The reason people don't realize how widespread Web Applications really are is because they're ingrained in everything we do.  Software has always been available in a client-server architecture. Gmail, Yahoo! or Hotmail are just so much a part of our lives that we've been using them for years, over a decade even (Yahoo! and Hotmail began operating in the late 90's), without realizing that we had given into the Cloud way back then.

The spread of the web has allowed for more and more web-enabled applications. Plus, it's just easier. You can update, tweak and re-vamp the Web site without even touching anything at the end-user. The user just points his web browser back at the URL and continues operating. Very few web apps actually require something to be installed at the client site.

Today this concept has just taken off, giving rise to what we could call the Cloud Computing Era. More and more applications are web enabled today, in fact users even ask for this as part of their feature requirements. Software-as-a-Service (SaaS) is now a sassy (get it?) way to go, allowing users to pay on-demand, when they want, how much they want and for how long they want.

All this is super, but now we hit the problem. Even if we assume that users are happy with the level of security, with the size of the 'cloud' increasing and the number of users increasing, this is getting harder and harder. To be able to protect applications and data in various dimensions continues to provide a challenge. Secure protocol, secure passwords and other security architecture are various pieces to a large puzzle, but security action is typically reactive. A hacker is working with outwitting what's already out there, security personnel are working with blocking whatever the hacker comes up with - and that's an unknown.

Read the rest of this post »