In a recent poll jointly conducted by M-Solutions Technology and Citrix Systems, Inc. (Nasdaq: CTXS), the global leader in application delivery infrastructure, 90% of respondents in Thailand identified application security as an increasing area of concern for their business.
Citrix and M-Solutions Technology, a leading distributor of Internet Security Services and Solutions in Asia, conducted the poll at the Security Exchange 2007 event in Bangkok, where they also announced a strategic distribution partnership for Citrix web application networking and security solutions in the ASEAN markets. M-Solutions Technology operates in Thailand as a wholly-owned subsidiary of M.Tech.
More than 120 respondents participated in this poll, comprising system and network engineers, IT managers, heads of department and IT directors. These respondents represented a wide range of industries including manufacturing, government, financial services, transportation, petrochemical, healthcare and construction.
According to the poll findings, the respondents identified current/future regulatory requirements (36%), workforce mobility (19%) and business continuity (18%) as the top three trends driving their application security investments.
“Traditional IT security has solved the initial challenge of securing the corporate network,” said Yaj Malik, Area Vice President, ASEAN, Citrix Systems. “However, with increasing workforce mobility, we are seeing more corporate users choosing to work from locations outside the corporate network. Thus, the challenge now is to protect the actual applications rather than the network, and allow these applications to be accessed securely by users regardless of where they are.”
Application security is also becoming a growing concern as more and more organisations such as banks and online merchants deliver applications to consumers over the Web.
Explained Mr Malik: “Delivering applications over the Internet is the future of business in the Web 2.0 and Enterprise 2.0 world. However, the big concern is that traditional security products such as network firewalls and intrusion protection systems cannot detect attacks at the application layer. According to analyst estimates, 70% of successful attacks exploit application vulnerabilities, which then allow hackers to access the systems that store confidential customer financial and personal data.”
As a result, government and industry bodies look to regulatory and compliance measures to curb this growing problem. One example is the Payment Card Industry Data Security Standard (PCI-DSS) that requires merchants with credit card payment processes to protect their web-facing applications against known attacks. PCI-DSS recommends that merchants either review and edit the application code for common vulnerabilities or implement an application layer firewall to prevent credit card fraud, hacking and other security breaches. These options are considered ‘best practice’ until June 30, 2008, after which it becomes a requirement for merchants.
A Web Application Firewall is an emerging technology that has been proven to be the most time- and cost-effective means of securing web applications, blocking malicious attacks and also disabling unauthorised outbound transmission of confidential customer data.
In choosing a Web Application Firewall (WAF), the poll respondents listed attack detection and protection (15%), traffic throttling and blocking (16%) and management (16%) as the key factors in their purchase decision.
Sales of WAF have more than doubled during the last two years, and IT research firm Forrester expects that pace of growth to continue through 2008 with market revenue topping out at US$184 million in 2009.
A next-generation security solution, Citrix Application Firewall protects Web applications from the growing number of application-layer attacks, including buffer overflow exploits, SQL injection attempts, cross-site scripting attacks and more. In addition to proven attack defenses, Citrix Application Firewall provides identity theft protection by securing confidential corporate information and sensitive customer data.
“Web application firewalls have emerged to solve evolving security challenges. However these products need to be viewed as a component of a more holistic application security architecture that includes other technologies such as load balancers and application accelerators,” concluded Mr. Malik.
Citrix’s end-to-end application security and networking solutions deliver the fastest performance, best security, and lowest total cost of ownership while helping companies quickly adapt to business and regulatory change.