Change is the only Constant

ApplicationsUsers

InfrastructureDevelopers

Application Landscape

Everything is Changing

TRADITIONAL CLOUD

DEVELOPMENT

DEPLOYMENT

OPERATIONS

BUSINESS MODEL

Monolithic 3-Tier Micro-Services. Containers

Data Center Public. Private. Hybrid.

IT Led Process DevOps. Self-Service. Agile

Appliance Consumption

Application Trends

Attackers are Changing

ONLINE SERVICE

Akshay Mathur

• Cloud Native ADCA10 Networks

• Social ShoppingZinrelo

• WiFi SecurityMojo Networks

Senior Product Manager@akshaymathu

Shared Security Responsibilityin Cloud Deployments

A10 Networks

@akshaymathu

Akshay Mathur

• 43% do not believe security is a top priority among third-party app developers

• 53% think their company's app developers have the skills to build safe business apps

• Half (47%) expect to be protected by their company or third-party app developers

Perception Needs to Change

Source: A10 NETWORKS AIR REPORT 2017

Are Apps Secure in Cloud?

Source: CLOUD SECURITY SPOTLIGHT REPORT 2017

When an Application is Secure

• Controlled Access to Application– Legitimate users are allowed– Illegitimate users are not allowed

• No Disruption of the Service– Resilient infrastructure– Prevention from attacks

• Secure Data– Secure communication– Secure storage

Shared Security: CSP View

Azure AWS

Components of Application Security

Fully Controlled by Cloud Provider

Physical: Cloud Provider

Virtual: App Owner

Full Responsibility on App Owner

Public Cloud Infrastructures are Secure

Network Security

• Configure networking (VPC, Subnet, Instance etc.) properly

• Create both inbound as outbound rules

• Close all not-in-use ports

• Use Bastion Host for managing infrastructure

Application Security Best Practices

• Start with known good base OS image– Apply patches regularly

• Pay attention to the software and libraries– Update regularly

• Write good code– Do not introduce vulnerability

Top Security Threats

Source: CLOUD SECURITY SPOTLIGHT REPORT 2017

Multi-vector Attacks

Internet Pipe

RoutersFirewall

Server

Application

Networking

BandwidthBandwidthBandwidth

Networking

Sophisticated Attacks

ONLINE SERVICE

ONLINE SERVICE

Adaptive Simultaneous

Traffic from Bad Bots

Response Time Optimization

Central Management and Visibility

Top Traffic Management Headaches

CachingTraffic Optimization

App AccelerationWeb Application Firewall

L7 DDoS protection

L7 Security

Data Collection andAnalytics Engine

Monitoring Load BalancingContent based Routing

Traffic Management

Deployment Architecture with Point Solutions

Financial Service Company on AWS

BUSINESS VALUE

Website Mobile Apps Campaigns Facebook

Multiple HA Proxy Load Balancers

Custom integration, Not Elastic, No

visibility

Application

B E F O R E AF T E R

Website Mobile Apps Campaigns Facebook

Application

A10 LADC

•Application Security

•Simpler Architecture

•Productive Team

•Per-App VisibilityController

A10 Lightning Application Delivery Service

DATA

CONTROL

Analytics

Admin Portal API Client

A10 Harmony

Controller

REST

API

Lightning ADC

Cluster

Application ServicesClients

• Web Application Firewall

• Protection from BOTs and Malware

• Advanced L4/L7 Load Balancing

• Application Acceleration

• Per-App Visibility and Analytics

• Anomaly Detection and Alerting

• Elastic Infrastructure

• Programmability with REST APIs

What Organizations want for App Security

Source: CLOUD SECURITY SPOTLIGHT REPORT 2017

Application Security

Infrastructure Security

Network Security

Key Takeaways...

App Owners need to pay attention the

most

Infrastructure Provider takes care of it

Infrastructure Provider guides to

do this right

Common Belief

47% of users

believe that it is the responsibility of their IT team or App Developer to protect them from cyber attacks

Source: AIR (Application Intelligence Report); commissioned by A10 Networks, 2017

Cloud is as Secure asWe Keep it

Thanks

@akshaymathu

amathur@a10networks.com