To understand the various challenges posed by multi-cloud adoption, Analytics India Magazine connected with Edgar Dias, Managing Director-India for F5 Networks.
The challenge of enterprise cybersecurity is growing complex every day as companies move to cloud for their operations. The situation has become more complex as the ongoing global pandemic has forced companies to go digital without the best security practices and standards in place.
To understand the various challenges posed by multi-cloud adoption, Analytics India Magazine connected with Edgar Dias, Managing Director-India for F5 Networks – one of the leading cloud and security application services providers across the world. Edgar has over two decades of experience across networking, cloud, and SaaS. He shares details of the IT threat landscape as well as F5’s India operations:
AIM: What are the main functions of F5?
F5 is predominantly an application security company that also does load balancing. So customers have started to deploy our software solutions, which have got identical capability because it is run on the same operating system on the cloud. We have moved into a multi-cloud application services platform, which means that customers will have an application system on multiple cloud platforms.
F5 software is certified and performs exceptionally well on all these multi-cloud platforms, be it on cloud or on-prem. We give customers the capability of being able to have one central console, through which they can monitor. Then they can get deep analytics around their applications, irrespective of where they are and also see security posture.
Now applications are starting to become more microservices-based, and they would not be the typical legacy applications that you have in hand. That is where we acquired NGINX, because it is not only a web server but also has a load balancing capability for very lightweight architectures and any API application architecture platform.
AIM: What is your strategy for the traffic management of cybersecurity for companies?
Today, everyone is talking about security evaluation, and most customers have thought that security was put in things like firewalls, etc. All traffic that is coming in is encrypted. All the attacks that are happening are attacks that are low on the network level, but more than the application level. And therefore, the technology that we are providing to our customers, which is our application security platform, is resonating with all of us.
The second aspect is that a lot of our customers are now aspiring towards digital transformation. This is where people are now starting up new architectures with microservices around our NGINX platform. It is becoming very relevant amid COVID-19 – how do I identify the identity and how do I then provide the capability for people to connect? We have some of the technologies that we have around API security, multi-factor authentication as well as for things like SSL VPN.
AIM: How do you coordinate security for a hybrid cloud or even a public cloud strategy?
A cloud is nothing but a shared security platform. When you are moving your application to the cloud, you are responsible for the security of your applications, the content, and the data that is there on the cloud. The second thing is that a lot of customers have taken the same architecture that they have had on-premise, and move on to the cloud. So, for example, if I had a firewall on-prem, I went and put a firewall on the cloud. However, the cloud has inbound traffic. Hence, it then becomes vital to identify who the person is; then based on the identity, provide privileged access, or go back and inspect what is happening during the session.
It is now imperative to go for advanced security based on all the security capabilities that we have. The other thing that comes in is now that the applications are hosted in the cloud, and are they going to get scraped by bots, or are they going to get attacked by malicious bots? So, companies need the ability to identify bad traffic and kill it. Then, they can start to ensure that only good traffic is there on the enterprise network.
AIM: F5 has expanded Silverline managed services offerings in India recently. How does the Silverline cloud platform help your customers?
We hear from a lot of customers and they cannot deal with complex cybersecurity issues. That, or they do not have a team of people to manage it. This is why we acquired an application security service company called Silverline, which offers very advanced DDoS capability, as well as advanced application security. This means that the customer basically tells us what application needs to get protected, and we will create the policies in conjunction with the customer and provide them with the reporting and compliance.
For example, if you are a banking customer and you want PCI reports, we will give you the PCI DSS reporting for this. So, that is one of the tactical sides of the network. But a lot of customers are looking for this concept of how do I help them improve their cyber risk. How do we ensure that applications that are across multi-cloud vendors can get protected? The other thing is how do I secure the data now with COVID-19, where people will be able to work from home? It is not only about VPN access; it is about the ability to have a workforce with identity and security. This is because tomorrow, one of the most significant issues is going to be around users working from home.
AIM: What, according to you, is the most prominent cyber challenge faced by companies in today’s world?
F5 has been sitting in front of the most mission-critical applications in the world, with 48 in the top 50 Fortune companies in the world is our firm. Our approach is that we want to expand the long tail. That is all the customer, whether you are in e-commerce, in tech, or any of these companies, basically are dealing with money and are dealing with precious intellectual property, which needs to get protected, and the web needs to advance Application Security platform. It is one of the biggest challenges that is happening today.
With F5, we can see everything right from layer three to layer seven right now, and we can inspect traffic going by building an API. And we can then learn what the kind of traffic is, that is, what happens when two organizations interact with each other on an API call. Now, I can do authentication of that other party using our authentication solution. So then, the API calls get authenticated. I am not talking to say ABC company; I can now start to learn what is the type of traffic that goes in, for example, the traffic it goes in consists of, say, a credit card information that has to be ten-digit card information with an X amount and you feel that someone is trying to create to something wrong. So we can go back and inspect the data load within the API traffic. This is just one use case and different t use cases, each dealing with the various cyber risks faced by companies.