Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Solutions that allow businesses to reduce complexity, develop and deploy applications and APIs, and protect those applications and APIs are no fairy tale.

Joshua Goldfarb, Global Solutions Architect — Security

November 14, 2022

5 Min Read
Illustration of a fairy tale castle popping up out of a book
Source: agefotostock via Alamy Stock Photo

Once upon a time, enterprise applications were deployed and delivered on-premises or in data centers. Managing the life cycle of these applications was not simple, though in time we learned. We also learned over time how to instrument the environment to collect telemetry data and use that data to monitor the applications for security and fraud threats.

Just when we had a handle on that model, things started changing. New environments, such as cloud, multicloud, edge, and hybrid started emerging. Groups such as AppDev, DevOps, SecOps, and NetOps that had learned how to manage in the traditional enterprise environment now found themselves needing to learn how to manage in a variety of environments. Each of these environments has its own technology stacks, controls, policies, processes, and procedures — not to mention the different skill sets and personnel required to manage, operate, and maintain these different environments.

These changes introduce a few marked challenges in managing the life cycle of applications and securing them:

  • Difficulty managing and securing environments due to increased complexity (multiple complex environments).

  • Difficulty deploying and managing applications and APIs across environments.

  • Difficulty protecting those applications and APIs from security and fraud threats.

For many businesses, these challenges have quickly introduced a variety of problems. Maintaining a team large and well-trained enough to successfully manage, operate, and maintain these environments is difficult for all but the largest enterprises. Managing, operating, and maintaining technology infrastructure, security stacks, and fraud technologies across environments has become prohibitively expensive.

Complexity is the enemy of security — adequately protecting applications and APIs has been hampered by the unruly mess that infrastructure has become. And enforcing consistent and effective controls, policies, processes, and procedures across environments has become nearly impossible.

Given these challenges, how can organizations:

  1. Reduce complexity?

  2. Develop and deploy applications and APIs anywhere at the speed the business requires?

  3. Protect applications and APIs from security and fraud threats?

Thankfully, businesses — even those that are not the largest of enterprises — now have some viable options. In other words, despite the words I used to start this piece, addressing these challenges is not a fairy tale. There are some solutions that allow businesses to achieve the three goals mentioned above.

1. Reducing Complexity

As environments have grown more complex, a whole family of solutions has arisen around abstracting and simplifying the complexities of hybrid and multicloud environments. Businesses can now leverage options that will allow them to more easily manage technology stacks, manage controls and policies across environments, manage application development and deployment, instrument the environment to collect telemetry data, and monitor the environment for security, compliance, and fraud purposes.

These solutions generally abstract away the complexities of individual environments and provide businesses with an easy-to-use central console where they can leverage various components to build the workflows they need while satisfying necessary requirements. These solutions most often handle the translation and mapping from the logical components and workflows that the organization sets up to the physical implementations across various environments.

Having one centralized location in which technology, controls, policies, applications, APIs, telemetry, and other aspects of the infrastructure can be viewed, modified, audited, monitored, and reviewed gives businesses huge value when it comes to managing, operating, and maintaining complex, modern infrastructures.

2. Developing and Deploying Applications and APIs Anywhere at Speed

Each year, more revenue moves to digital channels. As this happens, businesses need to remain competitive in a rapidly changing marketplace. An important part of remaining competitive is being able to deploy applications and APIs at the speed the business requires. Doing so requires having a good handle on the development life cycle across a variety of environments.

As environments have grown more complex, so has managing the life cycle of applications and APIs. Given this, it is not surprising that a crop of solutions has arisen around simplifying and managing the development and deployment of applications and APIs across multiple complex environments. Leveraging a solution that simplifies and standardizes the development and deployment of applications and APIs across a variety of environments can help businesses keep up with the demanding pace of the marketplace. This, in turn, allows businesses to be more competitive and to avoid losing revenue because they can't meet customer needs in the digital channels.

3. Protecting Applications and APIs From Threats

As environments have grown more complex, so has protecting applications and APIs from security and fraud threats. It is logical, then, that solutions designed to facilitate API discovery, application and API protection, anti-bot/anti-automation across multiple complex environments have become popular of late.

First off, before we can protect our applications and APIs, we need to know what they are and where they are. Despite our best efforts to control and monitor the development and deployment life cycle, cases of infrastructure, applications, and APIs are always popping up without the knowledge or support of IT and security. It is because of this that discovery is so important.

Assuming we have a decent handle on what applications and APIs we have and where they are, we can move to focusing on protecting those applications and APIs from security and fraud threats. This includes protecting them from fraud/business logic abuse, unauthorized access, breaches, theft of PII or other sensitive data, and automated attacks.

This level of protection was difficult enough in the days of the enterprise network. With the complexity of today's environments, it has become even more difficult. This is another area in which businesses can look for solutions to help them discover their applications and APIs and protect them from a variety of threats.

The infrastructure complexities that modern businesses need to contend with are no laughing matter. That said, there are solutions that allow businesses to reduce complexity, develop and deploy applications and APIs anywhere at the speed the business requires, and protect those applications and APIs from security and fraud threats. It is no longer a fairy tale.

About the Author(s)

Joshua Goldfarb

Global Solutions Architect — Security, F5

Josh Goldfarb is currently Global Solutions Architect — Security at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights