Asia's Source for Enterprise Network Knowledge

Monday, May 27th, 2019

Secure Your Cloud

How innovative organizations balance app security, performance

The top three cited barriers to achieving a strong application security posture – found in an F5-Ponemon survey conducted as part of the F5 Labs 2018 Application Protection Report – are the “lack of visibility in the application layer”, “lack of skilled or expert personnel”, and “migration to the cloud environment”. 

Slightly more than a quarter of organizations polled rely on web application firewalls to secure applications – the others being application scanning (20%) and penetration testing (19%). Surprisingly, 26% of organizations do not deploy application hardening procedures, a useful way to bolster application security.

In their quest to secure applications, most IT leaders know how important application performance is to the continued success of a digital business, especially when serving end-users who have taken always-on, low-latency and secure responses to their requests for apps and data for granted. More than 80% of us have deleted an application because of poor performance. Put simply, security is important, but so is performance.

Several innovative organizations have found ways to achieve that balance. 

Traffic snarl

One of Hong Kong’s largest securities firms, ET Net, delivers accurate, timely information on its financial information platform involving more than 100 financial institutions, including leading retail and commercial banks. However, the explosion of mobile trading has led to new challenges arising from new types of potential security breaches and insufficient capacity to handle the surge in network traffic from mobile applications. 

Given the time-sensitive nature of the trading industry, ET Net aimed to boost efficiency and enhance network security without compromising high-speed performance. The F5 BIG-IP Application Security Manager (ASM) web application firewall (WAF) that it deployed now detects and mitigates malicious bots before they begin affecting traffic. This also ensured availability and smooth performance of its financial information platform even when it is under attack.

ET Net also upgraded its BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS for its two data centers in Hong Kong, gaining strong offload and processing capabilities – such as SSL performance to encrypt everything while protecting end-to-end user experience – without adding more servers to the existing infrastructure. Additionally, the BIG-IP DNS solution helps direct user traffic to the right environment to improve network availability.

“The solutions helped us maximize network performance and speed up application delivery time, while ensuring a high level of security,” said Daniel Choi, systems director at ET Net. “These are crucial for us to fulfill our promises of offering best-in-class services to our customers and enabling them to succeed.”

Long-term view

Like ET Net, Infosys – India’s second largest IT services company and a global leader in technology and consulting services – was able to optimize its data center infrastructure to ensure availability, security and performance of its intranet apps to meet current and future requirements. 

The enterprise’s network infrastructure that serves its large and geographically diverse employees was already strained by the massive amount of data traffic. The shift towards mobile applications had further fueled exponential growth in data volume. 

By deploying the F5 BIG-IP LTM and BIG-IP ASM solutions, Infosys was able to consolidate multiple data centers onto a single application delivery controller platform for more efficient management and control. The solutions also allowed Infosys to secure its intranet applications while providing employees with an enhanced user experience.

“There is an increased momentum of cloud adoption within our DevOps teams”, said Vadiraj Adiga, industry principal at Infosys. “We wanted a comprehensive solution that provides a secure cloud federation and seamless policy enforcement that would make us future ready.”

Farther afield,The Port Authority of Jamaica is another organization that has boosted both critical data security and performance – particularly the performance of its Port Community System (PCS) in the Microsoft Azure cloud – while gaining the flexibility and scalability to scale for future growth.

On the security front, the F5 BIG-IP Advanced Firewall Manager (AFM) provided application-centric protection, network DDoS protection, SSL inspection and termination, deep visibility and reporting and centralized policy management. These helped to increase confidence of its partners like the Jamaica Customs Department in the PCS. 

And although Azure offers some native load balancing features, the Port Authority opted to deploy F5 BIG-IP LTM because of its flexibility in intelligently managing network traffic and the F5 iRules scripting language for customization. All in, F5 technology also gave the organization a centralized point of control to streamline operations.

“We chose F5 based on its track record in protecting sensitive data for international financial institutions,” said Dwain Powell, PCS director at The Port Authority of Jamaica.

Although many factors can impact application performance and security, the F5 BIG-IP product family offers critical application services that satisfy users’ service performance expectations while keeping their data and applications secure.

This is a QuestexAsia blog post commissioned by F5 Networks Asia Pacific.