F5 Networks this week announced the integration of F5 Essential App Protect, a software-as-a-service (SaaS) platform for protecting web applications, and Amazon CloudFront, a content delivery network (CDN) service from Amazon Web Services (AWS).
Christine Puccio, vice president of global cloud alliances and go-to-market programs for F5 Networks, said this integration will make it easier to securely deliver data, videos, applications and application programming interfaces (APIs). IT organizations can set up and control the caching functionality of CloudFront through either the Essential App Protect user interface or API, she said.
F5 Networks has been making its security and networking software available on AWS as part of a strategic collaboration agreement between the two companies. Under terms of that alliance, F5 Networks committed to making a wide variety of application services natively available on the AWS public cloud to make it easier for IT teams to streamline processes, including making a web application firewall available in the form of F5 Essential App Protect. Rather than requiring IT organizations to deploy a web application firewall (WAF) on the AWS cloud, F5 Essential App Protect is accessed as a service that runs on top of an instance of Kubernetes.
In the wake of the COVID-19 pandemic, the number of applications being deployed on public clouds has accelerated. As part of that transition, IT organizations are starting to make greater use of CDNs provided by cloud service providers as an alternative to CDN services provided by vendors that have built out their own CDNs to securely deploy those applications. In contrast, cloud services providers are partnering with third-party security companies to secure their CDNs. Regardless of approach, CDNs make it easier to deploy those applications across increasingly distributed computing environments.
Rather than outsourcing security entirely, the F5 Essential App Protect makes it possible for IT teams to co-manage cloud security alongside F5 Networks.
In theory at least, IT organizations are beginning to embrace best DevSecOps practices as part of an effort to shift responsibility for security further left toward developers, who can invoke APIs. In practice, most security tasks are still handled by IT security operations teams who now find themselves struggling to keep pace with the rate that applications are being deployed and updated in the cloud. As organizations rely more on services to secure those applications, the ability to invoke those platforms via either a GUI aimed at security operations teams or an API becomes critical as responsibilities shift over time.
In the meantime, roles within IT organizations are clearly in a state of flux as security, networking and DevOps processes continue to converge. Most cybersecurity teams are short-handed, so the more tasks that can be handled by developers or IT operations teams, the more secure the IT environment should become. The challenge, of course, is security professionals don’t always trust developers or IT operations to do the right thing when it comes to security. As such, security teams will always need to verify the right security controls are in place no matter who implemented them.