Industry Insights with Vince Hwang, Senior Director, Products & Solutions, Fortinet

Application Security , Application Security & Online Fraud , Fraud Management & Cybercrime

Protecting Business-Critical Web Applications: 4 Challenges

How to Protect Dispersed Apps, APIs and Handle Low Visibility, Emerging Threats
Protecting Business-Critical Web Applications: 4 Challenges

In recent years, the adoption of public cloud infrastructures has surged, providing organizations with unparalleled flexibility and scalability. But this shift has also introduced a new set of challenges when it comes to protecting web applications and APIs that are hosted on these platforms.

See Also: Realities of Choosing a Response Provider

1. Dispersed Applications Across Multiple Clouds

In a traditional data center, one would place a web application firewall in front of each web server. But as organizations embrace a multi-cloud strategy, they now need to consider each cloud provider's unique security protocols and configurations. With the required customization, it is difficult to maintain a standardized security and compliance strategy.

Achieving uniformity in security policies across these diverse environments requires careful planning, comprehensive understanding of each provider's offerings, and a proactive approach to harmonize security measures effectively. Security organizations need a WAF that can work across environments and that offers access control, a unified policy, a management portal and the ability to push updates and changes to all sites and environments simultaneously.

2. Loss of Visibility and Control

The dynamic nature of the cloud poses a significant hurdle in maintaining visibility and control over applications. Unlike traditional on-premises environments where organizations have direct control over the infrastructure, the public cloud introduces a level of abstraction.

This abstraction can lead to a loss of visibility into the underlying infrastructure, making it challenging to monitor and secure applications effectively. A strong security solution should have multidimensional visibility that provides high-level dashboards but also allows you to drill down as needed.

3. API Discovery and Protection

Sensitive and business-critical data is often shared by many first- and third-party applications through APIs. Attackers often take advantage of that by stealing session tokens, eavesdropping or injecting various commands. APIs have become so prolific that organizations often find they don't know where every API is hidden, much less if it is protected from these attackers.

With one consistent solution that can help discover and protect both your web applications and APIs, organizations can pave the way for a more secure end-user experience and maintain the speed of innovation expected today.

4. Emerging Threats and Greater Exposure

The one given with technology is that threats will always be there - and constantly evolve. Access control is prone to human errors. Data might be left unguarded. The API ecosystem invites access violations, man-in-the-middle attacks and other attacks. On top of all that, the traffic of sophisticated bots attempting to crack user accounts, scrape data or commit fraud is increasing. Extending environments across on-premises and cloud environments also leaves you with a greater landscape to defend. All of this makes your business vulnerable to exploits.

Security teams should seek a solution that has a continual threat intelligence feed and threat analytics capabilities and that leverages machine learning to detect anomalous behavior. These features will defend against known attacks and bring all incidents into a bigger picture that can show new and developing patterns that may be of concern.

Ideally, given that today's applications can live anywhere across hybrid and multi-clouds, look for a WAF solution that integrates into a robust platform that offers centralized visibility and management and the ability to leverage a broad range of solutions, such as advanced cloud network firewalls, for a more effective response to threats.

By staying informed about emerging threats and choosing a strong WAF built to defend modern environments, organizations can navigate these challenges and create a robust security posture for their web applications and APIs in the cloud.



About the Author

Vince Hwang, Senior Director, Products & Solutions, Fortinet

Vince Hwang, Senior Director, Products & Solutions, Fortinet

Senior Director, Products & Solutions, Fortinet

With over 20 years in cybersecurity leading at the forefront of many industry-firsts and building expertise across a broad range of security topics, Vince Hwang is Senior Director of Products & Solutions at Fortinet where he leads the narrative for Cloud Security. He’s excited by the possibilities of enabling customers to achieve their desired digital acceleration outcomes through cloud and application journeys. Previously, Vince has held key roles driving product strategy and execution at companies that include Cisco, Symantec, and Trend Micro. At Cisco, he led the advanced threat security portfolio and helped forge a path for the EDR and advanced malware protection conversation before these became de-facto customer strategies.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.