Featured Article

Bake Security Into Your App Delivery Pipeline? It Should Be Easy.

Published December 04, 2018
  • Share via AddThis

Anyone who has ever fed a group of teenagers after intense physical activity (sports practice, a major hike, the latest crazy thing they got themselves into) understands the tradeoffs. What’s called for is calories. Lots of them, delivered fast. It’s not that other food types don’t matter. Nutrition and taste are important too—in theory. But when the ravenous horde descends, speed and effectiveness trump all. This isn’t the time to plate microgreens. This is the time to pull butter- and cheese-laden pasta dishes out of the oven and hand out forks.

Teenagers are notorious short-term thinkers. Businesses, by contrast, are run by adults who take a long-term perspective and prioritize things like safety and sustainability over short-term goals. Except in your office. In your office, application security strategy is as much about finding security tools the business will actually adopt as it is about crafting the ideal policies and processes. In other words, if you want to improve the security of your apps, you have to slip controls into the cheese sauce.


But it’s important that you do. A recent study by F5 Labs found that applications were the initial targets in 53 percent of data breaches, yet organizations continue to struggle to improve application security.


To be fair, businesses are under enormous pressure to deliver apps quickly. And application developers necessarily prioritize the features their customers demand over ensuring every third-party library embedded deep in the bowels of the application is updated with the latest security patches.

It’s because businesses want developers focused on creating value. To be successful and effective, security solutions have to be embedded into the software delivery toolchain.

That’s where F5 can help. BIG-IP Cloud Edition makes it easy for developers to deploy industry- leading F5 Advanced Web Application Firewall (WAF) in front of their applications via an API call or visual interface. BIG-IP Cloud Edition also gives network operations the ability to define the security policy for each application and to provide that security at the application layer.


Application owners do care about security, but they aren’t security experts. In the absence of other options, most devs reach for open source solutions that provide some protection. Problem is, most free tools aren’t up to the task of dealing with sophisticated automated attacks like bots, botnets, credential theft, credential-stuffing attacks, and app-level DOS attacks.



Why skimp on security, given the risks? Because the alternative is perceived as unacceptably burdensome, potentially involving lengthy code and security reviews or complex mitigations that delay the deployment of features customers want. BIG-IP Cloud edition decouples application security policy development from deployment. Security policies can be developed and reviewed independent of application development and deployment cycles. Updated policies are inherited automatically when the app is deployed or redeployed.


Security experts are in short supply and not every organization has people on staff who can craft sophisticated WAF policies. That’s why BIG-IP Cloud Edition ships with a prebuilt security template that can be used out of the box. While the template can be tuned to meet the needs of individual applications, it also provides a significant boost to your app security posture without requiring specialized skills to implement.

BIG-IP Cloud Edition makes it easier to bake hardened security policies into your application delivery pipeline. Because, in the end, the only effective security policies are the policies your teams actually use.

Learn more at f5.com/cloudedition.