Stay up to date on Oracle's Cloud Platform solutions. Get news, tips and tricks to help you on your cloud journey.

  • January 15, 2014

The Application Security Manifesto – The State of Application Security

Author: Greg Jensen, Senior Principal Product Director, Oracle

This is a 2-parter on Oracle AppAdvantage for Security. Tune in next Wednesday for the concluding piece.

During the 1990’s, the world witnessed a revolution in
application development and architecture with the advent of Internet enabled
applications, and services. This brought
an abundance of next generation requirements for these Internet-enabled applications. Some of these requirements included a need
for security, reporting, auditing, maintenance and management, within each
application. Over time, this model has
grown to become overly complex to manage, to maintain, and impossible to fully
evaluate risk and compliance on an ongoing basis. What was needed was a new architecture that
could evolve with the changing business demands.

Security is Necessary
to Transform

Businesses today are faced with a variety of complex
business challenges that require organizations to evolve and remain agile in
their ability to adapt with the demands of new market conditions, customer
needs or with new enabling technologies that promise greater efficiencies, reduced
costs and increased productivity
. One of the key success criteria in today’s competitive environment is a
business model that is capable of transforming as demands and needs call for.

Regardless of the industry your company or organization is
contributing to, each industry has seen more change in the last 2 years than
the previous generation saw in that same industry within a decade or more. The
rate of change is accelerating at levels we have never seen. It doesn’t matter
if you are in Banking,
or even Education,
we are all impacted each day by applications, processes, services and devices
as a function of our jobs, and none of this can be achieved without associating
an “Identity”, as it relates to your users, customers and partners. Identity is what binds all of our industries
together and it is also the component that ENABLES every industry moving

of Application Security

In the past, enterprises have utilized on premise
applications that have been silo’d off from other applications and services by
the use of their own proprietary event/logging systems, policy management and
security frameworks. With the advantages of more capable and unique features
within the apps, this also brings some disadvantages through the use of this
model. These disadvantages include
increased training costs, increased Audit risk and associated costs and longer
provisioning/de-provisioning cycles. Customers are now delivering a new set of requirements to overcome these

State of Application Security

While the average consumer may not understand the role of
Social Media within the enterprise, the fact is, a recent Enterprise Strategy
Group Survey showed that 44% of apps must be social enabled in the near future.
This is a great example of how technology for one vertical was rapidly adapted
to industrial verticals and into applications as part of transforming the way
one did business. Customers are also
looking for ways to re-use and repurpose infrastructure across applications.
This has been seen in areas such as event collection by using a single event
consolidation platform for all applications, to use cases such as reporting
where one can purchase reporting platforms that can pull event information from
numerous applications and present them in a single report platform that is
re-usable across applications. No more proprietary platform. The next big push
is how to separate security from the application and make this a shared service
across all applications. Something you
configure once for a user or an identity, and you simply plug in additional
applications that re-use the identity profile. This causes us to re-think security as a more strategic building block
when we architect our application platforms, and not an afterthought.

In our next Blog, in this series, we will dive deeper into
the Security Transformation Principles that underpin what some are calling the
Great App Re-Architecture, as well as some real world customer case studies on
how this is being applied in today’s enterprises.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.