The reason people don't realize how widespread Web Applications really are is because they're ingrained in everything we do.  Software has always been available in a client-server architecture. Gmail, Yahoo! or Hotmail are just so much a part of our lives that we've been using them for years, over a decade even (Yahoo! and Hotmail began operating in the late 90's), without realizing that we had given into the Cloud way back then.

The spread of the web has allowed for more and more web-enabled applications. Plus, it's just easier. You can update, tweak and re-vamp the Web site without even touching anything at the end-user. The user just points his web browser back at the URL and continues operating. Very few web apps actually require something to be installed at the client site.

Today this concept has just taken off, giving rise to what we could call the Cloud Computing Era. More and more applications are web enabled today, in fact users even ask for this as part of their feature requirements. Software-as-a-Service (SaaS) is now a sassy (get it?) way to go, allowing users to pay on-demand, when they want, how much they want and for how long they want.

All this is super, but now we hit the problem. Even if we assume that users are happy with the level of security, with the size of the 'cloud' increasing and the number of users increasing, this is getting harder and harder. To be able to protect applications and data in various dimensions continues to provide a challenge. Secure protocol, secure passwords and other security architecture are various pieces to a large puzzle, but security action is typically reactive. A hacker is working with outwitting what's already out there, security personnel are working with blocking whatever the hacker comes up with - and that's an unknown.

Plus, with SaaS, there is another dimension. There is also the requirement to protect user data from each other, not just from external sources. Check out Rudder, who recently managed to show users each others Bank Account info.  The problem is much more complex than it seems.

If you use Twitter, you will notice that in the last month, it has been affected by a huge amount of spam. It's not just overhead, no one wants to continue using an application that has unnecessary data and inconvenience.

Ofcourse this is just the public realm. With more and more demands for web-enabled applications, bespoke applications are also going the web way. This means that smaller organizations running these applications — either just for themselves or for their client base — but without the resources to combat the issues that say, Google or Yahoo can both comprehend and beat, find themselves staring at the wrong end of the gun.

So where does this put us? We start by converting our approach. The longer we stay reactive, the faster and bigger is the hole we're digging for ourselves. Understanding the concepts that face us is the beginning. Taking proactive measures to combat them is at best, a mid-way.

Unfortunately, the end is nowhere in sight.