Business & Technology

The Benefits of a Cloud-Native SaaS WAF Solution

By Brian Schwarz | June 25, 2019

Organizations increasingly rely on web applications to interact with customers, enhance collaboration and productivity, manage data and workflows, and put critical information and services at everyone’s fingertips. As a result, increasingly strategic tools are being built and supported by the DevOps team to support their organization’s mainline business and impacting more strategic initiatives in the company.

The challenge is that the increasing use of and reliance on web applications also expands the attack surface that security teams need to defend. Some application security can be applied using existing tools such as a NGFWs to inspect applications and traffic. But given the speed and flexibility of today’s applications – especially those that are cloud-based – and the wide variety of platforms they need to run on, relying on this sort of traditional security approach has serious limitations. A much better strategy is to appropriately integrate security solutions into the applications themselves, and then apply external security at critical places in the network through things like inspection and segmentation.

The Role of the WAF in Cloud App Development

Web Application Firewalls (WAF) now play a critical role in securing these business-critical applications, allowing certain functions and transactions to be analyzed and secured in real time as part of the application’s internal processes. The challenge is that most DevOps teams lack the security expertise necessary to deploy and manage traditional WAF solutions in addition to their job of application development and management.

The FortiWeb WAF solution – available in a variety of form factors, including physical, virtual and containerized versions – makes it easier to implement a WAF solution where and when it is needed. And now, Fortinet has announced the availability of FortiWeb Cloud WAF-as-a-Service, simplifying the process needed for DevOps teams to leverage its critical application security features and functions and integrate them into any component of an application.

How FortiWeb Cloud WAF-as-a-Service can help:

With FortiWeb Cloud WAF delivered as a SaaS solution, DevOps teams do not have any hardware or software to maintain, which means they can remain focused on the most critical job. And because the solution is provided as a cloud SaaS, deployment can be done in minutes, with minimal initial configuration.

FortiWeb provides complete protection against the OWASP Top 10 Threats, combined with a continuously updated security posture, ensuring that applications that rely on it are always able to address the latest threats.

FortiWeb Cloud WAF’s Critical Differentiators

FortiWeb Cloud WAF has a number of key differentiators that can be critical for DevOps teams to consider:

First, it leverages the public cloud to deliver a SaaS solution rather than requiring DevOps teams to stand up their own infrastructure in their own data centers. This approach delivers maximum scalability because it’s delivered as a true SaaS solution in AWS (rather than simply spinning up separate VMs for each customer), which provides low latency for performance-sensitive applications, as well as potential bandwidth savings when an application is also hosted in AWS (so organizations only pay intra-region AWS bandwidth rates.)

The next differentiator is simplified onboarding. With a true SaaS solution, there is no infrastructure to deploy, configure, or manage. In addition, it also includes a simplified default configuration out of the box, with access to advanced configurations for customers who need them. And by taking advantage of public cloud elasticity, it can be deployed in minutes – which means it is ready to go by the time the DNS changes that redirect traffic to the WAF have propagated. 

Finally, it provides robust protection backed by the same detection techniques we use in other FortiWeb form factors. As can be seen in the following image, FortiWeb secures applications using more than just rules and signatures.

Figure 1 from NSE Insider - Web Application Security

Benefits

Some of the key benefits customers from using FortiWeb’s cloud-based WAF solution include:

  • FortiWeb Cloud WAF removes the usual security friction that slows down application deployment, making it is easier for DevOps and DevSecOps teams to adopt because it allows them to focus on delivering business value. And because the system is easy to deploy, easy to use, and easy to manage, security teams can likewise focus on higher value tasks, while applications are protected against known and zero-day threats –without adding excess overhead.
  • Purchase flexibility is another critical benefit. Because purchasing is based on consumption (the number of apps protected and the volume of bandwidth used), organization only pay for what they use. In addition, it can be purchases through the AWS Marketplace or via a preferred Fortinet reseller.

Key Takeaways

Consuming WAF capabilities via SaaS enables your organization to enjoy the benefits of a cloud-native SAAS solution provisioned in the same region as your application, thereby providing low latency, a simplified regulatory environment, and reduced AWS bandwidth costs. It also enables your DevOps team to take full advantage of the agility of public cloud while relieving them of routine security maintenance and management tasks. As a result, full-featured web application security can now be deployed with minimal configuration and management, allowing your organization to proactively participate in today’s digital marketplace and business environment without ever compromising performance, agility, or security.

Read more about Fortinet's FortiWeb Cloud WAF-as-a-Service in this news release for more details.

Learn more about how Fortinet’s multi-cloud solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Read these customer case studies to see how Cuebiq and Steelcase implement Fortinet’s multi-cloud services for secure connectivity and application security.