A portable binary instruction format known as WebAssembly (Wasm) for building software that runs in a memory-safe, sandboxed execution environment is about to transform how modern applications are constructed.
Originally developed five years ago by the World Wide Web Consortium (W3C) to create a common format for browsers executing JavaScript code, WebAssembly is starting to be used to rapidly build lighter-weight applications that can be deployed on any server platform. In effect, the promise of being able to write an application once and deploy it anywhere is finally being realized some 25 years after the Java programming language was first introduced.
The security benefits of Wasm are clear
Wasm isn’t necessarily going to replace existing approaches for building applications any time soon, but it does provide an alternative to serverless computing frameworks for developing lighter-weight applications that run faster.
Additionally, at a time when organizations are becoming more concerned about application security, the appeal of Wasm is clear. Existing approaches to building applications rely on the aggregation of software components that tend to lack distinct boundaries between them. As a result, it becomes relatively simple for malware to infect all the components of an application. Wasm code runs in a sandboxed environment that isolates execution environments in a way eliminates the ability of malware to laterally move across an application environment.
Consortiums are driving interest and adoption
There are two industry consortiums that are driving advances in Wasm. The Cloud Native Computing Foundation (CNCF), an arm of the Linux Foundation, this week hosted a Wasm Day during its Kubecon + CloudNativeCon North America conference to generate more interest in projects such as wasmCloud, an open-source runtime platform for hosting Wasm components anywhere. A straw poll of 93 IT professionals conducted by conducted by CNCF finds 42 percent are writing, or plan to develop, server-wide applications using Wasm, with 48 percent combining or planning to combine server-side work with client-side code.
The second consortium is The Bytecode Alliance, a nonprofit organization dedicated to creating secure new software foundations based on Wasm and the WebAssembly System Interface (WASI). Members of The Bytecode Alliance include Amazon, Intel, Google and Microsoft.
MSPs should prepare for WebAssembly growth
It’s still early as far as Wasm adoption is concerned. Support for Wasm in application development tools such as Docker Desktop are just now being made available in preview. However, managed service providers (MSPs) should expect to see much larger numbers of Wasm applications showing up in production environments next year. On the plus side, the addition of yet another format for running software is only going to increase the overall complexity of IT environments. As such, demand for managed services expertise is only likely to increase.
The important thing for MSPs to remember is that application security issues won’t suddenly be resolved because Wasm is being used to build more secure applications. The level of security technical debt that exists in legacy application environments today is all but insurmountable. However, the impact Wasm will have on application security should not be underestimated as more organizations realize just how deeply flawed the way applications are constructed really is.
Photo: Zia Liu / Shutterstock
