Cloud-native Architectures: Why application security should be microservices ready

Private cloud, public cloud, hybrid cloud, multi-cloud and now cloud-native. If you are feeling dizzy and confused with all the cloud jargon and how it impacts your application security, you have come to the right place.

Over the last decade, IT has transformed itself into an innovation powerhouse. The conversation has changed from “cost center” to “revenue driver,” with the development and operations teams adopting the DevOps philosophy.

When a digital business is evaluating application security solutions, it quickly becomes apparent that application architecture already in place can be a limiting factor. What if we say that security solutions should work with any cloud infrastructure including serverless frameworks, work natively with continuous integration/continuous deployment (CI/CD) pipelines, containers and Kubernetes orchestration, and enable operations teams to be efficient. Sounds too good to be true? It's okay to be skeptical. Let us explain how this is all possible for a cloud-native application security solution to deploy with any application software stack, with an out-of-band architecture that is coupled with inline server-side enforcement.

PerimeterX Cloud-native Platform

The PerimeterX Platform is a set of cloud-native infrastructure and services that powers an award-winning suite of application protection solutions. The solutions powered by the Platform protect online businesses against automated attacks and client-side threats, and improve operational efficiency.

The key here is the out-of-band deployment without requiring inline traffic processing. The client-side signal collection at the browser or device level done by the PerimeterX Sensor is separated from the processing of the attack data that happens in the cloud-based Detector. This separation of the Sensor and Detector allows the application development for the website to continue without being tied to real-time, in-production updates of threat intelligence and machine learning algorithms to the Detector. The client-side signal collection also happens asynchronously, preserving the end user experience. The Detector is a JavaScript snippet that can be integrated into any website code within minutes without creating friction with application development. The Enforcer is a lightweight server-side implementation with integrations for several CDNs, web servers, load balancers and serverless cloud platforms.

Security solutions should be an enabler for DevOps and the adoption of cloud-native technologies to help drive innovation for your digital business. Here is a shortlist of questions you should be asking your application security vendor to determine the vendor's ability to support your cloud adoption initiatives.

Key questions to ask your application security vendor:

• Does your solution enable agile application development?
• Does your solution work with microservices architectures?
• Does your solution offer native support for Kubernetes?
• Can your solution scale out automatically without requiring provisioning or changes to continuous delivery?
• Does your solution have APIs to support cloud-native app development?
• What APIs and data integrations are available to support self-service operations and unified dashboards?
• Does your solution require downtime to update security policies or threat intelligence data?
• What is the portability of your solution when moving from one cloud environment/CDN to another?
• Does your solution work equally well across Amazon AWS, Microsoft Azure and Google Cloud?
• Can your solution work with web servers deployed on-premises or within our data center?
• Does your solution have code snippets on GitHub so that software development can automate integration?
• Does your solution help align application development, operations teams and security teams and increase operational efficiency?

For more information on protecting your digital business natively in the cloud, get a complimentary 1-on-1 consultation with a certified cloud solutions architect here.