State of Application Delivery 2018: Application Services are the Gateway to a Digital Future

Lori MacVittie Miniature
Lori MacVittie
Published February 13, 2018
app services soad18

The primary purpose for our State of Application Delivery research is to understand the current – and predict the future – state of application delivery around the world. That means a focus on application services. These are the broad set of services covering availability, identity & access, performance, security, and mobility used every day to make apps go faster and safer.

We are currently tracking 30 distinct application services – with new ones joining when they pop up on the scene in response to some new technology or challenge. For example, we added four application services this year to reflect the growing adoption of APIs, IoT, SDN, and HTTP/2.

What we know from four consecutive years of surveying the market is that application services are pervasive. The average organization today uses 16 different services. That’s up year over year – again.


average app services time soad18

Unsurprisingly, the top five of those application services deployed today hail largely from the security category:

  1. 87% Network Firewall
  2. 85% Anti-Virus
  3. 83% SSL VPN
  4. 79% SPAM Mitigation
  5. 78% Load Balancing

That hasn’t changed much year over year. We’ve been tracking the steady ascendancy of security as the most important services to deploy. While on an individual basis, load balancing continues its reign as the most important application service, security as a whole has taken its place as the most important set of services organizations would not deploy an application without. This year, 43% told us they wouldn’t want to deploy an application without security while 33% said the same of availability. That’s a commanding lead, and one we expect to continue as attacks and exploits continue to supplant outages as “the big news” just about every day.

We also track what’s planned for deployment, because that gives us interesting insights into what’s going on inside the business. For example, this year the surprise was to see gateway services – IoT, API, SDN, and HTTP/2 – literally dominating the “will deploy” category.

planned deploys soad18

If you aren’t familiar with gateway services, these are often viewed as transitory services that assist is transitioning from one protocol to another, like IPv4 to IPv6 or HTTP/1x to HTTP/2. Others are more of a traditional gateway in that they are designed as a funnel for a specific type of application traffic where traffic is inspected, secured, authentication, and authorized. Basically, it’s a special-purpose service that provides scale, security, and access for a targeted application or protocol. These include API and IoT gateways.

The interest in API, IoT, SDN, and HTTP/2 speaks to a digital transformation-driven impetus. Faster, safer, smarter applications and endpoints that communicate via APIs is the hallmark of external-facing digital transformation. Without these gateway services, organizations would find it challenging to manage and secure APIs and new protocols specific to IoT like CoAP and MQTT. That there is significant interest in their deployment in 2018 indicates that organizations are moving forward with digital transformation (72% told us they were operating under such an initiative) and putting into place those technologies that will make it easier to succeed.

Yet another nugget we dig into is preferences as to where and how respondents want to deploy those application services. Do they want them as a managed service? Available in the public cloud? Or do they still prefer traditional on-premises options?

Turns out that ‘as a managed service’ is pretty popular, particularly when it comes to security and gateways. Of the top five services respondents wanted to see as a service, four were security and one was a gateway.

  • 28% DDoS Protection
  • 28% SPAM Mitigation
  • 28% DNSSEC
  • 27% IoT Gateway
  • 26% Botnet Protection 

“In the cloud”, gateway application services took the lead: 27% IoT gateway, 26% API gateway, 21% GSLB, 19% SDN Gateway, and 18% DNS. It was not a surprise to find that universally, a majority (greater than 50%) preferred their application services deployed on-premises. The single exception? IoT gateways.   

But just because folks prefer their application services deployed on-premises doesn’t mean they’re stuck in the 1990s. Like every corner of IT, application service architectures are undergoing their own digital transformation.

Like their decisions as to which cloud is best for an application, respondents prefer to keep their options open when it comes to how they want to deploy application services on-premises. With containers joining the traditional appliance and virtual machine as options for form factors, respondents were still heavily on the “it depends” end of the spectrum, with 40% telling us “all of the above depending on the service or location.” 9% are already on board with containers, and 30% still prefer a virtual appliance (software) while 21% are sticking with network appliances (hardware).

dx impacts soad18

Digital transformation is impacting everything from development to deployment to delivery of applications. That necessarily means application services are both being impacted with demands for new form factors (containers! cloud!) and simultaneously enabling them with services like IoT, API, and HTTP/2 gateways. 

Application services aren’t just a nice to have anymore. With scale, security, and performance key (competitive) differentiators for apps and APIs competing for consumer mindshare, application services are as critical to digital transformation efforts as the apps and APIs themselves.

For more insights on digital transformationmulti-cloud, application services, security, automation, and the continuing NetOps transformation, feel free to grab your own copy of our 2018 State of Application Delivery report and follow along on the Twitters with @f5networks and/or the hashtag #soad18. And stay tuned – we’ll have more insights (including data and perspectives not in the report) in forthcoming blogs.