Intentbased mobile app security: It's harder than you think
Thursday, March 23, 2017
John Morello |
How intent-based security might be harder to implement than it sounds, but is very possible and advantages.
Recently, intent-based security has become a buzzword and a commonly used phrase in the developer community. However, this new wave of security is much more than just a catchphrase. The concept of intent-based security adds a new level of protection to applications in containerized environments, specifically by understanding what the app is intended to do and looking for any anomalies outside of what is designed to occur. Companies who are adopting this trend find that the information coming from the developer is the key to creating a more predictable and secure environment.
Today, there is more information than ever before flowing from the developer - but that wasn’t always the case. Historically, when developers were ready to deploy their app, they’d have to work with a security team member to manually describe how the app worked (i.e. what processes it runs, what ports it uses, etc). The security team would then go into multiple tools to create rules for allowing these app behaviors. Now, when developers work on a container-based application, the artifacts they create have much of this information built in automatically. Even more can be learned through observing how the app behaves once deployed. The increase of technical information provides the automation needed to create the perfect environment for intent-based security to take place.
But even with an abundance of useful information, realizing the vision of intent-based security isn’t easy.
Lack of automation: IT departments in all industries should be more automated when it comes to app monitoring, but it’s not as easy as it sounds. Despite popular belief, monitoring in many orgs still requires human diagnostics and heavy insight from IT teams. If IT teams are unable to automate the monitoring apps sufficiently, then they can’t determine what the ‘normal’ baseline is, thus determining if there is a sign of a security problem. To combat this problem, automation and monitoring should be a top priority for any CIO and CTO - and building their teams with employees who have the same ideals and standards.
High rate of change: Many companies decide to integrate DevOps into their organization to shorten development cycles and increase efficiency. Build cycles used to take up to six months, but now take only hours when the development and operations teams work cohesively. This continuous integration means that the code and applications are constantly changing and being updated. Apps are no longer deployed and expected to run unaltered for months or years - they may be updated multiple times a day. Constant change is usually seen as a benefit for DevOps, yet when it comes to intent-based security, it can be tricky to correlate intent to each app iteration due to frequent updates. It’s crucial that dev and security teams have tooling that monitors the application throughout its lifecycle to ensure it’s doing exactly what it’s intended to do.
Broad dimensions to look across: Analyzing and monitoring an application’s process activity is important to understanding intent, but developers shouldn’t just stop there. In order to build a strong line of defense, developers should also be able to describe how the app works across multiple dimensions including system calls, networking and storage. Deciphering the intent in all of these categories is important, but having more areas to monitor makes it harder for dev teams to be successful.
Intent-based security can be a great thing for companies who want to add a new level of protection to applications in containerized environments. Of course, with every technology there can be roadblocks. But being aware and having a clear understanding of them will make each security, IT or dev team that much more successful.
This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.
Today, there is more information than ever before flowing from the developer - but that wasn’t always the case. Historically, when developers were ready to deploy their app, they’d have to work with a security team member to manually describe how the app worked (i.e. what processes it runs, what ports it uses, etc). The security team would then go into multiple tools to create rules for allowing these app behaviors. Now, when developers work on a container-based application, the artifacts they create have much of this information built in automatically. Even more can be learned through observing how the app behaves once deployed. The increase of technical information provides the automation needed to create the perfect environment for intent-based security to take place.
But even with an abundance of useful information, realizing the vision of intent-based security isn’t easy.
Here’s why:
Lack of automation: IT departments in all industries should be more automated when it comes to app monitoring, but it’s not as easy as it sounds. Despite popular belief, monitoring in many orgs still requires human diagnostics and heavy insight from IT teams. If IT teams are unable to automate the monitoring apps sufficiently, then they can’t determine what the ‘normal’ baseline is, thus determining if there is a sign of a security problem. To combat this problem, automation and monitoring should be a top priority for any CIO and CTO - and building their teams with employees who have the same ideals and standards.
High rate of change: Many companies decide to integrate DevOps into their organization to shorten development cycles and increase efficiency. Build cycles used to take up to six months, but now take only hours when the development and operations teams work cohesively. This continuous integration means that the code and applications are constantly changing and being updated. Apps are no longer deployed and expected to run unaltered for months or years - they may be updated multiple times a day. Constant change is usually seen as a benefit for DevOps, yet when it comes to intent-based security, it can be tricky to correlate intent to each app iteration due to frequent updates. It’s crucial that dev and security teams have tooling that monitors the application throughout its lifecycle to ensure it’s doing exactly what it’s intended to do.
Broad dimensions to look across: Analyzing and monitoring an application’s process activity is important to understanding intent, but developers shouldn’t just stop there. In order to build a strong line of defense, developers should also be able to describe how the app works across multiple dimensions including system calls, networking and storage. Deciphering the intent in all of these categories is important, but having more areas to monitor makes it harder for dev teams to be successful.
Intent-based security can be a great thing for companies who want to add a new level of protection to applications in containerized environments. Of course, with every technology there can be roadblocks. But being aware and having a clear understanding of them will make each security, IT or dev team that much more successful.
This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here