BLOG

State of Application Strategy 2021: Unpacking the Current and Future State of Application Security and Delivery*

Lori MacVittie Miniatur
Lori MacVittie
Published April 28, 2021

*the technologies formerly known as application services

You might have noticed a few changes at F5 over the past year. First, we’re just F5 now. Not F5 Networks. Just F5. Because honestly, we’ve never been centered on the network. That was a deployment model that made architectural sense. But the focus was, and continues to be, how to speed, scale, and secure applications. Which leads us to the next change, which is to shift how we describe “what we do” from application services to application security and delivery technologies.

To be perfectly honest, that’s recently expanded to application security, distribution, and delivery with our acquisition of Volterra.

But let’s tackle one change at a time, shall we? Today I want to focus on the not-so-subtle shift from application services to application security and delivery technologies.  

Application Services 

Application delivery was, at one time, focused on solving the challenge of scale. Optimization came next, with security following close on its heels. The application delivery controller industry was born at F5 out of the need to address all three challenges—scale, speed, and security—in a cost effective and architecturally efficient way. Application services like load balancing and web application firewalls delivered by an ADC addressed both concerns while meeting the challenge of delivering and securing applications.

The focus of these technologies was on capabilities, on the functional characteristics of each service. How much bandwidth could be saved? How much faster could response time be made? How many attacks could be stopped? 

diagram 1

These are still important characteristics. More than three-quarters (79%) of respondents to our annual survey indicate that application security and delivery technologies are important to providing an extraordinary customer experience. The functional capabilities of these technologies are still an important part of their definition.

Application Security and Delivery Technologies

But digital transformation is changing the business. The journey from physical to digital brings with it a reliance on technology in every area of the business. In the past, business tracked foot traffic manually, by counting people. It tracked inventory and stock by running reports on the databases that kept track of physical things.

Today, those processes are integrated and increasingly occur via digital channels. Mobile applications and websites are used by default rather than as a luxury. Understanding “foot traffic” is now a digital concern, and it falls heavily on the technologies used to deliver those applications and websites that enable consumers to browse and purchase products. 

diagram 2

Operating in a default-digital world means the technologies that secure and deliver applications must evolve to meet the needs of increasingly digital business. That requires more than just performing functions. These technologies must also generate information about the interactions on which those functions are performed. They must generate telemetry data to describe the interaction of consumers with applications from end-to-end to uncover insights about digital behavior and buying patterns.

This is a movement we see gaining momentum today. Nearly one-quarter (22%) of organizations already consider the ability to generate telemetry an important factor when choosing application security and delivery technologies.

Peering into the Future

There’s still an empty box in my neat little chart, one that’s focused on the future. What follows data is the ability to act on the insights produced from it. The future of application security and delivery technologies rests on the ability to “close the loop,” as it were, between insights and action to bring about a desired business outcome.

For example, insights can tell us that poor performance of the payment processing piece of a workflow is resulting in abandonment of thousands of dollars per day in revenue. That’s helpful, but if we know what’s causing the poor performance—because we have data to tell us—then shouldn’t we be able to correct it?

Or perhaps the insight tells us that a rush of demand for a set of APIs used by a mobile application is likely to overwhelm the backend systems that supports it. Shouldn’t we able to automatically scale out the relevant service to avoid the inevitable crash or performance degradation? 

diagram 3

More than half (52%) reveal such intentions and expectations when they indicate AIOps will have a strategic impact on their organization in the next two to five years. The ability to automate adjustments to maintain performance and ensure security are critical to the digital experience. AIOps is one of the AI-based technologies that will provide these capabilities in the future.

These are tied, necessarily, to the application security and delivery technologies that must be able to act on the adjustments. Subsequently, these same technologies provide feedback in the form of telemetry that enables analytics to fine-tune those adjustments again. A closed loop that constantly adjusts based on analysis within the context of historical and real-time data.

When We (the corporate We) talk about the results of such a closed loop system, we call it Adaptive Applications.

The future of application security and delivery technologies is driven by digital transformation and the need to collect, analyze, and act on data to positively impact business outcomes. The future of business is digital, and that means applications—and the technologies that deliver and secure them—are the heart of business.

If you missed it, be sure to grab your own copy of the State of Application Strategy 2021, which has a lot more insights and information inside.