How to Combat Complexity and Elevate Modern App Security

Published February 15, 2022

The modern application landscape continues to evolve into a world of multi-cloud, microservices, and APIs coexisting with legacy, data center-based apps. Security practices are far more challenging because of process complications and increased time pressures on app development. Organizations need to simplify their approach to app security, and F5 can help.

Organizations that want to thrive today are placing a greater emphasis on their digital experiences for customers and employees—improving how they work, shop, watch movies, communicate, and more. This means modernizing their applications to deliver better digital experiences, but it also means increasing the degree of difficulty for app security.

Modernizing apps includes transformational actions such as leveraging microservices, using multiple clouds and edge locations instead of a single cloud provider, and utilizing API-based communication to connect workloads and data. For most organizations, this is an evolutionary process and a journey. Resources are taxed (especially security teams), and modernization efforts are putting increasing pressure on most organizations’ security postures. Apps are evolving fast; security teams and technologies need to keep pace—this is easier said than done!

In fact, in our upcoming 2022 State of Application Strategy Report where we surveyed nearly 1,500 IT professionals worldwide, F5 found that 88% of respondents currently operate both legacy and modern application architectures. Meanwhile, application containerization has become the norm for new app development, enabling increased edge computing that allows organizations to capture benefits related to app deployment flexibility, portability, performance, and data availability.

A separate 2021 survey of 372 IT pros in North America showed that 86% of respondents are already using multiple cloud providers (“Distributed Cloud Series: Application Infrastructure Modernization Trends across Distributed Cloud Environments,” Enterprise Strategy Group, December 2021). From the same survey, 93% said that cloud-native applications are being integrated into existing environments, resulting in security and compatibility challenges.

This increasing complexity surrounding app deployments and modernization may indeed be helping enterprises stay competitive and meet the growing demands and expectations from their customers. But it is taking a toll on application security.

It presents many challenges, including:

  • An expanding application attack surface, exposing new, potential security gaps and vectors for opportunistic cybercriminals to exploit.
  • Inflating total cost of ownership due to sprawling point solutions to secure web apps and APIs, with limited ability to manage, visualize, and secure applications and APIs across all environments.
  • Increased pressure on developers to create apps more quickly, creating silos that make it harder for security teams to enforce secure development practices.
  • Integrating new cloud technologies and development workflows with existing ones, making it more difficult to incorporate consistent security policies (and overall security posture) while also meeting critical innovation target dates.

After decades in the security industry, I know that complexity is the enemy of security, and that the app and API services ecosystems of today are more complex than ever before. Business and IT leaders face many difficult choices related to security—continually having to balance agility, innovation, and delighting their customers with security, which historically has slowed down adoption and caused more friction for customers.

So, how can F5 help organizations with this growing problem?

Today we’re launching a comprehensive, multi-layered Web Application and API Protection (WAAP) solution built on the F5 Distributed Cloud Platform, simplifying app security with a unified set of SaaS services:

  • F5 Distributed Cloud WAF leverages F5’s powerful Advanced WAF technology to protect web-based applications from a myriad of threats through a combination of signature- and behavioral-based detection.
  • F5 Distributed Cloud API Security identifies API endpoints mapped to your applications and observes and enforces proper API behavior—safeguarding against shadow APIs attempting a breach or services disruption.
  • F5 Distributed Cloud Bot Defense manages and deflects malicious automation targeting web-facing assets to defend against web fraud, intellectual property theft, and other business logic risks.
  • F5 Distributed Cloud DDoS Mitigation delivers multi-layered protection against attacks intended to disrupt critical network resources, app performance, and app experiences across layers 3–7.

Read this companion blog post to learn more about this new solution from F5.

With F5 Distributed Cloud WAAP, customers will be able to more rapidly and confidently pursue their digital transformation knowing that security for their applications won’t slow down the app development and deployment process. And the solution can easily scale to protect their business and end customers with high efficacy, now and into the future even as their footprint grows.

At the same time, it allows organizations to turn security from a risk control and cost center to a competitive advantage that unleashes application innovation to deliver compelling digital experiences without inserting friction to application teams or frustration to customers. Plus, they can move forward with a more secure, resilient app modernization strategy knowing that security costs and resourcing will be more predictable (and ideally go down) over time.

You can experience the new F5 Distributed Cloud WAAP solution for free today via our interactive simulator, or can contact your F5 sales representative to discuss this new solution further.