Hyperguarding your Web Applications

@Hoff’s “Cloud Providers & Security” Beef Post

Posted by hyperguard on October 5, 2009

Couldn’t agree more! Hoff hits a key security issue for the cloud space. Speaking from the WAF standpoint, complexity is the main issue. For a cloud provider to offer full security services for any customer, they will have to migrate a host of issues.

  1. Right up front, hardware WAF’s are out (scaling dictates software). The anti-virtualization appliance solutions will cripple a provider. Imagine 500 applications (each a separate customer for the cloud provider) in need of 500 sets of WAF boxes. This could mean 1,000’s of appliances pending the traffic capacity of each box.
  2. Granular black / white / grey listing filters are a must. For the 500 customers, each will have very different WAF needs and in order for the cloud provider to have a reasonable offering, the WAF must cover each customer’s needs, otherwise it will have little value. Further, rulesets must be grouped by customer > by application > by filter > by detect or protect.
  3. Integration with source code analyzers is key. By linking the two tools, the cloud provider will be able to monitor and react proactively to attacks across all 500 applications. Think of the value the provider would be able to offer customers (new revenue streams?).

Art of Defence’s CTO defined what this might look like and the pressures of the cloud in this white paper. Worth a read if you’re a cloud provider considering integrating a WAF.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: