Delivering Web apps securely and efficiently

Most enterprises deliver their business-critical applications to end users over the Web, but there are always concerns with that practice. In a recent Nemertes study on Web application delivery, 80% of IT executives said that they were most concerned about security, followed by 75% who said they were concerned about performance.

Delivering Web applications securely and efficiently is challenging, especially if external users (partners, suppliers or customers) receive the application outside the network perimeter.

Traditional security measures, such as network-layer firewalls and IDS/IPS systems, are often insufficient when it comes to protecting Web applications. While network-layer security provides some protection against malicious traffic, it does not address protocol, operating system and application vulnerabilities that may be exposed at the application layer. To fully protect a Web application, IT executives must apply security at the application layer.

Several companies offer “application front-ends” to enhance the security or performance of Web applications. These appliance-based products, from vendors like Redline, Netscaler, Caymas, Kavado and Teros, often combine security features with performance acceleration in one package. While Redline and Netscaler are primarily focused on performance, they offer a few security features such as content inspection and blocking. In contrast, Caymas, Kavado and Teros are more focused on security, with a sprinkling of performance features.

The technology roadmaps of all these vendors indicate a trend towards consolidation of the security and performance features on a single “secure application front-end” (SAFE). This trend was further highlighted this week by the announcement of a partnership between Netscaler and Teros.

Appliance-based security and performance acceleration offers a number of advantages over more traditional approaches, such as host-based intrusion detection and network-layer security. Appliances offer a special-purpose “hardened” package that can deliver high performance at a low total cost of ownership. For 60% of participants in our study, application front-ends were also a means to reduce “firefighting.”

“We use the application front-ends to get off the patching treadmill,” explained the CIO of a financial services firm. “We can protect un-patched applications, which gives us more time to test and deploy the patches.”

For IT executives deploying business-critical Web applications, security at the network-perimeter is rarely sufficient these days. Deploying secure application front-ends in the data center can bring a much-needed respite from the continuous struggle of scanning for vulnerabilities and patching. The combination of performance and security features allows IT executives to deploy a single appliance that can increase security, reduce cost of ownership and dramatically improve application performance.

IT executives should decide on the “mix” of security and performance enhancement they need and pick an application front-end vendor that addresses their requirements.