The Application Security Manifesto – The State of Application Security
By Tanu Sood on Jan 15, 2014
Author: Greg Jensen, Senior Principal Product Director, Oracle
This is a 2-parter on Oracle AppAdvantage for Security. Tune in next Wednesday for the concluding piece.
During the 1990’s, the world witnessed a revolution in application development and architecture with the advent of Internet enabled applications, and services. This brought an abundance of next generation requirements for these Internet-enabled applications. Some of these requirements included a need for security, reporting, auditing, maintenance and management, within each application. Over time, this model has grown to become overly complex to manage, to maintain, and impossible to fully evaluate risk and compliance on an ongoing basis. What was needed was a new architecture that could evolve with the changing business demands.
Security is Necessary to Transform
Businesses today are faced with a variety of complex business challenges that require organizations to evolve and remain agile in their ability to adapt with the demands of new market conditions, customer needs or with new enabling technologies that promise greater efficiencies, reduced costs and increased productivity. One of the key success criteria in today’s competitive environment is a business model that is capable of transforming as demands and needs call for.
Regardless of the industry your company or organization is contributing to, each industry has seen more change in the last 2 years than the previous generation saw in that same industry within a decade or more. The rate of change is accelerating at levels we have never seen. It doesn’t matter if you are in Banking, Insurance, Transportation, Construction, Government, Healthcare or even Education, we are all impacted each day by applications, processes, services and devices as a function of our jobs, and none of this can be achieved without associating an “Identity”, as it relates to your users, customers and partners. Identity is what binds all of our industries together and it is also the component that ENABLES every industry moving forward.
State of Application Security
In the past, enterprises have utilized on premise applications that have been silo’d off from other applications and services by the use of their own proprietary event/logging systems, policy management and security frameworks. With the advantages of more capable and unique features within the apps, this also brings some disadvantages through the use of this model. These disadvantages include increased training costs, increased Audit risk and associated costs and longer provisioning/de-provisioning cycles. Customers are now delivering a new set of requirements to overcome these issues.
Next State of Application Security
While the average consumer may not understand the role of Social Media within the enterprise, the fact is, a recent Enterprise Strategy Group Survey showed that 44% of apps must be social enabled in the near future. This is a great example of how technology for one vertical was rapidly adapted to industrial verticals and into applications as part of transforming the way one did business. Customers are also looking for ways to re-use and repurpose infrastructure across applications. This has been seen in areas such as event collection by using a single event consolidation platform for all applications, to use cases such as reporting where one can purchase reporting platforms that can pull event information from numerous applications and present them in a single report platform that is re-usable across applications. No more proprietary platform. The next big push is how to separate security from the application and make this a shared service across all applications. Something you configure once for a user or an identity, and you simply plug in additional applications that re-use the identity profile. This causes us to re-think security as a more strategic building block when we architect our application platforms, and not an afterthought.
In our next Blog, in this series, we will dive deeper into the Security Transformation Principles that underpin what some are calling the Great App Re-Architecture, as well as some real world customer case studies on how this is being applied in today’s enterprises.