Application Security, Where It Belongs

In the early days of networking, IP routing was software-only, but it moved into hardware as demand increased and performance became paramount. It's the same for application logic today. As networks become "smarter" and begin to handle application protocols like SOAP, they can secure those protocols more effectively through hardware-assisted acceleration. That's something software just can't do. Already, most distributed systems require that some security reside outside the application, on the network.

That said, some security should--and always will--remain in the application. For example, applications always should perform input validation and business logic-related security, such as checking for excessively large purchase orders.

Still, it would behoove the industry to begin moving application security functions, such as data scrubbing and protocol validation, into hardware. These security functions need to move outside the application to achieve the low latency that today's end users demand.

Vendors like DataPower and Forum Systems, which offer XML and SOAP security products, and Seclarity, which won a Best of Interop award at the show for its "security on a NIC" strategy, demonstrate that some security functionality is best implemented in hardware by those with the firmest grasp on security.