Page 174 - Cyber Defense eMagazine December 2022 Edition
P. 174
1: Identify Application Business Goals
Load balancing selection must be based on the outcomes of the applications, services and workloads
being serviced. Despite the general trend towards virtualizing network functions such as load balancing,
if a specific application or environment requires compliance with higher-level versions of standards such
as FIPS 140-2 or a very high level of TLS transactions, a hardware solution may be the ideal option.
On the other hand, a highly scalable and modernized enterprise deployment that is looking for high levels
of isolation combined with the ability to prevent independent tenants from impacting their neighbor’s
performance may prefer a virtual deployment of a fabric of micro-per service instances. The main point
is that instead of letting your incumbent vendor drive the development of your RFP, it’s important to first
evaluate key outcomes and objectives.
2: Consider How What You Implement Will Impact Security Posture
With the increase of cyber threats, it’s become more popular for organizations to consider how they can
apply existing components within their environments to improve their security posture. One of the most
under-utilized components is the load balancer. As the point of ingress for all client application requests
and egress for all service responses, the load balancer occupies a privileged position. When optimally
implemented with the right product capabilities, this position can be leveraged to help address security
requirements.
As an example, certain key PCI DSS compliance requirements can be addressed with the implementation
of a web application firewall (WAF). Most security-minded load balancer vendors have implemented WAF
functionality as a core load balancing function. By design, a load balancer serves as a rudimentary firewall
by preventing access to proxied services other than what’s explicitly defined to be allowed. When
combined with embedded authentication and authorization services that can be integrated with third-
party identify providers, a properly equipped load balancer can serve as a key supporting pillar of a zero
trust strategy for application access.
Additionally, as a common consolidation point for certificate management, a load balancer can further be
used as an enforcement point for the prevention of the use of insecure ciphers that provide potential
conduits for threat actors. The ability to identify the characteristics of incoming requests can also be used
to control access policies to applications and services for internal traffic versus external traffic and to
bolster a defense-in-depth strategy.
3: Ensure Licensing and Consumption Flexibility
Today’s approach to IT requires that flexibility and future-proofing are integral to all implemented
solutions. This is a critical buying criterion to support the typical office of the CIO’s objective for achieving
greater agility. One way that this emerges in the context of load balancing is around licensing and
consumption. Historically, the primary licensing of load-balancing solutions was based on purchasing
perpetual licenses on a per-instance basis combined with an annual or multi-year maintenance contract.
Cyber Defense eMagazine – December 2022 Edition 174
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.