Office of the CTO

The year 2022 will be remembered as the year the industry finally reconciled itself to the fact that IT is and will be for the foreseeable future, hybrid. The question is, what does that mean for security and, specifically, for app and API security.

Experience is based on perspective, and since you can't build perspective, focus needs to be directed toward architecting a digital service that addresses the technical requirements of a positive digital experience: availability, security, and performance.

Today's enterprise architectures lack the necessary factors of agility, scale, security, and observability, which are key to driving technological change, but these six core capabilities will help businesses manage risk and challenges throughout their digital transformation.

Learn how artificial intelligence and machine learning aid in mitigating cybersecurity threats to your IT automation processes.

The explosive and expansive use of APIs is contributing to the rise of headless architecture and providing GraphQL a prominent place in this neomodern application architecture.

Businesses are on a digital transformation journey and the quality of their digital services impact the digital experience of their consumers—be it human, software, or system. App delivery and security is critical to supporting these digital services and enabling companies to compete in a digital world.

Today’s xPU technology is the enabler for economies of scale because it exponentially improves performance and drives digital transformation through a specialized piece of hardware that contains specific acceleration functions in silicon that are meaningful to networking and applications. But to leverage the maximized computing and processing power of xPUs, organizations need to modernize their enterprise architecture around their applications.

Measures being taken to address the shortage of cyber security professionals need to be corrected. There's a leadership shortage, not a talent shortage. Organizations need to address these challenges by creating actionable plans to foster the sustainability of their security programs and people.

Organizations hold latent value—in the form of internal APIs—that they need to tap into in order to compete in an API economy. While security and technical challenges deter some, businesses need to recognize that inverting their APIs will unlock the value of the enterprise as a platform.

Zero trust security is not achieved with the implementation of one specific technology product. It is a mindset that embraces a set of assumptions, which results in the use of distinct tools and technologies, such as bot protection and web and API security.

The whole technology industry shares interest in confidential computing and establishing standards due to its ability to protect sensitive data where cryptography falls short—in processing. Its design will be the enabler of securely leveraging the benefits of cloud and edge infrastructure.

Security Rule Zero is a core component of Zero Trust and leads to more efficient, safer services and APIs.

Hardware and software have evolved rapidly since the early days of the internet, but to take full advantage of their ensuing benefits organizations must evaluate and modernize their infrastructure and app delivery. Accelerate modernization efforts with our new F5 rSeries.

Organizations face friction on their digital transformation journeys that can only be addressed with a modernized enterprise architecture.

While the topic of public cloud repatriation may be taboo, more organizations are doing it. And our research and data indicate companies applying SRE practices are the most significant 'offenders.'

Public cloud is no longer the bright new shiny toy, but it paved the way for XaaS, Edge, and a new cycle of innovation.

Full-stack observability is possible today, but at a price: cost efficiency and efficacy. eBPF is about to become ubiquitous - supporting Linux and Windows - and change that equation in the process.

Evidence shows a significant shift toward identity-based security, driven by accelerated transformation and the growing importance of APIs. The end result is the eager embrace of Zero Trust as a foundational approach to security.

Many organizations are planning to deploy data and app distribution workloads at the edge, but to do that will require an edge application platform capable of supporting those workloads. That platform will need to meet the needs of new application patterns and focus on both the ops experience and flow of data and control.

Edge computing is under pressure to simultaneously evolve with each wave of the internet. As we ride the third wave, this next evolution demands the creation of a platform to support new capabilities within the edge ecosystem. A platform that cannot simply be bolted together, but requires a new approach with design considerations at the architectural level. 

Not even the stealthiest threats can hide from F5's Advanced Threat Research Center of Excellence. The team conducts rigorous research to unravel the details of today's cybersecurity threats and then shares their insights to help shut them down.

Existing security for the software supply chain is lacking, and it's only going to get worse as organizations modernize ops with SRE approaches. Organizations wanting to survive their digital transformation journey should take this deficit seriously, incorporating secure software supply chain approaches to tooling and operational software from the start.

If the intergalactic spacecrafts from our favorite sci-fi shows were to incorporate the core beliefs of Zero Trust when securing their critical systems, they would have successfully prevented a substantial amount of systems attacks and malfunctions.

Complexity is synonymous with operating in multiple clouds. Magnified by the use of APIs and the increasing skills and tools deficit, this complexity isn't going away, but it can be managed.

