Cloud environments can be key resources for IT teams leveraging enhanced scalability and lower expenses, but there are security concerns when it comes to moving organizations’ sensitive applications and data into the cloud. With BIG-IP solutions, customers can assign policy-based access permissions based on user, location, device, and other variables. This enables organizations to extend context-aware access to corporate materials while keeping their most valuable assets secure whether the data stored is in the data center, internal cloud, or external cloud. Additional details on how F5 helps organizations securely extend enterprise data center architecture to the cloud can be found in a separate F5 announcement issued earlier this week.
The BIG-IP v10.2 release introduces new security functionality throughout the BIG-IP product family. By unifying application delivery, security, optimization, and access control on a single platform, security capabilities can be extended across data center environments and in the cloud. F5 security solutions provide comprehensive application security, including packet filtering, port lockdown, attack protection, network/administrative isolation, protocol validation, dynamic rate limiting, SSL termination, access policy management, and much more.
F5 security solutions and the new BIG-IP v10.2 enable customers to:
Enhance Attack Protection and Safeguard Applications
BIG-IP Application Security Manager (ASM™) is a flexible web application firewall (WAF) that not only protects against common vulnerabilities like those listed in the OWASP Top Ten, but can also be tailored to provide policy-based security for organizations’ specific security needs. The new release of BIG-IP includes easy-to-implement protection from dangerous Cross-Site Request Forgery attacks. Many web applications are vulnerable to this attack and alternative solutions can be expensive and complex to implement and maintain. BIG-IP ASM can now protect applications against Cross-Site Request Forgery (CSRF) attacks with simple checkbox configuration.
Simplify Management of Access Control for Applications in the Cloud
With BIG-IP Edge Gateway, enterprises can implement strong authentication, authorization, and encryption policies to make sure data is kept secure as it traverses the cloud. By unifying access and acceleration services on a single, optimized device, BIG-IP Edge Gateway simplifies and centralizes management tasks, and helps IT teams consolidate their infrastructure to reduce CapEx and OpEx costs.
Improve Mobile and Remote User Experience
Adding to the current services of advanced roaming, domain detection, and automatic connection, new security services integrate the BIG-IP Edge Client with the Microsoft Windows logon process. By caching logon credentials the first time they are entered, mobile and remote users can seamlessly access applications via a common VPN model, and this authentication can further be utilized by BIG-IP Edge Gateway to provide access control for cloud applications as well as traditional enterprise applications.
Reduce Infrastructure Costs of Supporting Common Access Cards (CAC)
BIG-IP Local Traffic Manager with the Advanced Client Authentication™ (ACA) now supports Kerberos Protocol Transition. This capability can reduce the infrastructure required to allow multiple agencies who authenticate using CAC cards to access a shared application. Customers can simplify authentication, eliminate a tier of infrastructure to reduce costs, and streamline access management.
“Deploying applications in the cloud can create significant security headaches for IT if the right supporting pieces aren’t in place,” said Mark Vondemkamp, Director of Product Management for Security at F5. “Administrations need an integrated approach to application security—no matter where the applications are deployed—to maintain access control standards when applications are deployed in a cloud scenario. BIG-IP solutions address organizations’ needs by combining simplified application access and ICSA-certified security solutions in a unified, flexible solution architecture.”
“What I love about the F5 solution is that it enables organizations to maintain their own security policies rather than adapt to those of a cloud provider and trust that they will keep those applications and user data secure,” says Patrick McFadin, Director of Systems and Architecture at Hobsons. “With Global Traffic Manager and the BIG-IP Edge Gateway, organizations can maintain centralized control of and provide all of their authentication services inside the firewall, and then, through secure connections, redirect a user to an application, regardless of where it’s located—in the network or in the cloud. It lets organizations provide unified security across all of their applications.”
“Malicious attackers get more and more aggressive every day, so it is important for us to protect our private corporate and customer information with the highest levels of security,” said Brad Trankina, Director of Network and Information Systems at Human Kinetics. “F5’s ASM is a great WAF and we are excited to see that protection from CSRF attacks is now so easy to configure with just a few clicks of the mouse.”
“It's fashionable to pontificate about how security issues are holding back cloud computing, but unfortunately there is still more attention on industry rhetoric and not enough on providing solutions,” said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group. With these announcements, F5 is going beyond talking and taking a leading role in cloud security solutions. What's more, F5's solutions provide a bridge between internal security controls and the cloud. This will be especially attractive to highly-regulated security-centric industries like financial services, health care, and government organizations.”
BIG-IP Version 10.2 will be available in April. To learn more about F5’s BIG-IP solutions, please visit www.f5.com/products/big-ip/. For more information on F5’s portfolio of security solutions, go to www.f5.com/solutions/security/.
Securing the Cloud – White paper
F5 Cloud Computing Solutions Overview
Security slideshare presentation
Hobsons case study
About F5 Networks
F5 Networks is the global leader in Application Delivery Networking (ADN), focused on ensuring the secure, reliable, and fast delivery of applications. F5’s flexible architectural framework enables community-driven innovation that helps organizations enhance IT agility and dynamically deliver services that generate true business value. F5’s vision of unified application and data delivery offers customers an unprecedented level of choice in how they deploy ADN solutions. It redefines the management of application, server, storage, and network resources, streamlining application delivery and reducing costs. Global enterprise organizations, service and cloud providers, and Web 2.0 content providers trust F5 to keep their business moving forward. For more information, go to www.f5.com.