For years the industry has been dancing around the realities—and subsequent challenges—of hybrid IT by calling it multi-cloud.
This is not to say that organizations are not operating in multiple clouds; they most certainly are. But it is to say that the term fails to fully capture that “cloud” is an operating model that isn’t just peculiar to public providers of infrastructure as a service. Indeed, our data has shown, year after year, that organizations operate on-premises cloud, as well as embracing its public versions.
But even that ignores the reality of hybrid IT, which has been right under our noses since cloud appeared and took business by storm. Pun intended. Because even as organizations adopted cloud, most were still dealing with traditional on-premises environments. Because most enterprises aren’t new; they’ve been operating for twenty, thirty, even fifty years. That means they’ve had an established portfolio that spans every generation of major app architectures, from monoliths to microservices, from client-server to mobile.
For this year’s annual research, we got specific about environments on-premises, because we wanted to understand the realities that our customers are facing. The data speaks for itself: enterprises have been, and continue to be, hybrid.
It’s not just the research for this report, either. When F5 NGINX polled its open source community, guess what it found (among other interesting bits)? Yes, that hybrid is here to stay.
Now, without spoiling all the findings from our upcoming State of Application Strategy report, I will say that the trend toward modern applications is strong, but there are indications that some organizations will never be “all in” on replacing traditional apps with more modern versions.
Ergo, therefore, and thusly, enterprises will remain hybrid for many years to come.
But that leads us to ask, what does that mean for security? In particular, for app and API security?
The Implications for App and API Security
If we operate on the assumption that organizations are hybrid at their core (app portfolio) as well as their operational environments, then the implications for app and API security are pretty profound.
That’s because some application environments, like containers, have unique security needs that can’t be addressed by traditional security solutions. It also means that, with apps remaining on-premises, organizations will struggle to find consistent security solutions able to span core, cloud, and edge deployments of application workloads. But wait, there’s more! Because it also means that the need for existing traditional solutions does not simply vanish, especially those that focus on protecting apps and API from protocol abuse and exploitation.
Unfortunately for organizations, hybrid IT does not—and cannot—imply hybrid security.
By hybrid security I mean mixing app and API security services from one vendor with another and another and another. While shifting security left into the app lifecycle sounds like a great solution, it too often leads to the path of least resistance—a multitude of incompatible app and API security services that complicate and frustrate efforts to secure all apps and APIs.
We’re already seeing the impact of complexity of cloud tools and APIs on organizations in the inability to consistently apply security across all applications. A mix-and-match, à la carte approach to app and API security is not working for most organizations as seen in the substantial increase in breaches over the past year attributed to vulnerabilities and exploits of—wait for it—app and APIs.
The reality of hybrid IT on security is that the patchwork, à la carte approach to securing apps and APIs is not going to work long-term. We need a better approach, and it needs to recognize that IT and the enterprise are, and will be for the foreseeable future, hybrid.
About the Author
Related Blog Posts
At the Intersection of Operational Data and Generative AI
Help your organization understand the impact of generative AI (GenAI) on its operational data practices, and learn how to better align GenAI technology adoption timelines with existing budgets, practices, and cultures.
Using AI for IT Automation Security
Learn how artificial intelligence and machine learning aid in mitigating cybersecurity threats to your IT automation processes.
The Commodification of Cloud
Public cloud is no longer the bright new shiny toy, but it paved the way for XaaS, Edge, and a new cycle of innovation.
Most Exciting Tech Trend in 2022: IT/OT Convergence
The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.
Adaptive Applications are Data-Driven
There's a big difference between knowing something's wrong and knowing what to do about it. Only after monitoring the right elements can we discern the health of a user experience, deriving from the analysis of those measurements the relationships and patterns that can be inferred. Ultimately, the automation that will give rise to truly adaptive applications is based on measurements and our understanding of them.
Inserting App Services into Shifting App Architectures
Application architectures have evolved several times since the early days of computing, and it is no longer optimal to rely solely on a single, known data path to insert application services. Furthermore, because many of the emerging data paths are not as suitable for a proxy-based platform, we must look to the other potential points of insertion possible to scale and secure modern applications.