Evolving Trends in Application Security: Insights from India’s Digital Landscape

CXOToday has engaged in an exclusive interview with Dhananjay Ganjoo, Managing Director India & SAARC, F5

1. How has the application security landscape evolved in India?

In recent years, India’s application security landscape has undergone a transformative shift due to digitalization and regulatory adjustments. Organizations are now placing a paramount focus on security measures, embedding them throughout the software development lifecycle, and ensuring compliance with regulations such as the Personal Data Protection Bill. According to our 2023 State of Application Strategy report, 48% of organizations in India have adopted a Secure Development Life Cycle (SDLC) approach to security. Integrating security practices into the early stages of the SDLC, allows security practices to be integrated early in the development process for quicker vulnerability identification and mitigation.

Furthermore, there is a growing emphasis on cloud security, particularly concerning the protection of cloud infrastructure, APIs, and sensitive data. Applications and APIs are the building blocks of the experiences through which we all work, bank, shop, access healthcare, travel, and play. Managing apps and APIs that fuel businesses has become increasingly complex because organizations operate applications with multiple architectures and deploy them across distributed environments. And the digital experiences you deliver are only as secure as the most vulnerable app or API. IT leaders today have a daunting job as they face a growing number of cyberattacks, increasing regulatory requirements, rising costs, shrinking budgets, and heightened expectations from end users around app security, availability, and overall experience.

This is where our solution, F5 Distributed Cloud Services, comes in. We offer advanced security tools like web application firewall (WAF), bot detection, and protection against attacks like DDoS. It also equips customers with end-to-end observability and real-time visibility into the entire deployment while ensuring security and increased digital experiences.

2. We are currently witnessing a rise in demand for secured digital experience among consumers, can you share some insights on the current consumer behavior towards security and convenience?

Today’s consumers are focusing on their online privacy and security. Businesses that prioritize data protection through robust encryption and multi-factor authentication earn greater trust from customers. Alongside security, consumers demand seamless digital experiences marked by accessibility and speed. According to F5’s The Curve of Convenience report 48% of Indian consumers, in the event of a data leak, are unwilling to continue to support the company involved. To cater to these expectations, organizations must focus on providing secure as well as easy access to accounts and services without unnecessary complications. The report reveals a nuanced interplay between security and convenience: 64% of Indian consumers lean towards convenience. However, when their security feels compromised, they act to safeguard themselves. Businesses face the challenge of offering secure digital experiences that remain convenient. Achieving this involves transparent, user-friendly security measures and educating consumers about security’s importance.

Improving the security-convenience dynamic can involve implementing robust security measures, such as encryption and authentication. Ensuring these measures are user-friendly and transparent is key. Educating consumers on security’s significance enhances their awareness. Offering diverse channels for customer support related to security concerns adds another layer of reassurance. Incorporating these steps empowers businesses to provide secure, yet convenient, digital experiences. This approach aligns consumer expectations with enhanced data protection, fostering a relationship of trust and convenience.

3. What are the security concerns that businesses have around multi-cloud strategy?

Due to the ever-changing technological landscape, organizations have adopted multi-cloud strategy, to tap into the strengths of various cloud providers to cater to diverse computing needs. While this evolution presents immense possibilities, it also brings along an increased set of cybersecurity challenges. As more sectors embrace digitalization, businesses find themselves grappling with the task of protecting sensitive information, their digital infrastructure, and online interactions from a growing array of cyber threats. These multi-cloud security concerns arise due to several factors:

• Increased complexity: Managing multiple cloud environments can be complex and time-consuming. This can make it difficult to keep track of all the security controls in place, and to ensure that they are all working properly.
• Differing security standards: Each cloud provider has its own security standards and practices. This can make it difficult to ensure that data is secure when it is moved between clouds.
• Shared responsibility: When businesses use multiple cloud providers, they need to understand the shared responsibility model for security. This means that each party is responsible for some aspects of security, and it can be difficult to know who is responsible for what.
• Data silos: When data is siloed across multiple clouds, it can be difficult to get a complete view of the data. This can make it difficult to identify and respond to security threats.
• Vendor lock-in: When businesses become too dependent on a single cloud provider, they may be locked into that provider’s ecosystem. This can make it difficult to switch providers if necessary.

