The issue
    is an issue that not enough men and women are speaking
    intelligently about. Now i’m very happy I stumbled across this in my search for something concerning this.

  13. Please let me know if you’re looking for a writer for your site.
    You have some really great posts and I believe I would be a good asset.
    If you ever want to take some of the load off, I’d really like to write some content for your blog in exchange for a
    link back to mine. Please blast me an e-mail if interested.

    Kudos!

  14. When I originally left a comment I appear to have clicked on the -Notify me when new comments are added- checkbox
    and now whenever a comment is added I recieve
    4 emails with the same comment. Perhaps there is a way you can remove me from that service?
    Appreciate it!

  15. First of all I want to say awesome blog! I had a quick question in which I’d like to ask if you don’t mind.
    I was curious to know how you center yourself and clear your thoughts prior
    to writing. I’ve had difficulty clearing my mind in getting my ideas out.
    I do enjoy writing but it just seems like the first 10 to 15 minutes are generally lost
    just trying to figure out how to begin. Any ideas or hints?
    Appreciate it!

  16. Excellent beat ! I would like to apprentice while you amend your site, how could i subscribe for a blog site?
    The account helped me a acceptable deal. I had been tiny bit acquainted
    of this your broadcast offered bright clear idea

  17. I’m impressed, I must say. Rarely do I come across a blog that’s equally educative and
    engaging, and without a doubt, you’ve hit
    the nail on the head. The issue is an issue that
    not enough men and women are speaking intelligently about.
    I am very happy I came across this in my hunt for something relating to this.

  18. I just like the helpful information you provide to your articles.
    I will bookmark your blog and test once more right here frequently.
    I am rather certain I’ll be told many new stuff right here!
    Best of luck for the following!

  19. Thank you for another informative site. The place else may just I am getting that type of information written in such an ideal approach?
    I’ve a undertaking that I am simply now working on, and I have been on the look out for such
    information.

  20. I feel that is among the most significant info for me.
    And i’m glad reading your article. However should observation on few basic things,
    The web site taste is wonderful, the articles is really
    nice : D. Good process, cheers

  21. Hiya! Quick question that’s entirely off topic. Do you know how to make your site mobile
    friendly? My blog looks weird when viewing from my iphone 4.

    I’m trying to find a theme or plugin that might be able to resolve this problem.
    If you have any recommendations, please share.
    With thanks!

  22. hi!,I like your writing so a lot! percentage we
    communicate more about your post on AOL? I require an expert on this house to resolve
    my problem. Maybe that is you! Looking forward to peer
    you.

  23. Unquestionably believe that which you stated. Your favorite reason seemed
    to be on the web the simplest thing to be aware of. I say to you,
    I certainly get irked while people think about worries that they
    plainly do not know about. You managed to hit the nail upon the top and also defined out the
    whole thing without having side-effects , people can take a signal.
    Will probably be back to get more. Thanks

  24. Attractive section of content. I just stumbled upon your website and in accession capital
    to assert that I get actually enjoyed account your blog posts.
    Any way I’ll be subscribing to your augment and even I achievement you access consistently quickly.

  25. I do accept as true with all of the concepts you’ve offered in your post.
    They are very convincing and will certainly work. Nonetheless,
    the posts are very short for starters. May just you please prolong
    them a little from subsequent time? Thank you for the post.

  26. Hmm it seems like your blog ate my first comment (it was
    super long) so I guess I’ll just sum it up what
    I had written and say, I’m thoroughly enjoying your blog.
    I too am an aspiring blog blogger but I’m still new to the whole thing.
    Do you have any tips and hints for newbie blog writers?
    I’d certainly appreciate it.

  27. Thanks on your marvelous posting! I really enjoyed reading it, you might be a great author.

    I will make sure to bookmark your blog and will often come back
    in the future. I want to encourage you to definitely continue your great writing, have a nice day!

  28. Can I simply just say what a relief to discover someone
    who actually understands what they are discussing on the internet.
    You actually realize how to bring an issue to light and make it important.

    More and more people ought to look at this and understand this side of your story.
    I was surprised that you’re not more popular because you surely possess the gift.

  29. Great beat ! I wish to apprentice even as you amend your website, how could i subscribe for
    a blog site? The account helped me a acceptable deal.
    I were tiny bit familiar of this your broadcast provided vibrant
    transparent concept

  30. I used to be recommended this blog by way of my cousin. I’m not positive whether or not
    this submit is written by him as no one else understand such
    special approximately my problem. You are incredible!

    Thank you!

  31. Excellent post. I used to be checking constantly this blog and I am inspired!
    Very useful info specifically the remaining part 🙂
    I maintain such information much. I used to be looking for this certain info for a very lengthy time.

    Thanks and good luck.

  32. I like the valuable info you provide for your articles.

    I will bookmark your blog and test again right
    here regularly. I’m quite sure I’ll be informed many new stuff
    proper here! Best of luck for the next!

  33. I would like to thank you for the efforts you’ve put in penning this site.
    I’m hoping to view the same high-grade content from you later on as well.

    In fact, your creative writing abilities has inspired me to get my
    very own blog now 😉

  34. What i do not realize is if truth be told how you are not
    really much more well-liked than you might be right now.
    You are very intelligent. You understand therefore significantly relating
    to this subject, made me personally consider it from a lot of varied angles.
    Its like women and men aren’t interested except
    it is one thing to do with Lady gaga! Your individual stuffs great.
    At all times care for it up!

  35. Fantastic blog! Do you have any tips and
    hints for aspiring writers? I’m hoping to start my own blog
    soon but I’m a little lost on everything.
    Would you propose starting with a free platform like WordPress or go for a paid
    option? There are so many options out there that I’m completely confused ..
    Any suggestions? Thanks a lot!

  36. May I simply just say what a comfort to find somebody who truly understands what they are talking about over the internet.
    You certainly understand how to bring an issue to light and make it important.
    More people have to read this and understand this side of your
    story. I was surprised you’re not more popular given that you definitely possess the gift.

  37. What i don’t realize is actually how you are not really much more smartly-preferred than you might be right
    now. You are so intelligent. You realize thus significantly with regards to this subject, made me
    for my part believe it from a lot of various angles. Its like men and women are not fascinated except it’s
    something to accomplish with Lady gaga! Your own stuffs
    great. At all times handle it up!

  38. I’m amazed, I must say. Rarely do I come across a blog that’s both educative
    and entertaining, and without a doubt, you have hit
    the nail on the head. The issue is something that too few
    men and women are speaking intelligently about.
    I am very happy I came across this in my search for something relating to this.

  39. I have been exploring for a little bit for any high-quality articles or blog posts in this kind of area
    . Exploring in Yahoo I at last stumbled upon this web site.
    Reading this information So i am satisfied to exhibit that I’ve
    a very just right uncanny feeling I came upon just
    what I needed. I such a lot undoubtedly will make certain to do not put out of your
    mind this web site and provides it a look on a relentless basis.

  40. I’m impressed, I must say. Rarely do I come across a blog that’s equally educative
    and entertaining, and let me tell you, you have hit the
    nail on the head. The problem is something too few people are speaking intelligently about.

    I am very happy that I found this in my search for something relating to
    this.

  41. Hello There. I found your blog the use of msn. This is a very well written article.
    I’ll make sure to bookmark it and return to learn more of your useful info.

    Thank you for the post. I will certainly
    return.

LEAVE A REPLY

Please enter your comment!
Please enter your name here