Growth in Apps and DevOps
We’re all well aware of the benefits that companies have realized by adopting public cloud. Reducing time to market, shifting costs from CapEx to OpEx, and refocusing on core business concerns. It’s no surprise, then, to see that organizations have adopted a cloud-first strategy for new applications, and are increasingly migrating existing workloads to public cloud environs. Such efforts are behind the forecast from Azure that public cloud capacity will double every 9-12 months for the few years, which means the number of apps hosted in public clouds could reach 30 million by 2017.
Challenges of Public Clouds
That pace could be faster, if not for the challenges enterprises face when trying to move existing apps. While public clouds surely boast the capacity to absorb the growing volumetric, network-based attacks we all accept as inevitable today, application security remains the responsibility of the application developers and owners. And that responsibility is a grave one, indeed, as web-based attacks (request-response) are increasing at an alarming rate. One industry watcher reported seeing a 25% increase in web app attacks in the first quarter of 2016, along with a 236% climb in attacks over HTTPS. While specific attack types tend to vary by industry, no vertical is safe. SQLi and XSS, in particular, are on the rise again, likely because they have a high chance of succeeding when existing apps developed many years ago are exposed.
Organizations, well aware of the threats and the need to address them more definitively, are faced with choosing from an unappealing menu of options. Deploy with limited app security. Delay the project. Deploy a complex solution for which few, if any, IT staff on hand have the skills or experience with to configure and manage. On the upside, the result is generally a more protected application in the public cloud. On the downside is policy sprawl and device silos that create gaps in security that can open up other vulnerabilities. That’s not even taking into consideration the potential risk that security-related services will negatively impact application availability and performance, causing productivity to suffer and profits to plummet.
Fortunately, public cloud providers like Microsoft have done a lot to address these concerns by building more security capabilities directly into the cloud infrastructure and partnering with established security vendors that are already deployed widely in private data centers.
F5 and Microsoft Azure Security Center: Integration with ease of deployment and compliance
Enterprises have relied on F5’s application security solutions for over a decade. Many of these implementations have been in private data centers on both F5 BIG-IP hardware and software-based virtual editions. With the rise of public cloud, F5 has extended its security solutions for application workloads into those environments as well, and F5 is proud to have been available in the Microsoft Azure Marketplace for close to a year as a virtual appliance.
Now, with today’s introduction of Azure Security Center, F5 has demonstrated its continued application security leadership with greater integration and ease of deployment. The latest F5 web application firewall (WAF) solution for Azure helps enterprises meet compliance requirements and protect their assets against new and existing application threats and DDoS attacks.
“Azure Security Center discovers workloads where web application firewalls are recommended and integrates provisioning, monitoring, and alerting from leading solution providers like F5,” said Michal Braverman-Blumenstyk, General Manager for Azure Cybersecurity at Microsoft. “Our customers benefit from a unified view of security across their Azure deployments, including F5 BIG-IP appliances they have deployed, making it easy for them to bring their trusted security solutions to the cloud.”
At its core, the F5 WAF solution is powered by industry-proven and ICSA-certified BIG-IP Application Security Manager (ASM) and Local Traffic Manager (LTM) technologies as a pre-configured virtual service within the Azure Security Center. With this service, IT can regain data center-level control and customization in the Azure public cloud environment. The service provides comprehensive application layer protection and is easily activated using three protection levels pre-defined by F5 security experts.
Admins or developers can simply select the F5 service, determine the appropriate protection level, and within minutes start to defend their apps against threats. Real-time security reports and analytics from F5 for the applications are integrated back into Azure Security Center for a single dashboard of valuable information and insights for app developers, central IT, and security teams.
“The turnkey F5 WAF solution for Azure Security Center leverages F5 security and automation expertise to make deployment and configuration simpler,” said Damir Vrankic, Director of Cloud Product Management at F5. “This enables more users, including DevOps teams, to improve protection of their applications in Azure.”
F5 offers the flexibility to activate its WAF service as-is or by running BIG-IP ASM and LTM as Azure VMs. While we recommend initially selecting one of the pre-configured protection levels to immediately help meet compliance policies, enterprises do not need to stop there. Once the F5 WAF service is activated, there is access to the full set of advanced ASM features, which allows further customization to meet unique application or organizational needs. Or take advantage of the built-in Rapid Policy Builder capability to automate security policy creation.
Just as important, deploying F5 in Azure lets organizations extend existing security policies to maintain consistency across public cloud environments, use existing iApps templates and iRules, and leverage existing F5 licenses via the Bring Your Own License (BYOL) option.