Change is the Only Constant: Shared Security in the Cloud
-
Upload
a10-networks -
Category
Technology
-
view
135 -
download
0
Transcript of Change is the Only Constant: Shared Security in the Cloud
TRADITIONAL CLOUD
DEVELOPMENT
DEPLOYMENT
OPERATIONS
BUSINESS MODEL
Monolithic 3-Tier Micro-Services. Containers
Data Center Public. Private. Hybrid.
IT Led Process DevOps. Self-Service. Agile
Appliance Consumption
Application Trends
Akshay Mathur
• Cloud Native ADCA10 Networks
• Social ShoppingZinrelo
• WiFi SecurityMojo Networks
Senior Product Manager@akshaymathu
• 43% do not believe security is a top priority among third-party app developers
• 53% think their company's app developers have the skills to build safe business apps
• Half (47%) expect to be protected by their company or third-party app developers
Perception Needs to Change
Source: A10 NETWORKS AIR REPORT 2017
When an Application is Secure
• Controlled Access to Application– Legitimate users are allowed– Illegitimate users are not allowed
• No Disruption of the Service– Resilient infrastructure– Prevention from attacks
• Secure Data– Secure communication– Secure storage
Components of Application Security
Fully Controlled by Cloud Provider
Physical: Cloud Provider
Virtual: App Owner
Full Responsibility on App Owner
Network Security
• Configure networking (VPC, Subnet, Instance etc.) properly
• Create both inbound as outbound rules
• Close all not-in-use ports
• Use Bastion Host for managing infrastructure
Application Security Best Practices
• Start with known good base OS image– Apply patches regularly
• Pay attention to the software and libraries– Update regularly
• Write good code– Do not introduce vulnerability
Multi-vector Attacks
Internet Pipe
RoutersFirewall
Server
Application
Networking
BandwidthBandwidthBandwidth
Networking
Traffic from Bad Bots
Response Time Optimization
Central Management and Visibility
Top Traffic Management Headaches
CachingTraffic Optimization
App AccelerationWeb Application Firewall
L7 DDoS protection
L7 Security
Data Collection andAnalytics Engine
Monitoring Load BalancingContent based Routing
Traffic Management
Deployment Architecture with Point Solutions
Financial Service Company on AWS
BUSINESS VALUE
Website Mobile Apps Campaigns Facebook
Multiple HA Proxy Load Balancers
Custom integration, Not Elastic, No
visibility
Application
B E F O R E AF T E R
Website Mobile Apps Campaigns Facebook
Application
A10 LADC
•Application Security
•Simpler Architecture
•Productive Team
•Per-App VisibilityController
A10 Lightning Application Delivery Service
DATA
CONTROL
Analytics
Admin Portal API Client
A10 Harmony
Controller
REST
API
Lightning ADC
Cluster
Application ServicesClients
• Web Application Firewall
• Protection from BOTs and Malware
• Advanced L4/L7 Load Balancing
• Application Acceleration
• Per-App Visibility and Analytics
• Anomaly Detection and Alerting
• Elastic Infrastructure
• Programmability with REST APIs
Application Security
Infrastructure Security
Network Security
Key Takeaways...
App Owners need to pay attention the
most
Infrastructure Provider takes care of it
Infrastructure Provider guides to
do this right
Common Belief
47% of users
believe that it is the responsibility of their IT team or App Developer to protect them from cyber attacks
Source: AIR (Application Intelligence Report); commissioned by A10 Networks, 2017