Many companies are currently working on the strategic relocation of applications to the cloud. At the same time, they are making their development processes increasingly agile and relying on DevOps approaches in container-based environments. As a result, application landscapes are developing into hybrid multi-cloud environments in more and more companies. These changes have a major impact on the IT security infrastructure. The conventional, central web application firewall is coming under pressure.
A central web application firewall is no longer enough
A centralized and on-premises web application firewall (WAF) to protect against cyber risks – as is still common today – is no longer ideal. On the one hand, this entails an undesirable overhead in network communication in hybrid environments. On the other hand, a central WAF component quickly becomes a bottleneck, especially in agile development approaches and DevOps. To avoid this, it is necessary to integrate the WAF functionality into the cloud platform. To support companies with such challenges, United Security Providers is now one of the first WAF manufacturers to offer the USP Secure Entry Server® as a container-based solution.
Hybrid security functions
When it comes to security, companies need a solution that enables them to reliably protect web applications, mobile apps and services from cyber risks. Regardless of whether these are operated on-premises or in the cloud. Until now, the market has lacked solutions with sophisticated WAF functionalities for hybrid infrastructures. In addition to conventional installation types as a hardware or software appliance, the USP Secure Entry Server® can now also be provided as a container-based deployment. The USP Secure Entry Server® thus covers all of the above requirements for security and agile DevOps approaches.
Enforcing a uniform security baseline
If companies now operate their WAFs not only on-premises but also in the cloud and as containers, centralized management will be indispensable for the uniform enforcement of IT security policies.
Even if application security, and in particular the WAF, is transferred to the responsibility of the application lifecycle and thus to the care of the application manager, it must remain possible to enforce a general, cross-company security baseline.
It must therefore be possible to provide the application owner with a basic configuration that contains the common security baseline and which they cannot adapt or can only adapt to a limited extent. It should therefore be possible for this basic configuration to be maintained by another role (e.g. by a WAF service owner) and be subject to the governance of the CISO.
Enforce access policies centrally: Access management for cloud services
The business wants all users – be they customers, employees or partners – to be able to easily access the applications and services provided for them. Even though access must be simple and user-friendly, multi-factor authentication, or MFA for short, is mandatory when it comes to protecting sensitive data. This requires seamless, flexible risk- and context-based authentication that is centrally managed and controlled by a central policy server. The USP Secure Entry Server® supports all common authentication methods for multi-factor authentication, making it possible to provide the most convenient method for users, depending on the application.
Centralized reporting and detection
The disadvantage of hybrid and distributed WAF nodes is that the corporate security baseline is difficult to enforce and, secondly, centralized, consolidated reporting is not available. Both can be easily addressed and implemented with the centralized solution from USP SES.