Defending the Cloud from the Edge

Techday NZ

22-05-2025

As bot, DDoS, and Layer 7 application attacks evolve to bypass cloud-native security, organisations need to take a more holistic and centralised view of securing their web applications.
Most companies started their cloud journey with a single provider judged to best fit their needs. But as specific goals and use cases evolve, it's become increasingly common for companies to have enterprise applications distributed across a diverse mix of public and private clouds.
Initially, this trend towards multi-cloud was driven by a desire to avoid vendor lock-in and to adopt best-of-breed cloud solutions. Today, the overriding concern is very much in the latter camp: matching the characteristics of an individual application to the cloud ecosystem judged best suited to that type of workload and cost.
Different cloud ecosystems are acknowledged to have particular strengths. Assuming an organisation's cloud policies are flexible enough to take advantage of these strengths, the result is an application estate underpinned by a complex multi-cloud environment.
Security is not an acknowledged 'strength' of these structures and arrangements.
The freedom of development teams to choose the public cloud they use on a per application basis has led to fragmentation in the way security and visibility is implemented at a whole-of-organisation level, and opened the door to security-related misconfigurations and attacks.
Just as every cloud ecosystem has made different architectural decisions to run certain application workloads, its approach to native, embedded security capabilities also varies.
Every cloud ecosystem has its own native web application firewall (WAF) service to protect web applications from malicious traffic and threats. While some are built around a common open-source engine, such as OWASP Core Ruleset, each cloud provider has made its own choices about default configurations and what settings can and can't be modified or customised.
So, multi-cloud means organisations are now often multi-WAF, with varying levels of protection and capabilities to detect and thwart attacks on an application-by-application basis.
This is problematic for application security at an organisation-wide level, particularly as well-known threats evolve to bypass baseline protections offered by the cloud-native security tools.
In the event that a new or evolved vulnerability or type of attack against web applications surfaces, the first question that business and technology leaders have is the degree to which they're protected or susceptible across the expanse of their cloud environments.
For organisations running multi-cloud, multi-WAF environments, this will be hard to gauge. It is not the kind of environment that is conducive to keeping pace with evolving threats.
A consistent security inspection and enforcement layer at the edge, independent of origin infrastructure, is better suited to create better protections across web applications, clouds and users.
An actionable path to security control standardisation
Recent research by Fastly shows that security solution consolidation is a priority among Australian and New Zealand organisations, with 51% attributing their interest in consolidation to improving control over security, and 44% looking for better integration of tools and data.
This is supported by the findings of Fastly's annual global security report, which found that, on average, organisations rely on 7.85 network and application security solutions, of which well over a third (37.7%) of these tools overlap. While a natural consequence of cybersecurity strategies that evolved in a piecemeal fashion over time - in this case as more clouds were added to the mix, it has saddled organisations with cybersecurity 'franken-stacks' of fragmented and overlapping tools that are expensive and complex to integrate, and that are overall ill-suited to the changing threat landscape.
For organisations in this situation, two things need to happen.
First, they should build their understanding of how the threats targeting web applications have evolved and are continuing to evolve. Three-quarters of Australian organisations have increased their use of web applications in recent years. This has coincided with a period of rapid evolution of threats against these applications, including the rise of AI-driven threats. AI has lowered the barrier of entry for attackers to evolve existing threat vectors, making it more important for organisations to have a holistic approach to application security across their application estate and infrastructure stack.
Second, organisations need to prioritise consistent, scalable, and automated defences to secure their multi-cloud environments and web application estates. Rather than continuing to run multiple cloud ecosystem-specific WAF services, it makes sense to re-architect this to have a single edge-deployed security service layer that provides consistent protections regardless of where applications reside.
Accompanying this, organisations will need to simplify and consolidate firewall policies and controls, such that there is standardisation in the way controls are applied to web applications, regardless of where they are hosted. While this will require effort for all currently-deployed web applications, consistent controls can be implemented for future web applications using DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline.
Edge cloud platforms afford organisations an 'umbrella' of security regardless of how many origins or clouds are being used to run applications. By running WAF, bot or DDoS mitigation solutions at the edge of the network, organisations can capture the majority of the noise before it reaches their cloud infrastructure, and attain full visibility via a single ingress point into their environment, reducing complexity while providing significant improvements to application security.