In 2018, I declared that we’d entered the era of app capital. At the time, I talked about how it’s no longer physical or human capital that is driving value creation for organizations, but applications. I also predicted it wouldn’t be long before more companies devoted commensurate energy and resources to stewarding their application portfolios.
With digital transformation efforts accelerating, I thought it was time to take stock of how far we’ve come and what has changed in the last five years.
Here are four significant changes since that 2018 blog post:
Today, even more so than five years ago, applications are your most important asset. Applications are what enable new business models and revenue growth. They define your customer experience. They enable and automate your operations. They transform your data into valuable insights. And they differentiate you from the competition.
They’re also what increasingly drives the economy. Today, almost 30% of the value of the U.S. S&P 500, an index representing approximately 80% of public U.S. market caps, is from application-led companies, including Apple, Microsoft, Alphabet, Amazon, Meta, Visa, Mastercard, Saleforce.com, and Netflix, among others. Another 15% of the value of the index is from companies that are driving their differentiation primarily through their digital experiences or the digital experiences they enable, including Tesla, NVIDIA, JP Morgan Chase, Cisco Systems, and Walmart, among others.
Fifty years ago, in the early days of enterprise IT, those percentages were close to zero. And looking ahead, those percentages are expected to continue their steady climb upwards.
Indeed, the most valuable companies today are valued as such because of the applications they own. And the value application-led companies generate continues to outpace the value creation of other companies less reliant on applications and digital services.
Application programming interfaces (APIs)—those small, single-function applications—are rapidly multiplying. And alongside larger, multi-function apps, they’re increasingly becoming a core driver of economic value creation.
Because APIs enable communication and data sharing between different systems, they have become central to how companies create value for themselves, their partners, and their customers. For example, the ability to check your credit score or pay a bill within your banking app happens because APIs connect multiple service providers. Likewise, the ability to find the best prices using your travel app occurs through APIs that offer access to information from various hotels, airlines, car rental agencies, and similar company websites.
Today, many organizations have applications and APIs in the hundreds, and these numbers continue to grow. Five years ago, most customers could not tell me how many applications they had, their location, or how well they were secured. Thankfully, that is no longer the case today as many organizations have invested significant time and resources to better manage their applications.
However, most organizations don’t have a similar handle on their APIs. APIs are where apps were five years ago. Most organizations struggle to know how many APIs they have, where they all are, who is connecting to them, and to what extent they are secured. Without an API strategy, the opportunities for fraudulent and malicious behavior have been rising, with more than nine out of ten enterprises experiencing an API security incident in 2020 alone.
Five years ago, customers would routinely tell me they were “all in” on the public cloud. Organizations were planning to move their apps out of their data centers completely to reap the public cloud promises of greater business agility, improved total cost of ownership, greater uptime, and more reliable security.
That hasn’t panned out. In fact, according to F5 research, 85% of organizations today are deploying their apps and APIs across multiple locations—including on-premises data centers, multiple public clouds, and edge sites. And interestingly, one in five organizations operates its apps and APIs across six different environments. As a Deloitte report in the Wall Street Journal concluded, “Multicloud may feel messy, but it’s the world we’re living in, and likely will be for the foreseeable future.”
Indeed, distributed environments are the new normal. And they’re happening despite the increased complexity, costs, and vulnerabilities associated with placing one’s apps and APIs across multiple locations. Why? Because there are solid business reasons for doing so. For some apps, companies might want the performance of purpose-built hardware running in an on-prem data center. For others, they might need the speed and scalability of the cloud. And for still others, they might seek the performance advantages (e.g., low latency) of the edge.
Over the past five years, the application and API landscape has become increasingly distributed and complex.
As the number of apps and APIs continues to proliferate and organizations deploy them in a broader range of environments, managing them across distributed, multi-cloud environments has become a far greater challenge than imagined five years ago.
Running apps and APIs in different environments under different security postures has created friction everywhere. And unfortunately, this is increasing security risks while slowing down innovation.
The growth in apps and APIs—and the increasingly distributed nature of their deployment—has expanded the attack surface for cybercriminals to infiltrate the enterprise. This year alone, cybercrime is estimated to cost $8 trillion, making it the world’s third largest economy behind the U.S. and China.
Today, data breaches, bots, and ransomware are among the most significant security threats, and the risks they pose are becoming increasingly sophisticated and AI-powered. In the last year, for example, inadequate cybersecurity resulted in over 1.8 billion users’ passwords falling into the hands of cybercriminals, allowing the privacy of millions of users to be completely and utterly violated.
Malicious bots have become more prevalent, jeopardizing the customer experience and reducing revenue for companies, while sucking up valuable time. According to the Forrester Total Economic Impact Report, operational teams can waste up to 10,000 hours on manual bot protection.
Moreover, ransomware is one of the most significant and rapidly growing cybersecurity threats of our time. Ransomware now accounts for one out of every four breaches. And, according to 2023 Verizon Data Breach Investigations Report, 95% of ransomware incidents involved a loss costing between $1 million and $2.25 million.
Given the volume of business and data flowing through applications and APIs, application and API security has taken on new significance. An organization’s digital experiences are only as secure as their most vulnerable app or API. What’s more, nothing can derail end-user adoption of a digital experience faster than the perception of poor security or privacy.
Five years further into the era of app capital, organizations are managing app landscapes that are far more complex than anticipated. IT leaders today have a daunting job as they face a growing number of cyberattacks, increasing regulatory requirements, rising costs, shrinking budgets, talent shortages, and heightened expectations from end users around app security, availability, and the overall experience.
They must stay on top of the proliferation of apps and APIs, keep their traditional apps healthy and running while building out new capabilities in modern architectures and operationalizing hybrid and multi-cloud deployments.
Yet the solution can’t be to reinvent how organizations do business or force fit all of their apps and APIs into a single, walled garden. Instead, it must be to radically simplify app security and management across the distributed app landscape companies already have in place. As the Deloitte report in the Wall Street Journal put it, “Savvy business leaders aren’t simply living with the convolution created by multicloud and the growing technology footprint. Instead, they’re looking for ways to harness the operational gains that come from managing multiple cloud instances while slaying the dragon of multicloud complexity.”
At F5, we are working hard to simplify app and API security across hybrid and multi-cloud environments. We envision a world in which apps can automatically scale and shrink as demands change, where cyberattacks can be rapidly detected and neutralized before they occur, and where rich telemetry can be used to continuously optimize application performance and resilience.
This vision is why we’ve invested heavily over the last five years in our F5 Distributed Cloud Platform, a hybrid and multi-cloud solution built to make it easier to secure, deliver, and optimize apps and APIs wherever they’re deployed. Distributed Cloud Services provide connectivity and security at both the network and application layers. That means that you can securely connect between locations within a single cloud service provider or across different providers, as well as natively connect and secure distributed digital services—giving your end users superior security, availability, and performance, while reducing operational complexity for your business.
As the world becomes increasingly digital, apps and APIs are the lifeblood of the business—and that’s even truer today than it was five years ago. In this era of app capital, organizations that optimize and protect these critical digital assets will achieve the greatest success.
At F5, we’re working to radically simplify app security and delivery. To fulfill our purpose of building a better digital world, we want to help you protect your reputation and revenue—so you can spend less time managing your apps and APIs and more time innovating, delighting your customers, and growing your business.
To learn how F5 can help you connect, protect, and deploy apps across distributed clouds, see our F5 Distributed Cloud Services webpage.