The enterprise architecture frameworks used by business, established nearly half a century ago, are not sufficient to support today's digital transformation. To successfully become a digital business, business and IT need to modernize their enterprise architecture.

Performance reigns supreme, so much so that businesses would exchange security to see its improvement. In addition, performance presents a significant obstacle to realizing the benefits of multi-cloud strategies and is definitively driving businesses to extend to the edge.

It's become clear that to continue the momentum of their digital transformation journey, organizations need to renew their focus on business functions. While customer-facing experiences are still priority, enabling business functions such as legal, HR, and finance to digitize is necessary. This means CIOs are taking the driver's seat as digital transformation transitions from modernizing aps to modernizing ops. 

Traditional cybersecurity methods and tools are falling behind as a digital world offers nearly unlimited targets for attackers. Security companies need to capitalize on new hardware and technologies that leverage AI/ML for real-time detection and mitigation of threats at scale.

Building a strong and robust cybersecurity posture should include availability, i.e., one can still use critical applications if they are under attack. Achieving security with resiliency and undisrupted availability are the benchmarks of proactive cybersecurity, with the understanding that threats (and mitigations) will never stop evolving.

The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.

AI is quickly being recognized as integral to the success of digital business with adoption across business, operations, and security. An area not as extensively discussed is the benefits of incorporating AI into development for pattern recognition and modeling.

Operating a digital business requires analysis of data for insights. Data bias - the opinionated collection of data - impacts the ability to glean insights for performance, availability, and security, resulting in missed or "false" insights. To achieve a fully digital business, IT and business must develop a data and observability strategy.

Digital business functions are just as critical to supporting customer experience and legal is starting to get the much-needed attention it deserves. Organizations far along their digital transformation journey are taking a step back to phase one, addressing functions that have remained manual through recent rapid digitization.

In a digital as default world, operations is still too reliant on manual methods and needs to evolve to enable adaptive applications. This evolution requires significant change across all of IT. It needs AI-enabled adaptability that will maintain availability, optimize performance, and ensure security.

Collector-stealer is an active piece of malware used across the globe. It uses a variety of mechanisms to infiltrate user systems and quietly steal sensitive data. Our security experts have uncovered its secrets and expose how it works in this latest threat research.

As organizations are evolving within the digital world, so too are the threats against them. Through the utilization of bots, attacks have moved beyond exploiting CVEs due to increased value in targeting businesses inherent vulnerabilities of operating a digital presence. Identifying and stopping these bots requires security powered by AI and machine learning.

As the digital economy grows so does the processing of payments through financial services institutions, and malicious actors are taking notice of the lucrative opportunities this presents. The digital payment ecosystem relies on the use of APIs to facilitate digital financial transactions and the number of API security incidents are growing yearly. Digital firms, especially those in financial services, need to increase focus on securing their APIs to protect their customers and business.

Assuming customer experience correlates only to uptime is a faux pax. CX is impacted by perception, which stems from the overall interaction, not just whether or not the power is on. And CX is not relegated strictly to customer facing apps. Apps primarily accessed by non-human entities (machines, script, etc) still have a human somewhere in the process. The result: CX is an increasingly important part of digital transformation and pertinent to the development lifecycle.

Compute power in not limitless, and if there’s a limit to our ability to increase size and space as we move to the edge, then we must instead focus on optimization. When we have needed to improve capacity in the past, there’s been an introduction of optimized hardware components. Hardware-optimized computes will be a necessary capability for any application-centric platforms looking to support organizational enablement at the edge.

As businesses continue to move toward a “digital as default” operating model the ease of operations results in an increase of complexity – task automation requires more code, digital expansion requires more connections, AI-assisted business requires more data. And complexity is the enemy of security. Therefore businesses will have to adapt their security stack to keep up.

The explosive growth of automation and digitization along with a trend toward hybrid work models will accelerate the momentum away from IP-based security toward identity-based access strategies.

As business approaches a default-digital model, it necessarily relies more and more on data. Eliminating bias in that data will be a critical step in ensuring that decisions based on that data will lead to the best outcome possible for customers and the business.

Let’s say your cat has wandered off. You can’t find them anywhere and tasty treats are not working their magic today. Then imagine that you could leverage the video doorbells in your neighborhood—i.e., idle compute and processing power from endpoints and nodes at the edge—to find them.

