posted on Tuesday, May 25, 2010 9:43 AM
CloudFucius has explored Cloud Security with AAA Important to the Cloud and Hosts in the Cloud along with wanting An Optimized Cloud. Now he desires the sweet spot of Cloud Application Delivery combining Security and Acceleration. Few vendors want to admit that adding a web application security solution can also add latency, which can be kryptonite for websites. No website, cloud or otherwise, wants to add any delay to users’ interaction. Web application security that also delivers blazing fast websites might sound like an oxymoron, but not to CloudFucius. And in light of Lori MacVittie’s Get your SaaS off my cloud and the accompanying dramatic reading of, I’m speaking of IaaS and PaaS cloud deployments, where the customer has some control over the applications, software and systems deployed.
It’s like the old Reese’s peanut butter cups commercial, ”You’ve stuck your security in our acceleration.” “Yeah, well your acceleration has broken our security.” Securing applications and preventing attacks while simultaneously ensuring consistent, rapid user response, is a basic web application requirement. Yet web application security traditionally comes at the expense of speed. This is an especially important issue for online retailers, where slow performance can mean millions of dollars in lost revenue and a security breach can be just as devastating as more than 70 percent of consumers say they would no longer do business with a company that exposed their sensitive information.
Web application performance in the cloud is also critical for corporate operations, particularly for remote workers, where slow access to enterprise applications can destroy productivity. As more applications are being delivered through a standard browser from the cloud, the challenge of accelerating web applications without compromising security grows. This has usually required multiple dedicated units either from the customer or provider, along with staff to properly configure and manage them. Because each of these “extra” devices has its own way of proxying transactions, packets can slow to a crawl due to the extra overhead of TCP and application processing. Fast and secure in a single, individually wrapped unit does seem like two contrary goals.
The Security Half
As the cloud has evolved, so have security issues. And as more companies become comfortable deploying critical systems in the cloud, solutions like web application firewalls are a requirement, particularly for regulatory compliance situations. Plus, as the workforce becomes more mobile, applications need to be available in more places and on more devices, adding to the complexity of enforcing security without impacting productivity. Consider that a few years back, the browser’s main purpose was to surf the net. Today, browser usage is a daily tool for both personal and professional needs. In addition to the usual web application activities like ordering supplies, checking traffic, and booking travel, we also submit more private data like health details and payroll information. The browser acts as a secret confidant in many areas of our lives since it transmits highly sensitive data in both our work and social spheres. And it goes both ways; while other people, providers, sites, and systems have our sensitive data, we may also be carrying someone else’s sensitive data on our own machines. Today, the Could and really the Internet at large is more than a function of paying bills or getting our jobs done—it holds our digital identity for both work and play. And once a digital identity is out there, there’s no retracting it. We just hope there are proper controls in place to keep it secret and safe.
The Acceleration Half
For retail web applications and search engines, downtime or poor performance can mean lost revenue along with significant, tangible costs. A couple years ago, the Warwick Business School published research that showed it can be more than $500,000 in lost revenue for an unplanned outage lasting just an hour. For financial institutions, the loss can be in the several million dollar range. And downtime costs more than just lost revenue. Not adhering to a service level agreement can incur remediation costs or penalties and non-compliance with certain regulatory laws can result in fines. Additionally, the damage to a company’s brand reputation—whether it’s from an outage, poor performance, or breach—can have long-lasting, detrimental effects to the company.
These days, many people now have high-speed connections to the home accessing applications in the cloud. But applications have matured and now offer users pipe-clogging rich data like video and other multi-media. If the website is slow, users will probably go somewhere else. It happens all the time. You type in a URL only to watch the browser icon spin and spin. You might try to reload or retype, but more often, you simply type a different URL to a similar site. With an e-commerce site, poor performance usually means a lost sale because you probably won’t wait around if your cart doesn’t load quickly or stalls during the secure check-out process. If it’s a business application and you’re stuck with a sluggish site, then that’s lost productivity, a frustrated user and can result in a time-consuming trouble ticket for IT. When application performance suffers, the business suffers.
What’s the big deal?
Typically, securing an application can come at the cost of end-user productivity because of deployment complexity. Implementing website security—like a web application firewall—adds yet another mediation point where the traffic between the client and the application is examined and processed. This naturally increases the latency of the application especially in the cloud, since the traffic might have to make multiple trips. This can become painfully apparent with globally disbursed users or metered bandwidth agreements but the solution is not always simple. Web application performance and security administration can cross organizational structures within companies, making ownership splintered and ambiguous. Add a cloud provider to the mix and the finger pointing can look like Harry Nilsson's The Point! (Oh how I love pulling out obscure childhood references in my blogs!!)
The Sweet Spot
Fortunately, you can integrate security and acceleration into a single device with BIG-IP Local Traffic Manager (LTM) and the BIG-IP LTM Virtual Edition (VE). By adding the BIG-IP Application Security Manager (ASM) module and the BIG-IP WebAccelerator module to BIG-IP LTM, not only are you able to deliver web application security and acceleration, but the combination provides faster cloud deployment and simplifies the process of managing and deploying web applications in the cloud. This is a true, internal system integration and not just co-deployment of multiple proxies on the same device. These integrated components provide the means to both secure and accelerate your web applications with ease. The unified security and web application acceleration takes a single platform approach that receives, examines, and acts upon application traffic as a single operation, in the shortest possible time and with the least complexity. The management GUI allows varying levels of access to system administrators according to their roles. This ensures that administrators have appropriate management access without granting them access to restricted, role-specific management functions. Cloud providers can segment customers, customers can segment departments.
The single-platform integration of these functions means that BIG-IP can share context between security and acceleration—something you don’t get with multiple units and enables both the security side and the acceleration side to make intelligent, real-time decisions for delivering applications from your cloud infrastructure. You can deploy and manage a highly available, very secure, and incredibly fast cloud infrastructure all from the same unified platform that minimizes WAN bandwidth utilization, safeguards web applications, and prevents data leakage, all while directing traffic to the application server best able to service a request. Using the unified web application security and acceleration solution, a single proxy secures, accelerates, optimizes, and ensures application availability for all your cloud applications.
And one from Confucius: He who will not economize will have to agonize.
ps
The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6
Related:
Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog, law
twitter: @psilvas
