Security, not availability, is now the number one priority driving the adoption of application services, according to a new report by F5 Networks.
Applications are becoming core to the digital economy, and organizations are increasingly turning to application services to keep them humming. In its third annual State of Application Delivery report, F5 Networks found that the average number of app services used by organizations increased from 11 in 2016 to 14 today. Sangeeta Anand, senior vice president of product management and marketing at F5 Networks, adds that the average organization plans to deploy 17 app services in the next 12 months.
In the next 12 months, organizations plan to deploy the following services:
- Security services (40 percent)
- Performance services (35 percent)
- Availability services (34 percent)
- Identity services (34 percent)
- Mobility services (28 percent)
Globally, these are the top security services planned for deployment in the next 12 months:
- DNSSEC protection (25 percent)
- DDoS mitigation (21 percent)
- web application firewall (WAF) services (20 percent)
"Security has the No. 1 priority," Anand says. "There are some very profound and fundamental changes taking place in security. Most, if not all, enterprise security has been built around a network perimeter. That worked well as long as there wasn't this concept that both your end user and the application are mobile. Now your end user can be anywhere and your application can be anywhere. The cloud is the boundary."
[ Related: 5 data breach predictions for 2017 ]
Combined with the fact that security breaches are increasingly taking place at the application layer and directed at the application itself, Anand says these facts are driving organizations to consider how they can use application services to ensure the same security posture and consistent auditability regardless of where applications go.
For this year's report, F5 Networks surveyed 2,197 IT, networking, application and security professionals globally across a range of industry verticals.
Cloud adoption also on the increase
In addition to the increasing demand for security application services, the survey found cloud adoption is increasing: four out of five respondents have adopted hybrid cloud, and 32 percent said they will purchase public cloud infrastructure-as-a-service (IaaS) solutions this year, up from 25 percent in 2016. F5 Networks also found that the more apps an organization has deployed, the greater its motivation to leverage cloud environments. The organizations running the largest number of applications (3,000+) had the highest percentage of apps in the cloud.
Anand notes that it is the drive to the cloud that is causing the surge of interest in security services.
"We live in a multicloud world," she says. "Do you want one security posture for your on-prem applications, another for applications in public cloud 1, a different posture for applications in public cloud 2 and another for apps in a co-lo data center?"
[ Related: 2017 security predictions ]
"You cede some operational control when you move to a public cloud," she adds. "We want strategic policy controls to be retained. We need to look at our overall cloud architecture and design so we can deliver a consistent security posture."
While customers with industrial internet of things (IoT) apps reported a strong preference for on-premises private cloud, in general, organizations consider private cloud, public cloud and software-as-a-service (SaaS) clouds to have roughly equal strategic weight. F5 Networks found 39 percent of respondents identified private cloud operating models as strategically important, while 38 percent of respondents felt the same about public cloud and 37 percent about SaaS.
The increases in app services and continued expansion of the cloud are also influencing organizations to look to automation and orchestration to scale operations across environments. More than half of the survey respondents said API-enabled infrastructures and templates are important, up from 31 percent and 22 percent last year, respectively.
Interestingly, Anand says, even though organizations are increasingly adopting the automation and orchestration aspects of the DevOps methodology, only 20 percent of respondents said they think DevOps has strategic impact.
Anand warns that shouldn't be interpreted as a repudiation of DevOps as a methodology.
"DevOps has its own adoption cycle. This is a methodology, a practice, a culture," she says. "It's not as simple as bringing in an appliance or new software and testing it and rolling it out."
Bleeding-edge web-scale companies have all adopted DevOps for their service delivery, she says. But DevOps is just one change vector in an IT stack fully in flux, she says. Disruption has permeated everything about applications, from the way they're accessed, consumed (cloud), the infrastructure they run on (software-defined networks, SDNs) and the way they're maintained (DevOps).
"With the growing number of app services supporting and securing the apps behind the digital economy, it was no surprise to see a lot of growth in the use of automation and orchestration tools and frameworks most associated with DevOps," says Lori MacVittie, principal technical evangelist at F5 Networks. "Many organizations have reached an operational tipping point. Throwing more people at the problem of scale and speed is no longer an option. Diminishing returns is kicking in. Organizations are, therefore, turning to automation and orchestration with great enthusiasm."
"As to why respondents are embracing programmability with DevOps and SDN, the answer is not, as you might expect, time to market," she adds. "Consistently respondents tagged operational scale and costs as more important than getting out the door faster. Except for those who admitted to being driven by a C-level mandate (6 percent) and the 2 percent whose bonuses relied upon adoption."