Cloud computing has long sought to remove the need to deal with infrastructure, with APIs and drag-and-drop configuration tools to help keep those adverse to the network and infrastructure from getting their hands dirty. But we can't just ignore it either, or its profile as a key attack target.

Cybercriminals targeting the financial services sector are focusing more of their attacks on application programming interfaces (APIs). At the same time, different development teams working on multiple applications often use disparate tool sets, pointing to the increasing importance of industry standards. F5 works closely with financial services customers worldwide to implement and secure the APIs driving open banking.

User, within the context of the application domain, has always referred to the entity that interacts with an application. Just as shifts in application architectures drive changes in the technologies that deliver and secure them, shifts in the definition of user have driven changes in where apps are deployed.

The fight for anti-racism in support of our friends, family, and coworkers of Asian and Pacific Islander ancestry is part of a much bigger battle. We are fighting for a world that is radically inclusive—where we, as a global community, don’t just tolerate differences, we celebrate them.

While there’s a tendency to focus on applications that directly implement a customer experience, every business domain will see the rise of applications that ultimately become critical to their digital presence. These applications, then, become the modern equivalent of a monolith.

IBM Cloud Satellite is designed to bring cloud services to where clients’ data already resides—and help them bridge to where they want to go. This aligns with F5’s ambitions for Edge 2.0 and our vision of distributing applications—at the data center, in the public cloud, and at the edge—to help assure a seamless, consistent, and secure user experience.

QUIC has broad industry support and the potential to be the basis of most applications that deliver business value over the internet. Anyone delivering applications over the internet should start thinking about how their operations should change to reflect the new threats and opportunities that these protocols bring.

We recently crested the third wave of cloud. Concurrently, the pandemic has shifted a lot of enterprise attitudes. One has been the approach to remote work. Another is that toward public cloud. In fact, just about every survey out there now says the market is full steam ahead on cloud migrations—but, while certainly related, an important distinction exists between cloud migration and cloud adoption.

Gaming accounts and microtransactions are valuable enough to have become substantial targets for hackers. Given that these accounts—like those in other industries—can be used across platforms (website, console, mobile phone), they can pose lucrative opportunities with multiple attack vectors for those savvy enough to go after them.

Whether through a mobile app using APIs to interface with an existing monolithic mainframe app or via message queues that connect Slack to a traditional client-server based customer service application, the task facing enterprise IT today is not merely to transform monoliths to microservices, but to make microservices talk to monoliths.

As organizations ramp up their generation of data and seek to extract business value from it, analytics and automation powered by AI and ML will certainly be on the table as technologies put to the task. These are exactly the type of workloads that will benefit from optimized infrastructure, and yet they are the ones least likely to be able to take advantage of it today. 

The central problem with measuring site performance today can be summed up as: "We don't measure the cost of slow. We measure the cost of downtime." Humans tend to work toward what they're measured on. This is not a new concept and, in fact, it's one of the tenets of DevOps and the reason the methodology includes a shift in measurements toward what matters most. Today, that means more than just available—it means fast and reliable too.

While SaaS is not really all that new, what is new is the range of activities being commoditized and packaged as SaaS. All manner of business functions are joining CRM, SFA, productivity, and communications as SaaS offerings. And we anticipate that organizations will quickly jump at the chance to offload the operation of such software to a provider.

Not even the stealthiest threats can hide from F5's Advanced Threat Research Center of Excellence. The team conducts rigorous research to unravel the details of today's cybersecurity threats and then shares their insights to help shut them down.

Existing security for the software supply chain is lacking, and it's only going to get worse as organizations modernize ops with SRE approaches. Organizations wanting to survive their digital transformation journey should take this deficit seriously, incorporating secure software supply chain approaches to tooling and operational software from the start.

If the intergalactic spacecrafts from our favorite sci-fi shows were to incorporate the core beliefs of Zero Trust when securing their critical systems, they would have successfully prevented a substantial amount of systems attacks and malfunctions.

Complexity is synonymous with operating in multiple clouds. Magnified by the use of APIs and the increasing skills and tools deficit, this complexity isn't going away, but it can be managed.

The enterprise architecture frameworks used by business, established nearly half a century ago, are not sufficient to support today's digital transformation. To successfully become a digital business, business and IT need to modernize their enterprise architecture.

Performance reigns supreme, so much so that businesses would exchange security to see its improvement. In addition, performance presents a significant obstacle to realizing the benefits of multi-cloud strategies and is definitively driving businesses to extend to the edge.