Therefore, it is important for organizations to implement the right security controls and stay up to date on the latest threats, to reduce their risk of a security incident and protect their data.

4. Can you tell us how businesses can improve customer experience through deployment at the edge and AI assistance?

A digital business providing digital services must focus on the end-to-end process spanning the entire business unit. Focusing on just one investment, instead of making proportionate investments, will result in broken processes that ultimately impact the customer and employee experience. Therefore, mature digital enterprises today recognize that modernization must include operational, product, and business processes.

To enhance customer experience, businesses are leveraging edge computing and AI assistance that helps them get the most valuable insights out of their data. While collecting and storing data is a necessary first step, its full value can only be realized through machine learning (ML) algorithms. As a subset of artificial intelligence (AI), ML will enable us to learn from vast amounts of data, uncover patterns that were previously impossible to obtain, and make better (data) informed or critical business decisions. According to the F5’s Digital Enterprise Maturity Index 2023, most organizations, regardless of maturity level, are employing or plan to employ AI/ML across multiple domains to remain ahead of the curve.

Additionally, deploying AI algorithms at the edge to process customer requests and data in real-time helps enterprises reduce latency and ensures faster responses to customer queries, leading to improved satisfaction. Data processed at the edge also reduces the need to send sensitive customer data to centralized servers. This enhances data security and privacy compliance, building trust with customers.

5. How is F5 addressing these challenges?

In the modern business landscape, companies are relying more on applications to interact with their customers. As applications take on a central role in business operations, they are transforming into systems that prioritize APIs, microservices, and automation. However, not only businesses but also cybercriminals are adapting to this dynamic environment by developing new types of highly organized and financially driven attacks. These advanced cyber threats can circumvent established security measures like firewalls and web application firewalls.

Our Distributed Cloud WAAP solution equips customers with an advanced web application firewall (WAF), bot detection, API protection as a service, and capabilities to protect against distributed denial of service (DDoS) attacks. F5’s Distributed Cloud WAAP provides end-to-end observability and real-time visibility across the entire deployment without requiring integration and/or automation tools. This will enable our customers to have differentiated digital experiences for their end customers, strengthening customers’ trust for increased revenues.

Additionally, F5 provides traffic management solutions that help optimize application performance across multiple cloud instances, ensuring high availability and reliability. The adoption of digital infrastructure also increases the use of APIs, therefore helping businesses with API security solutions to protect against API-based vulnerabilities and attacks in multi-cloud environments.

6. Are there any new solutions that F5 has come up with to enhance security?

We continue to strive to bring solutions that will enable businesses to provide a secure digital experience for their customers. Our Distributed Cloud WAAP equips customers with an advanced web application firewall (WAF), bot detection, API protection as a service, and capabilities to protect against distributed denial of service (DDoS) attacks. F5’s Distributed Cloud WAAP provides end-to-end observability and real-time visibility across the entire deployment without requiring integration and/or automation tools.

Going beyond our existing solutions, we have recently introduced the F5 Distributed Cloud Mobile App Security Suite. Smartphones have become ubiquitous and app-driven services encompass everything from finance and healthcare to entertainment and communication. This has led to a rise in the demand for safeguarding mobile applications against issues such as data breaches, malicious bots, misuse of mobile apps, and unauthorized data exposure.

F5 Distributed Cloud Mobile App Security blends mobile app shielding with bot defense to ensure security specialists and app creators lower mobile app security risk, and protects them from compliance violations, financial loss, data leakage, fraud, customer churn, and reputational harm. The F5 Mobile App Security Suite can help organizations avoid the costs of data breaches and compliance fines. In addition, organizations can prevent bad bots from circumventing their web security defenses to attack their backend infrastructure and APIs. With the ability to deploy and scale seamlessly, you are ensured fast time-to-value and maximized ROI. This will enable our customers to have differentiated digital experiences for their end customers, strengthening customers’ trust for increased revenues.