Application Services Update: A little more everything

Lori MacVittie Miniatur
Lori MacVittie
Published May 16, 2019

This quarter's update sees minor increases across security, performance, availability, and identity/access.

It's a rare quarter that we see only gains in application services usage. This is one of those quarters. While the gains were minimal - 1% in most categories - it's impressive to see zero decrease in usage across categories.

Of particular note was HTTP/2, which has held steady at a 2% usage rate since January 2018. This quarter saw the first increase to 3%. While still anemic compared to other acceleration techniques like compression and multiplexing, it is encouraging to see even a tiny improvement. HTTP/2 will be best put to use improving performance of traditional, chatty web applications. Modern, API-based apps like mobile and SPAs are less affected by protocol performance because their conversations are short. While they would still benefit, organizations are unlikely to see significant improvements in performance with HTTP/2 unless they're applying it to traditional, stateful web apps that reuse connections over the lifetime of a session.


Bot defense gained 1% again over last quarter, growing from 24% to 25% of organizations employing it to defend against malicious non-human traffic.

Research from F5 Labs proposes that half of all Internet traffic originates with bots. Nearly one third (30%) of these are malicious.


Use of application access and web single-sign on services were steady quarter over quarter, while web security gained 1%.

Analysis from F5 Labs revealed that applications and identities were the initial targets in 86% of breaches, making these application services critical.


HTTP compression and caching services each made gains of 1% this quarter, rising from 43% to 44% and 28% to 29% respectively.

Interestingly, SSL offload (client side) and TCP multiplexing both saw 1% gains this quarter. Both app services put an emphasis on improving performance. It is also worth noting that the percentage of server-side SSL deployed (71%) is lower than that on the client-side (83%). While client-side SSL (83%) is often deployed both as a performance-enhancing measure and in response to consumer demand, server-side SSL is typically employed to satisfy regulatory demands and industry best practices.