It's become clear that to continue the momentum of their digital transformation journey, organizations need to renew their focus on business functions. While customer-facing experiences are still priority, enabling business functions such as legal, HR, and finance to digitize is necessary. This means CIOs are taking the driver's seat as digital transformation transitions from modernizing aps to modernizing ops. 

Traditional cybersecurity methods and tools are falling behind as a digital world offers nearly unlimited targets for attackers. Security companies need to capitalize on new hardware and technologies that leverage AI/ML for real-time detection and mitigation of threats at scale.

Building a strong and robust cybersecurity posture should include availability, i.e., one can still use critical applications if they are under attack. Achieving security with resiliency and undisrupted availability are the benchmarks of proactive cybersecurity, with the understanding that threats (and mitigations) will never stop evolving.

The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.

AI is quickly being recognized as integral to the success of digital business with adoption across business, operations, and security. An area not as extensively discussed is the benefits of incorporating AI into development for pattern recognition and modeling.

Operating a digital business requires analysis of data for insights. Data bias - the opinionated collection of data - impacts the ability to glean insights for performance, availability, and security, resulting in missed or "false" insights. To achieve a fully digital business, IT and business must develop a data and observability strategy.

Digital business functions are just as critical to supporting customer experience and legal is starting to get the much-needed attention it deserves. Organizations far along their digital transformation journey are taking a step back to phase one, addressing functions that have remained manual through recent rapid digitization.

In a digital as default world, operations is still too reliant on manual methods and needs to evolve to enable adaptive applications. This evolution requires significant change across all of IT. It needs AI-enabled adaptability that will maintain availability, optimize performance, and ensure security.

Collector-stealer is an active piece of malware used across the globe. It uses a variety of mechanisms to infiltrate user systems and quietly steal sensitive data. Our security experts have uncovered its secrets and expose how it works in this latest threat research.

As organizations are evolving within the digital world, so too are the threats against them. Through the utilization of bots, attacks have moved beyond exploiting CVEs due to increased value in targeting businesses inherent vulnerabilities of operating a digital presence. Identifying and stopping these bots requires security powered by AI and machine learning.

As the digital economy grows so does the processing of payments through financial services institutions, and malicious actors are taking notice of the lucrative opportunities this presents. The digital payment ecosystem relies on the use of APIs to facilitate digital financial transactions and the number of API security incidents are growing yearly. Digital firms, especially those in financial services, need to increase focus on securing their APIs to protect their customers and business.

Assuming customer experience correlates only to uptime is a faux pax. CX is impacted by perception, which stems from the overall interaction, not just whether or not the power is on. And CX is not relegated strictly to customer facing apps. Apps primarily accessed by non-human entities (machines, script, etc) still have a human somewhere in the process. The result: CX is an increasingly important part of digital transformation and pertinent to the development lifecycle.

Compute power in not limitless, and if there’s a limit to our ability to increase size and space as we move to the edge, then we must instead focus on optimization. When we have needed to improve capacity in the past, there’s been an introduction of optimized hardware components. Hardware-optimized computes will be a necessary capability for any application-centric platforms looking to support organizational enablement at the edge.

As businesses continue to move toward a “digital as default” operating model the ease of operations results in an increase of complexity – task automation requires more code, digital expansion requires more connections, AI-assisted business requires more data. And complexity is the enemy of security. Therefore businesses will have to adapt their security stack to keep up.

The explosive growth of automation and digitization along with a trend toward hybrid work models will accelerate the momentum away from IP-based security toward identity-based access strategies.

As business approaches a default-digital model, it necessarily relies more and more on data. Eliminating bias in that data will be a critical step in ensuring that decisions based on that data will lead to the best outcome possible for customers and the business.

Let’s say your cat has wandered off. You can’t find them anywhere and tasty treats are not working their magic today. Then imagine that you could leverage the video doorbells in your neighborhood—i.e., idle compute and processing power from endpoints and nodes at the edge—to find them.

Cloud computing has long sought to remove the need to deal with infrastructure, with APIs and drag-and-drop configuration tools to help keep those adverse to the network and infrastructure from getting their hands dirty. But we can't just ignore it either, or its profile as a key attack target.

