State of Application Strategy 2022: The Future of Business Is Adaptive

Even before the COVID-19 pandemic drove organizations to rapidly digitize interactions with customers and partners and between employees, most were already on a journey to digitally transform their front-end operations. Widespread adoption of technology solutions ranging from video conferencing and digital banking to media streaming and vaccine passports has transformed the way we work, pay for things, relax, and gain access to society.

The findings laid out in our 8^th annual State of Application Strategy Report—announced today—show that nearly every business has become a digital business, leveraging technology to deliver more immersive and seamless experiences to customers, partners, and employees alike. However, while organizations are racing down the road of digital transformation, many of them are struggling with traditional IT processes that simply aren’t fast or flexible enough to keep pace. Significant additional progress requires adopting new approaches for managing telemetry, data, and application security and delivery technologies across today’s distributed architectures.

As in prior years, F5’s State of Application Strategy Report is based on primary research surveying organizations around the world. This year, after analyzing what our survey respondents told us, we identified six themes describing how companies are working to make their digital businesses more responsive and better suited to serve and protect their customers, partners, and employees—now and in the future.

They’re extending app modernization efforts from the front office to the back office

While 7 out of 10 organizations continue to prioritize improving the customer experience in their digital transformation initiatives, they’re also starting to address internal processes to further boost business agility. Specifically, IT operations is evolving to support and enable the business through more automated processes and optimizing applications through feedback loops fueled by real-time data. Driven by the imperative to deliver more, faster, organizations across all industries and regions are broadening the scope of their modernization efforts to include more back-office functions, such as HR, finance, and legal processes.

They’re working hard to combat the rising complexity and risk inherent in their increasingly distributed and heterogeneous application portfolios

Whatever the size of the business, application portfolios are growing more and more complex. 88% of organizations continue to manage a mix of modern container-native and mobile applications in addition to legacy applications that remain critical to business operations and success. And they’re doing it across a variety of infrastructure environments, with the average organization operating applications in nearly three public and three private clouds—in addition to the growing popularity of edge deployments. According to respondents across industries, the toughest challenges arising from these distributed architectures include inconsistent security policies and poor end-to-end visibility due to fragmented data.

They’re choosing the best deployment model and location for application security and delivery capabilities

Whether organizations have chosen to deploy their applications on premises or in public clouds, the responses to this year’s survey show that the application security and delivery capabilities that support those apps are increasingly deployed in the location where and model in which they can be most effective, rather than being bound to applications they serve.

On average, organizations use 21 different application security and delivery capabilities—from load balancing to web application firewalls and anti-bot solutions—to secure their apps and improve the digital experiences they offer their end users. Having flexibility in where and how these capabilities are deployed gives organizations increased agility, but it also creates more complexity. Plus, it exacerbates a problem that’s existed for years: the challenge of maintaining consistent policies across hybrid- and multi-cloud architectures, which becomes even more critical as application portfolios grow increasingly distributed.

They’re embracing the unique capabilities of the edge for both their customer-facing and internal workloads

According to respondents to this year’s survey, the edge is the next frontier in their multi-cloud architectures. 84% of organizations are planning to deploy workloads at the edge to enhance digital experiences for both customers and employees. And aligned with a focus on modernizing internal or back-office processes, 32% of respondents reported that greater operational efficiency was a key desired outcome from their edge deployments. Organizations focused on agility (both for today and tomorrow) plan to use the edge to collect and harness the telemetry that will enable applications—and the business—to adapt in real time to customer demands, new opportunities, and always-changing security threats.

They’re making thoughtful tradeoffs between security, compliance, performance, customer experience, and cost

This year’s survey results showed closer alignment between IT and business leaders on the importance of defending not just the business itself but its infrastructure and applications as well. Still, more than three-quarters of survey respondents admitted that, if given a choice, they’d turn off security measures for even modest improvements in performance. This reflects an understanding that running a secure and successful digital business isn’t solely about protecting it from attack. Instead, savvy organizations are working hard to balance security and compliance concerns with performance, the customer experience, and, of course, cost.

The adoption of this more nuanced perspective of risk management vs. total threat eradication is driving renewed focus on and innovation around identity-based security. The concept of a “user” no longer includes just humans but now also encompasses sensors, machines, microservices, and applications for which the organization must ensure secure and appropriate access. In addition, organizations understand that application security also requires secure API connectivity, and 78% have already implemented API security measures or plan to within the next 12 months.

They’re modernizing IT operations with site reliability engineering (SRE) approaches

It’s not all full steam ahead on the road to enabling truly adaptive applications that will support digital business. Potential pitfalls include a lack of visibility into distributed applications, a dearth of skilled professionals, and the need to modernize IT processes and technologies that support the apps that drive the business.

More than three-quarters (77%) of organizations say they’re now adopting or plan to adopt software site reliability engineering (SRE) approaches. This can be an effective way of modernizing IT operations and managing their applications in a more cloud-like manner. The organizations that report adopting SRE practices are nearly twice as likely to be planning AI use for business and security purposes and three times more likely to manage applications in multiple clouds.

It's true that SRE practices can help organizations boost efficiency, performance, and automation with data. But to respond in real time to changing circumstances—and eliminate the dangers of inconsistent policies and a lack of end-to-end visibility across distributed applications—organizations must give application security and delivery technologies a more central role in supporting their digital business.

Learn more about what that means and see how your organization stacks up in the 2022 State of Application Strategy Report.