2016 IT outlook: Applications, security and hybrid matters

Martyn Young, System Engineering Director for ANZ, F5 Networks

The pace of change in the realms of the digital age is unprecedented. Driven by evolving consumer demands, changing industry structures, as well as accelerating technology development, the business world has experienced immense progression over the years and digital transformation continues to be at the heart of today’s society and culture.

Before we look into how much more digital transformation will impact our lives, let’s head down memory lane to just a year ago. 2015 saw consumers demanding the same level of convenience and speed that they receive from an organisation’s online service to enterprises adopting a “Cloud-First” strategy in many business-technology decisions.

With the proliferation of Internet access, and the explosion of online services over the past decade, more people were and continue to routinely share data loosely with more organisations. As apps and websites have mushroomed, control has fragmented. This, combined with the promiscuous sharing of personal information on social platforms and through unsecured channels had placed identity data at greater risk than ever, and in some cases offering fraudsters an open door. It is clear that technology has changed the power differential with consumers taking the lead.

So what will this year see in the IT space? There are three areas we see taking solid form in 2016. They are, security and deployment in the hybrid world, ensuring a more balanced security posture and application services becoming widely deployed to power applications.

It’s a hybrid world

The cloud, in all of its many forms, has introduced a whole new world of opportunities for organisations of all sizes. In today’s digital world, we are witnessing more and more organisations deploying and migrating applications to public and private clouds. Many of these enterprises are seeking a hybrid approach primarily to drive agility and cost savings. Meaning that organisations are seeking the same confidence level with applications and services in hybrid cloud deployments that they’ve seen in the data centre.

Hence, organisations need to evolve and rethink their security strategy to ensure that it is app-centric for the hybrid world. Being app-centric means businesses are assured the ability to provide the critical services to make apps available, protect them, and deliver them seamlessly across hybrid environment. Risks will be mitigated by meeting security requirements both on-premises and in the cloud.

Security posture in the IoT world


The Internet of Things (IoT) is fast gaining traction in the marketplace. And, with its rapid rise has also come an increase in the backend data workload, which is putting tremendous pressure on networks. Nowhere is this felt more keenly than on legacy IT infrastructures and the security environments, and it will only become more pronounced during 2016.

Take a new smart TV for example. It might look like a useful convenience. But, if enterprises are unable to adequately secure access to the device, it becomes just another threat to the network and the organisation’s entire IT infrastructure.

The number of “things” connected to devices that are capable of being harnessed thanks to their connectivity and reliance on APIs have the potential to become a BOT for cyber attacks such as DDoS.

Although they will undoubtedly be alarming, the bright side is that such attacks will drive a demand for assured security amongst consumers, eventually leading to security being a key “must-have” feature for Internet devices. Unless organisations remain proactive, the ubiquity of connected devices presents a gold mine for attackers.

Therefore we expect to see more enterprises focusing on ensuring that their IT infrastructure is stable and secure enough to support the exploding data workloads as a result of IoT on their networks. And, on the consumer side of things, manufacturers of TVs, and other wearable devices will be putting security at the top of their priority lists.

Security a critical concern for financial services

The pervasiveness of mobile devices in Asia Pacific and the boom in Internet banking has spawned a myriad of increasingly sophisticatd cybersecurity threats. In the first three months of this year alone, new variants of financial trojans Tinbapore and new Gootkit campaigns were found to target banks and financial organisations in countries such as New Zealand, United States and Canada amongst others. These developments point to the rapid evolution they undergo.

For example, Gootkit performs preparation by using video recording functionality before launching actual attacks on financial institutions websites. This means that fraudsters now have the ability to study the internal processes of financial transactions within a bank and look for gaps in approval processes without having to be in the bank. This is an example of the creativity that cybercriminals of today possess and the effort they are willing to put into refining the process by which they approach their victims.

That’s not the end of the story. As financial institutions deploy more enterprise-grade applications and services across traditional data centre and cloud environments, the need for an in-depth security strategy has never been greater. Organisations that depend on their online presence for survival need a holistic security strategy. One that not only protects the organisation, its employees, customers and end-users against attack vectors, but is also able to react quickly to attacks in order to minimise damage.

One common misconception held by many financial sector organisations is that a firewall is sufficient to guard an enterprise’s networks. However, that no longer holds true. For example, web application attacks are often tuned and created for a particular application, and are missed by traditional security measures. The truth is that organisations must look at other technologies, such as web application firewalls to protect their networks.


Accordingly, in 2016 financial institutions need to strike an equal balance between protective postures – between pure defence and mitigate-and-react approaches. If the balance is tilted in one direction, the security strategy will not be as effective.

Application services are the norm

Twenty-five years ago, applications were monolithic software programs that ran in huge data centres and used by the select few. Today, with the Internet and mobile devices, applications are everywhere and used by nearly everyone.

Businesses are driven by them, customers connect through them, and employees can’t do their jobs without them. When it comes to managing applications today, the span of control is shifting, forcing organisations to think about how applications can be deployed in a manner that is flexible and profitable.

Just about every application utilises some form of an application service to address challenges with performance (ability for apps to react quickly when used), security (using apps in a secured manner), or availability (making apps always available). Ultimately, in order to experience a seamless experience between applications and end users, organisations find themselves having to deploy and manage multiple application services.

Application services comprise a suite of technology or services that enhances availability, security and acceleration for the application. An application service is not the application itself – it is a technology or service for the environment that an application is deployed on.

Application services can include a wide array of functions, from the traditional load balancing technologies to the richer and advanced application delivery technologies. These include application security, mobility, availability, performance and access, as well as identity management.

However, there are an increasing number of tools being used for application development that all drive slightly different security requirements. That, in turn, makes it hard for IT to drive standardisation and automation on an adhoc basis.

Therefore, enterprises are increasingly looking to ‘build’ rather than buy off-the-shelf applications. In fact, Gartner predicts that by 2020, 75 percent of application purchases supporting digital business will be built, and not bought. Further to that, organisations will also be looking for customised application services to ease the burden and meet their individualised requirements.

Businesses must be as agile and orchestratable as the applications and microservices they’re delivering, which means being more than just virtual and actually fitting in with an increasingly DevOps environment.

2016 in a snapshot

Rapid changes in the digital age have placed enormous pressure on IT departments, pushing them to improve service levels, boost agility and shorten time to market. Now more than ever, there will be more happening in the hybrid world. As more organisations deploy and migrate applications to public and private clouds, an approach to ensure that the journey of these apps are secure is vital.

In a world where hackers are constantly trolling through networks, organisations need to strike an equal balance between protective postures – between pure defence and mitigate-and-react approaches. If the balance is tilted in one direction, the security strategy will not be as effective.

Lastly, expect to see more applications in the digital world. While most Australian organisations are aware of the importance of application services, the industry can also expect to see application deployments expand beyond the data centre to include public, private and hybrid cloud models. While the complexity and diversity of application services is fast evolving, the success of these services within the enterprise will rely heavily on their ability to ensure the consistent, smooth and secure operation of applications.

Amid all this change, one outcome is clear: the IT landscape continues to evolve without signs of slowing, with applications playing a large part and given the nature of a digital world security will need to be at the forefront.



[1] Gartner “Gartner Says Modernization and Digital Transformation Projects Are Behind Growth in Enterprise Application Software Market”,<http://www.gartner.com/newsroom/id/3119717>

Join the CSO newsletter!

Error: Please check your email address.

Tags F5 Networks2016 IT OutlookapplicationsANZsecuritydigital transformationIoT worldhybrid matters

More about Gartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Young

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place