솔루션
솔루션
Digital Workspaces

VDI 및 DaaS

통합 엔드포인트 관리

Secure Access Service Edge(SASE)

애플리케이션 딜리버리

SD-WAN

보안 액세스

Content Collaboration

협업 업무 관리

분석

사용 사례별

IT 현대화

클라우드로 마이그레이션

비즈니스 장애 방지

DaaS 구축

안전한 분산 작업

제로 트러스트 보안 구현

SASE로의 전환 가속화

앱 및 API 보호

생산성 향상

직원 복지 지원

하이브리드 인력 지원

직원 경험 전환

모든 사용 사례 보기

업계별

의료

교육

공공

금융 서비스 산업

제조

리테일

Citrix Workspace란 무엇입니까?

알아보기
제품
제품
Citrix Workspace

Citrix ADC

Citrix Analytics for Performance

Citrix Analytics for Security

Citrix Content Collaboration

Citrix Endpoint Management

Citrix SD-WAN

Citrix Secure Internet Access

Citrix Secure Workspace Access

Citrix Virtual Apps and Desktops

모든 제품 보기

Citrix 온라인 스토어

Citrix 온라인 스토어에서는 Citrix Workspace, App Delivery & Security 제품을 구매하거나, Citrix의 제품, 서브스크립션에 대해 알아보고 견적을 요청할 수 있습니다.

Citrix Workspace App 다운로드

Citrix Workspace App은 손쉽게 설치할 수 있는 클라이언트 소프트웨어로서 업무를 수행하는 데 필요한 모든 것에 완벽하고 안전하게 액세스할 수 있게 합니다.
자료
자료
블로그

Fieldwork

트러스트 센터

이벤트 및 웨비나‭

Tech Zone

개발자 포털

고객 사례

직원 경험 전환

보고서 확인

직원 복지 지원

보고서 확인
고객
고객
도움말 보기

지원 개요

채팅하기

지식 센터

제품 설명서

다운로드

고객 성공

성공 프로그램

컨설팅 서비스

교육 서비스

온보딩 및 채택

고객 사례

추가 지원 서비스

성공 센터

클라우드 전환 경로를 탐색하기 위한 전문가 지침, 자료 및 단계별 지침을 얻을 수 있습니다.

클라우드 학습 시리즈

Citrix 클라우드 서비스를 최대한 활용할 수 있도록 클라우드 계획, 구축 및 관리에 대해 알아보십시오.
회사
회사
회사

회사 소개

사회 공헌

다양성과 포용력

지속성

Citrix 뉴스

파트너

전략적 제휴

Citrix와의 협력

Partner Central

Citrix Ready Marketplace

지역별 파트너 찾기

업무 2035

사람들과 기술이 새로운 업무 방식을 선도하게 될 방법

보고서 확인

What is application security?

Application security (appsec) refers to technology, tools, and processes intended to protect applications—including web applications, cloud applications, and SaaS apps—from internal and external threats. Because web applications often contain sensitive data and are available over multiple networks, web application security has become a key part of cybersecurity strategy. Web application security solutions can include hardware like an encrypted router, software like security analytics, and app delivery tools like an application delivery controller with an integrated web application firewall and runtime features to protect APIs.

What is cloud application security?

Cloud application security is solutions and practices to protect data exchange inside collaborative cloud environments such as Slack, MS Office 365, and Sharefile. Common cloud application security measures include application security testing and secure web gateways to protect branch users. Because of the increasing popularity of cloud and SaaS apps, IoT devices and hosting applications in the cloud, cloud application security is an important part of any application security solution.

Another important element is cloud application security architecture. As enterprise technology infrastructure continues to evolve toward hybrid cloud deployments and multi-cloud environments, it is important for enterprises to have a holistic view of how their cloud application security is configured. This is known as cloud application security architecture. By assessing their cloud application security in context of cloud connections like enterprise data center deployments, application gateways, cloud services, and identity verification systems, enterprises can design a cloud application security architecture that protects sensitive data inside cloud apps.

Why is enterprise application security important?
What are common application security tools?
Application security best practices

Why is enterprise application security important?

While enterprises have relied on applications for decades, most of the business apps that end users demand are web apps or cloud applications. It’s also common for enterprises to rely on cloud storage and cloud deployment for their applications. This increases their risk of attack, as web server technology, data cases, and website-enabling technologies such as CGI, Java, JavaScript, PERL, and PHP all have underlying security vulnerabilities. Browsers and other client applications that communicate with web-enabled applications also have weaknesses that bad actors can exploit. Because all these web applications are connected to multiple networks and/or clouds, a breach of one web app can easily compromise an entire enterprise.

43 percent of breaches include attacks on web applications¹. In addition, as enterprises rely more on cloud services, it is likely bad actors will increase attacks on cloud apps, apps hosted from a cloud infrastructure, and other cloud resources. Most cloud application security breaches are motivated by a desire for money, often by obtaining and ransoming sensitive data and private information, or by gaining unauthorized access to and control of a website or web server. To mitigate security risks, enterprises need software security solutions that cover their entire app infrastructure, including cloud applications, mobile applications, and SaaS apps.

What are common application security tools?

83 percent of applications have security flaws, with 1 in 5 applications having at least one high severity flaw². This in mind, the best web application security is multi-layered to protect web and cloud applications from multiple attack vectors. There are many application security tools, which can be divided into security at the development level and security at the IT level.

Application security at the development level

Securing applications begins with the software development lifecycle by creating source code using secure development practices (This is related to DevSecOps.). Secure coding requires an awareness of common threats to web applications, such as sql injection, DDoS, malware, denial of service, and broken authentication. The OWASP Top 10³ is a popular list of web application security threats that developers should address in their source code. Because software updates can create new application vulnerabilities, it’s important for developers to use application security testing to find flaws over the lifespan of an application. This is especially true of open-source applications because it’s easier for bad actors to find vulnerabilities.