Cybercriminals targeting the financial services sector are focusing more of their attacks on application programming interfaces (APIs). At the same time, different development teams working on multiple applications often use disparate tool sets, pointing to the increasing importance of industry standards. F5 works closely with financial services customers worldwide to implement and secure the APIs driving open banking.

User, within the context of the application domain, has always referred to the entity that interacts with an application. Just as shifts in application architectures drive changes in the technologies that deliver and secure them, shifts in the definition of user have driven changes in where apps are deployed.

The fight for anti-racism in support of our friends, family, and coworkers of Asian and Pacific Islander ancestry is part of a much bigger battle. We are fighting for a world that is radically inclusive—where we, as a global community, don’t just tolerate differences, we celebrate them.

While there’s a tendency to focus on applications that directly implement a customer experience, every business domain will see the rise of applications that ultimately become critical to their digital presence. These applications, then, become the modern equivalent of a monolith.

IBM Cloud Satellite is designed to bring cloud services to where clients’ data already resides—and help them bridge to where they want to go. This aligns with F5’s ambitions for Edge 2.0 and our vision of distributing applications—at the data center, in the public cloud, and at the edge—to help assure a seamless, consistent, and secure user experience.

QUIC has broad industry support and the potential to be the basis of most applications that deliver business value over the internet. Anyone delivering applications over the internet should start thinking about how their operations should change to reflect the new threats and opportunities that these protocols bring.

We recently crested the third wave of cloud. Concurrently, the pandemic has shifted a lot of enterprise attitudes. One has been the approach to remote work. Another is that toward public cloud. In fact, just about every survey out there now says the market is full steam ahead on cloud migrations—but, while certainly related, an important distinction exists between cloud migration and cloud adoption.

Gaming accounts and microtransactions are valuable enough to have become substantial targets for hackers. Given that these accounts—like those in other industries—can be used across platforms (website, console, mobile phone), they can pose lucrative opportunities with multiple attack vectors for those savvy enough to go after them.

Whether through a mobile app using APIs to interface with an existing monolithic mainframe app or via message queues that connect Slack to a traditional client-server based customer service application, the task facing enterprise IT today is not merely to transform monoliths to microservices, but to make microservices talk to monoliths.

As organizations ramp up their generation of data and seek to extract business value from it, analytics and automation powered by AI and ML will certainly be on the table as technologies put to the task. These are exactly the type of workloads that will benefit from optimized infrastructure, and yet they are the ones least likely to be able to take advantage of it today. 

The central problem with measuring site performance today can be summed up as: "We don't measure the cost of slow. We measure the cost of downtime." Humans tend to work toward what they're measured on. This is not a new concept and, in fact, it's one of the tenets of DevOps and the reason the methodology includes a shift in measurements toward what matters most. Today, that means more than just available—it means fast and reliable too.

While SaaS is not really all that new, what is new is the range of activities being commoditized and packaged as SaaS. All manner of business functions are joining CRM, SFA, productivity, and communications as SaaS offerings. And we anticipate that organizations will quickly jump at the chance to offload the operation of such software to a provider.

Despite changes in architectures and location, security problems do not change. Customers still need to protect applications, ensure availability, and defend against DDoS attacks. Application security is just a bigger challenge now due to the expanding attack surfaces and vulnerabilities.

There are two walls in the delivery path for applications. The first (which has been the cause of much friction) is between development and production. And while DevOps methodologies have begun to break down this wall, the other—the one between production and delivery to consumers—is not so easily breached.

The first step in a discussion about data architecture is to define what the concept of “data architecture” encompasses. Unsurprisingly, the answer turns out to be nuanced—it is layered and multifaceted. To help ground the discussion, it is useful to start by thinking about it in terms of the journey of collected telemetry data.

Digital payments have become as common as cash used to be. Shutdowns due to the COVID-19 pandemic have only accelerated the rate consumers rely on such services. But it has also accelerated digital payments on the corporate side. After all, businesses still have accounts payable and receivable whether they're open to the public or not.

Today, F5 offers the most comprehensive application services along the code to customer path. For the future, we are doubling down on application telemetries and analytics to help our customers discover insights about their applications, business flows, and user experiences. As we build out our cloud analytics capabilities, we'll further leverage ML/AI to help our customers to improve their business services. 

It should be no surprise that as there evolves a new generation of application architectures that a new generation of load balancing accompanies it. Since the birth of load balancing, just before the turn of the century, the technology has moved in a predictable pace, which means it is time for innovation.