Application data security versus network security

1110 pts.
Application security
Data Security Program
Network security
Network Security Management
Network Security Policies
What are the pros and cons of application data security versus network security? Which do you recommend devoting more budget funds to?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Let’s talk of application vs network in relations to your data.

Network security is easier to implement, as you have much less technologies to deal with.
However, dealing only with network security is like picking the low hanging fruit. It attempts to solve only the data-in-transit issue, and does not, cannot, deal with data-at-rest or data-in-process.

Application security, on the other hand, deals with the entire data processing stack, and when properly done can help you deal with untrusted and extended networks and de-perimeterisation of networks. See work done by the Jericho Forum.

I recommend putting your efforts and dollars into Application security. Application and platform hardening, SDLC, enterprise security guidelines and developer security awareness will take you today a longer way towards security and compliance than more network tools.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    application data security versus network security? Can you define what you mean by those? Also, what platform will the "application" run on? A system that uses direct-attach terminals, for example, with no need for "network" access (e.g., ODBC), can get along fine with just application security in almost all cases. There's no need for any dollars to be spent on network security at all -- there are no network interfaces that need to be secured. But that's a pretty uncommon setup nowadays. Also, if object security is appropriately configured, it should be irrelevant if access is through "application" or "network" (however those are defined). If a user isn't authorized to access an object, the permissions shouldn't magically elevate because ODBC (or whatever) is an intermediate access protocol. Also, if network interfaces are available, are you thinking in terms of operating system or related vulnerabilities that might be exploited to elevate authority? Obviously in those terms, "application security" (whatever that might be) can become totally ineffective. I'm not at all clear on how you are thinking of the difference between the two. Tom
    125,585 pointsBadges:
  • Saj7
    Network Security is not easier to implement..  It's like an Architect job who design Malls and bridges so as network guys design the network. It is not anyone's cup of tea..  For Securing Network you need to understand Network very well however for securing Application you don't need to be rocket science. Many teenagers hack the websites so are they well qualified developers???..

    Invest you money to build NETWORK and began to Secure it.. That's the right choice..

    15 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: