4 minute read
Secure Your Federal Software Supply Chain with the Sonatype Nexus Platform
A better way to build software and manage open source security risk.
Control. Define open source component policies by organization, team, and application type.
Advertisement
Automate. Automatically and contextually enforce policies across your entire software development lifecycle.
Secure. Decrease false positives and negatives and reduce gaps in security and quality assurance
Integrate. Continuously visualize component intelligence within your favorite tools.
“With time, our customers have needed us to evolve and change to meet their needs. A lot of that change is driven by their end customers. When it comes to banking, for example, the idea of having to go to a brick-and-mortar bank these days is, for many of us, foreign. Even before COVID, most of us did a lot of banking online. Now, the idea of going into a branch to do something is almost nonexistent with most people under a certain age.”
As businesses move online, customers need to be able to meet that demand. “This means that they need to move closer to their customers, meaning they need to move into the cloud or the edge,” Goldfarb adds. “Because of that, they often end up with multiple cloud environments or hybrid environments that include a mix of on-premise, cloud and edge.”
Josh Goldfarb
TITLE: SECURITY AND FRAUD ARCHITECT
COMPANY: F5
LOCATION: ISRAEL
Josh Goldfarb is currently Security and Fraud Architect at F5. Previously, he served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for Pulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities.
In addition to Josh’s blogging and public speaking appearances, he is also a regular contributor to DarkReading and SecurityWeek.
F5 Distributed Cloud Explained
“So our customers needed us to support them in their journey to satisfy their customers.”
Through a combination of organic evolution and acquisition, F5 has joined its customers on that journey. “With our flagship BIG-IP brand, for example, we spent a lot of time developing and improving so that it no longer requires that the customer buy a server, it can now be deployed in cloud environments.”
With customers using increasingly complex cloud environments, a new solution was needed. Enter, Distributed Cloud.
“As our customers were trying to meet their end customer needs, most of them were getting into a situation where they had extremely complex environments – some cloud, some edge, some on-prem or private data centre – and they had entire teams dedicated to setting up and managing technology stacks for security, for development, for fraud and for IT at each of these environments.”
Through a number of acquisitions in the cloud space, in the form of Volterra, Shape and Threat Stack, Distributed Cloud was formed.
As Goldfarb explains, one benefit of Distributed Cloud is the ability to simplify the management and administration of IT security and application stack across multiple environments – whether they’re on-prem or in the cloud: “A huge win for our customers is the ability to simplify that diverse or hybrid cloud environment or multi-cloud environment. But another huge win for them is that, once I deploy and deliver my applications and APIs, I also want to secure those or protect those from security and fraud threats.
“That’s another area where, through organic growth and strategic acquisitions, F5 has been able to provide our customers the ability to protect those applications and APIs from a variety of security and fraud threats, regardless of what environment they’re in.”
JOSH GOLDFARB SECURITY AND FRAUD ARCHITECT, F5
The challenges of moving into the cloud
The rapid move to the cloud has resulted in a number of challenges which must be addressed. As organisations move to a variety of different cloud environments to get closer to their customers and maintain the same pace of innovation, it is essential for security to not be overlooked.
“Let’s say I’m a bank or a retailer and you’re my customer, and you tell me that you want a certain capability on your smartphone application for the bank or for the retail site,” Goldfarb comments. “Well, I’m going to do my best to get you that as quickly as possible.
“That might mean that, unfortunately, security and fraud are an afterthought. Or, if I include them from the get-go, I need a way to do that without being overly intrusive in the process of development and deployment.
“That is another challenge that our customers have is either trying to get security and fraud baked in without it becoming a six-month or a year delay.
And also if it hasn’t been baked in, adding it after the fact to protect those applications and APIs in a way that isn’t intrusive, that doesn’t interfere with your ability, for example, to consume what you want from that application.”
The future cloud landscape
Today, global organisations are continuing to grapple with multi-cloud opportunities and challenges. But as F5’s 9th annual State of Application Strategy Report (SOAS) found, hybrid IT is here to stay.
In 2018, 74% of survey respondents planned to deploy “up to half” their apps in “a cloud.” But today, the report found, just under half of respondents (48%) say they currently have any apps deployed in the cloud, and on average organisations deploy only 15% of their app portfolio in the cloud.
“What we see across our customers is that whereas once it may have looked like everything was moving to the cloud, the reality of the situation is it doesn’t look like that will happen,” Goldfarb concludes. “Some things will remain on-prem, some things will either migrate to the cloud. And in some cases will repatriate back to the on-prem depending on the costing.
“I think the picture for the next two to three years is one of complexity. The fact that one of our chief differentiators for our customers is our ability to simplify that complexity is going to be a huge win. I think that they’re going to find themselves continually in situations where they will have increased complexity and not reduced complexity. And we can help them with that. And I don’t see any other way around that. I don’t see the world going any other way.”
