Ah, those were the days, weren’t they? When you needed a way to add security at several layers to your network and application network infrastructure but knew that implementing a solution capable of securing those pesky applications was more than likely going to end up with poor performance and angry users. When you needed to add something to secure applications and the network against the growing wave of attacks but knew that doing so would negatively impact performance.

It was a tough choice, and most people ended up going the route of maintaining application performance at the expense of security because the choice was really not a choice at all.

Remember when you had to re-architect your network in order to add security solutions? And in the end you went the route of a configuration that would merely let you see attacks occurring, but weren’t necessarily configured to stop them? All so you could maintain performance of applications and not risk violating service-level agreements.

Remember when adding web application security, e.g. a web application firewall, meant you were necessarily going to decrease capacity and performance? You knew you needed one, if only to give developers time to address vulnerabilities but still maintain some sane level of protection against increasing web attacks, but you also knew that doing so was going to negatively impact your entire infrastructure in some way.

Remember the drain on your budget, too? Yeah, I remember that. You didn’t really have the budget for a stand-alone, point security solution so you went the route of an “integrated” security solution that turned out to be not so integrated after all. The only real integration was that it could be listed as a line item in the same purchase order.

Remember too the pain in tweaking those solutions? Network and application performance wasn’t the only thing impacted. You knew that trying to deploy a security solution specifically for applications like Microsoft SharePoint and Exchange, or Oracle Applications, meant that you were going to spend days if not weeks tweaking the solution until it was properly configured for your environment. Your performance was going to degrade, too, and you worried about how you were going to deploy and configure a new security solution while getting everything else on your task list accomplished.

Those were the days of niche application security products; of solutions with complex configurations aimed at addressing specific pain points like insecure platforms and application, and less than optimally performing networks. When web application security solutions were always a speed-bump in your well-performing infrastructure. When deploying security solutions meant that you were introducing choke points into the infrastructure and reducing the capacity of existing application delivery network solutions, ultimately impeding performance.

Those were painful days, when the choices you had were really no choice at all.

Aren’t you glad those days are (almost) over?