Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cloud advantage or cost?

1 August 2019 Information Security, Infrastructure

It seems as though each day brings another article about IoT, big data analytics and cloud architectures talking about the unlimited potential for companies trying to gain a competitive edge in an increasingly digital world. Early adopters, who are a bit further along the road to digital transformation, are already enjoying some the benefits of the public cloud, like economies of scale, utility billing and more.

“What may not be entirely clear, however, is how the shared security model of the public cloud affects your security responsibilities,” says Simon McCullough, major channel account manager at F5 in South Africa.

“While cloud providers typically do an excellent job of managing the security of their physical data centres, infrastructure and rented systems, they can’t do much about the things businesses deploy or put in the cloud, namely applications, services and data.”

At the same time, according to F5 Labs research, 53 percent of data breaches initially target the application layer, so, no matter how you look at it, security in the cloud is as important as security in traditional data centres.

Speak to any business owner who’s felt the effect of a breach and you’ll be told that a robust and agile web application firewall (WAF) isn’t a “might do” any more but is rather a non-negotiable.

Traditionally, says another F5 white paper, WAFs were deployed as hardware appliances on premises in enterprise data centres. With applications migrating to cloud-based Infrastructure-as-a-Service (IaaS) environments and organisations leveraging cloud Software-as-a-Service (SaaS) apps, security teams are challenged to protect applications beyond the data centre—without compromising performance, scalability, and manageability.

Enter the WAF

“In our report, titled The Hidden ROI of Cloud-Friendly Security, we talk about the fact that 40 percent of all traffic can be unwanted bots, malware, scanners and the like and that you, as a business, are paying their way,” he continues.

“Most businesses are billed on a utility basis when it comes to traffic for applications in the cloud and incur real, quantifiable costs every time a bot makes a request of any resource associated with your cloud account. This means companies are likely paying hefty bills as a result of non-customer traffic.”

Deploying solid security tools, like Application Delivery Controllers (ADCs) and WAFs in front of cloud-based apps can protect these applications and save money by filtering out costly, unwanted traffic while effectively reducing the resources allocated to servicing bots and scanners.

“Using an ADC or WAF in the cloud can deliver measurable return on the cost of your investment while ensuring services stay available and secure,” says McCullough.

Security tool choice matters to the cloud

Anton Jacobsz, managing director at Networks Unlimited Africa, a value-added distributor of F5 in Africa, says it doesn’t end there. “Good security tools can better enable and inform business intelligence,” he says. “A WAF or ADC can make it easier to analyse traffic patterns and data to and from the cloud-based web applications and, with that data at hand, businesses will be better equipped to make resource management decisions that can cut costs quite dramatically.”

According to the 2017 WhiteHat Security Application Security Report, almost all apps contain three or more vulnerabilities, with half of those being critical. This equates to an increased risk of data loss, theft or denial of service if not remedied quite quickly – which is where WAFs can help.

Development teams are now able to use the capabilities inherent to WAFs to address OWASP Top 10 risk areas, mitigating layer 7 DOS attacks, detecting and managing bot activity and foiling zero-day attacks.

“This is all outside of, and without interruption to, normal development cycles,” says Jacobsz. “Behavioural analysis can also prove to be very effective in identifying patterns and managing traffic to and from your cloud-based web applications.

“And, while these capabilities can be difficult to build and manage on your own, a solid security solution provider will help make the implementation of these services simple and effective.

“You may not suspect anyone of targeting your business but those of a trusting nature are a cyber criminal’s dream,” he says. “The safest approach is to implement security tools that can not only help reduce costs but can also provide the right level of protection for the smooth operation and success of cloud-based applications.”

For more information, contact Esti Bosch, Networks Unlimited, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.