Define an application strategy to benefit from better security
Carla Petersen F5 Channel Manager at Westcon-Comstor
Most businesses today power between 200 to 1000 apps at any given point, without even mentioning the third-party as-a-service offerings they have added to the mix. These apps, which are deployed across data centres, multiple cloud environments, and the edge, are adding to the complexity of IT departments. This, in turn, leaves gaps in both application management and security.
But it’s not just the apps themselves that are transforming. To digitise a business, organisations need to automate those unseen processes and back-office functions, adding to the complexity faced by IT departments.
But, as for the bottom line – as digital transformation accelerates, IT objectives and business objectives are converging to increasingly elevate technology from a supporting role to the heart of the business.
The role of the application
Within this explosion of apps and the need to manage the environments, integrations, and apps themselves, it is essential for a business to create a robust application strategy. With a defined application strategy, it is not only easier to manage application environments but also for IT to respond to shifting customer demands as defined by the business. Ultimately what happens at the back office impacts the customer experience and vice versa.
According to F5’s 2022 State of Application Strategy Report, 88% of organisations continue to manage a mix of modern container-native and mobile apps in addition to critical legacy applications. It’s a balancing act, but one that, if executed effectively, leads to benefits that include improved innovation, business agility, and much improved total cost of ownership.
Unfortunately, the more innovative and app-savvy we become, the more vulnerable a business is to security threats and challenges. Which again is where the role of an application strategy plays an important role. But a strategy is just a strategy unless it has the backing of a system, process, or platform to help it take shape.
Application infrastructure protection
If we reflect on where business is today, it can be said that until recently, modernisation projects have focused on the optimisation of the digital experience presented to the customer. To ensure we don’t erode the value we are delivering and guarantee the safety of applications, we need to turn to modern tools, like AI, which form part of modern application infrastructure platforms (AIP). For example, according to the F5 report, 71% of respondents intend to use AI for security.
Solutions like F5’s recently released Distributed Cloud AIP, which it has made available on its Distributed Cloud Platform, are a big step for clients who want to better manage and secure these application environments simultaneously. The benefit of platforms of this nature is that they deliver comprehensive telemetry and high-efficacy intrusion detection for cloud-native workloads – because they leverage tools like AI. And better visibility results in better defences against modern threats on app infrastructures.
Deployment knowledge is power
We often talk about visibility. In fact, it is one of those IT metaphors that is added to the label of every product to increase sales. What visibility should translate to is the freedom to choose the deployment and consumption model for each app security and delivery technology. These decisions must be based on what each app intends to deliver. And not just be factored into the application development process or asked as an afterthought.
Our partner F5 summarises this perfecting in its 2022 State of Application Strategy Report where it says: “Making the best decision for each supporting technology (and thus for the application itself) requires focused attention as well as vendors whose solutions can work both effectively and consistently across a large variety of deployment models.”
Take action now
We are firmly living in the application economy, which we know is an intricate tapestry of complexities that IT needs to manage at any given point. To ensure that this tapestry doesn’t unravel because of badly managed and badly secured application environments – a business must take meaningful steps towards improving its security posture to secure the whole company and its network of applications.
To thwart new vulnerabilities, organisations must adopt identity-based security to address and manage threats contextually while still having the freedom to modernise application frameworks and processes simultaneously. To balance this risk with performance, we can conclude that IT teams who embrace an application strategy, deploy an AIP, and effectively deploy and manage WAFs, API security, and bot defences across the application portfolio. This will allow them to benefit from lowered risk profiles and better overall risk management.