Gartner says that IT managers need to protect against common attack methods rather than only identifying application development security errors⁴. This is especially true when organizations rely on web applications that they have not built themselves. Software security requires a defense that can block both known attacks with identifiable histories and characteristics as well as unknown attacks, which are often detected because they look different from the normal traffic to an organization’s websites and web services.

Learn how Citrix Application Security can help maintain a consistent security posture.

By simplifying the process of protecting your ecosystem of apps and APIs, Citrix application security empowers IT with holistic visibility to stop threats before they before breaches.

Explore Citrix Application Security

Application security at the IT level

Secure application delivery
As more organizations adopt multi-cloud infrastructure, they need a strong application security posture that can protect APIs as well as monolithic and microservices-based applications. The best solution is having strong application delivery security, which includes an application delivery controller (ADC) that shares a single code base across all ADC form factors. This makes it easier for IT to apply consistent security policies across multi-cloud environments, such as whitelisting or blacklisting certain IP addresses or using TLS to encrypt APIs in transit between the client and API server.
Application delivery management
Another common application delivery security solution is to pair an ADC with an application delivery management (ADM) platform. ADM solutions provide visibility into monolithic and microservices-based application delivery across distributed environments. This gives IT admins insight into the performance and use of apps and APIs to flag suspicious activity or diminished performance.
Application data security
Because applications access data from across the enterprise, application data security is key. Common application data security methods include centralizing and hosting sensitive data inside the enterprise data center, adopting secure file sharing to reduce data loss, and containerizing data in transit and at rest. These measures help ensure that applications only access data that they need, and that this access is secure from cyberattacks.
Web application firewall
Because new threats to web applications are constantly emerging, it’s important to protect web apps from both known and unknown attacks. Web application firewalls are a proven solution, especially when they employ a positive security model that uses AI and machine learning to monitor user interactions and app behavior. This enables organizations to mitigate unknown attacks, provides insights for faster remediation, and helps ensure compliance for standards like PCI-DSS. Web application firewalls are often integrated inside app delivery controllers, but they are also available as a standalone or hosted service.
Access security and application security policy
Cloud applications can be accessed by remote workers from essentially anywhere. This makes it important for organizations to adopt application security policy tools that ensure secure, contextual access to these web and cloud apps in order to keep out bad actors. Access control is closely related to zero trust security because it forces remote users to verify their identity with multi-factor authentication before it grants access to cloud applications. To simplify the user experience of application security policy tools, single sign-on (SSO) solutions are a popular way to combine secure access with ease of use.
Secure digital workspace
Employees want access to cloud applications and applications hosted in the cloud from all kinds of mobile devices, even personal ones. To enable bring your own device (BYOD) policies while also protecting applications, it is helpful to have remote workers sign into a secure digital workspace to access all their cloud apps. This improves data security and cloud application security by providing everything employees need for work in one workspace and enabling IT to apply additional security protocols for that workspace, such as an on-premises data center firewall.
Network security
When remote workers and branch employees need to access cloud applications, they can rely on local internet connections that lack strong cybersecurity. To protect this attack surface from local internet breakout, organizations should adopt a consolidated SD-WAN solution with strong security at the WAN Edge. This should include a stateful firewall that allows IT teams to centrally define traffic policies that limit or reject traffic by applications and zones.
Monitoring and analytics
Even with regular application security testing and other cloud application security, it’s important for organizations to have visibility across all SaaS, cloud, and mobile apps and how they are being used. This is where application monitoring and analytics come in. These tools provide continuous risk assessment across all users and applications, flagging unusual behavior to detect an external or internal threat before it leads to a breach. It is common for app monitoring and analytics tools to be integrated in application delivery management solutions to provide visibility across all environments in an organization’s app delivery infrastructure.

Application security best practices

Because large organizations rely on an average of 129 different applications⁵, getting started with application security can seem like a big challenge. Nevertheless, every organization can begin to improve its application infrastructure security by following these application security best practices:

Application security assessment
The first application security best practice is to conduct an application security assessment. This shows you what applications you have, who uses them, and which compliance or regulatory mandates you need to follow. The first point gives you an accurate assessment of which applications you need to test and secure, and the second point will help you create zero trust and access security protocols that fit your organization. Finally, the compliance question will help you know how best to ensure data security for any private information that your applications can access. Mandates like PCI DSS and HIPAA have their own rules for how data in web applications must be secured.
Application security testing
Once you have a clear view of all the applications and users you have, it’s time to test the security of your cloud and web applications. This application security best practice will help you identify potential vulnerabilities and security issues in these applications to prevent future breaches. It is helpful to use third-party security testing tools or penetration testing services in order to avoid potential biases or internal blind spots.
Address vulnerabilities
Now that your testing has revealed potential vulnerabilities in your applications, the next application security best practice is adopting a security program to address these weaknesses. This could mean implementing a strict software updating schedule to ensure everyone in your organization is using the latest security patches. It’s also a good idea to engage outside technology vendors or security teams who can help you secure your access security, information security, and mobile security. This will help you adopt the application security tools that fit your application portfolio instead of paying for what you don’t need.

Additional resources

Next step

Explore Citrix Hypervisor

¹Verizon 2020 Data Breach Investigations Report
²Veracode
³OWASP
⁴Gartner
⁵WSJ

Citrix Workspace App 다운로드

IT 현대화

안전한 분산 작업

생산성 향상

도움말 보기

고객 성공