DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. RASP's Value Is Security Coverage

RASP's Value Is Security Coverage

If you're considering RASP for your organization or app, the problem is scale. As you cover more apps in more languages using more stacks, make sure your RASP can react.

Tyler Shields user avatar by
Tyler Shields
·
Oct. 24, 17 · Opinion
Like (1)
Save
Tweet
Share
1.99K Views

Join the DZone community and get the full member experience.

Join For Free

As a former engineer, I get getting excited around toys that blink, light up, and are otherwise technically advanced and “cool.” There are lots of us in the security world. As long as I can remember, I’ve been into technology, and I’m willing to bet you have as well.

While this bias can be advantageous to a security person’s ability to learn and rapidly understand new technology, it can also lead to expenditures on new technologies that really don’t provide enough business value to warrant purchase. You have to be careful where you spend your limited security budget and make sure that the technology you are purchasing actually provides security value for your organization. Invest in technologies that make your security posture and business better, regardless of the level of hype. Invest in business value.

The Business Value of RASP

The term RASP (Runtime Application Self Protection) was coined by Gartner Research way back in 2012, establishing a market that has recently become a valuable way to secure your web applications in production. Like most emerging technologies, it took five years and required significant changes in the technology landscape to gain traction with buyers. It wasn’t just the innovation of placing runtime security directly into your application that allowed RASP to become successful. The technology rode on the back of the shift to agile development, cloud deployments, and the rise of DevOps before becoming mainstream. Enterprises had to feel the pain and difficulty of securing modern web applications before searching for alternatives to the old and failed methods of protection.

As with any technology, there is always a problem of scale that must be solved. RASP’s problem of scale is the number and type of languages or runtimes that it supports. If you can’t support all of the applications that are in use in the enterprise, the deployment value of the RASP decreases drastically. That is the biggest drawback to RASP as an isolated technology is that it works only on certain languages and runtimes, and most RASP only vendors don’t understand the breadth of security coverage that practitioners require.

Don’t Fall in Love With a One-Trick Pony

It’s one thing to perfectly support the one enterprise app that is outwardly facing, written in Java, and runs in Apache with a MongoDB backend. Protecting that one application has value, but most organizations have hundreds of applications with a variety of languages and architectures. The value of a security technology drastically changes when it can offer security for any application that you build regardless of the technology stack, physical location, and languages in use. That’s high value.

When looking into RASP technologies, you have to take into account the number of languages and runtimes that it supports, which of those you run throughout your business, and how you can leverage the purchase of this protection technology to go well beyond a single technology stack. The reality is that enterprises have multiple technology stacks, and they use those disparate technologies in a multitude of deployment locations including on-premise, cloud, PaaS, microservice, and API models.

security application

Published at DZone with permission of Tyler Shields, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Select ChatGPT From SQL? You Bet!
  • How To Use Terraform to Provision an AWS EC2 Instance
  • How to Quickly Build an Audio Editor With UI
  • Building a Scalable Search Architecture

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: