» INSIGHT
AN ERA OF “ADAPTIVE APPLICATIONS” Kara Sprague, Executive Vice President and General Manager of BIG-IP at F5 writes that we are entering a new world of “Adaptive Applications” and explains what it means
Every company today is in the digital experience business. And, in the wake of COVID-19, because those experiences are now the primary way that people interact and transact with just about every organization, customer expectations are higher than ever. Applications are at the core of digital experiences. Whenever you are interacting with a company online, whether through their website or their mobile app, the applications those organizations design, build, and operate are the face to their customers. The digital experience enabled through these applications is not only critical, but can be fragile: According to AppDynamics’ App Attention Index, nearly 80 percent have sought discounts or refunds due to a poor digital experience. And 32 percent report that they’d abandon a brand they’ve previously been loyal to because of one bad experience—just one! Clearly expectations surrounding today’s apps are incredibly high and are only getting higher. They are being driven higher by innovators—Amazon, Apple, Uber, to name a few—that continue to find new ways to disrupt and differentiate through digital experiences. But most companies struggle to keep pace with customers’ rising expectations. Many companies have vast application portfolios that enable them to connect with customers, employees, and partners. Because of factors like cost, risk, and compliance, these apps are often a complicated mix of services and functional-
34
ity stitched together with traditional and modern technologies. Think of a bank with a slick, modern mobile app that serves up account information or calls on business logic sourced from an archaic back-end system—which must be maintained to ensure reliability and continuity with complex systems that can’t all be changed at once. Challenges around security are also daunting and appear to be getting worse. One reason is complexity. Our latest State of Application Services report, published in January 2020, highlighted the difficulty organizations have managing the security of their applications in today’s multi-cloud environments. Another reason is the rapidly evolving threat landscape, where the cost of sophisticated attacks keeps dropping, but the cost of defense keeps increasing. In particular, the huge number of data breaches in the last decade have made it possible for nearly any cybercriminal in the world to take over application accounts by checking to see where users have reused passwords across websites. F5 Labs research finds that eighty-six percent of cyberattacks target applications or identities associated with them. The number of attacks on apps increases every year and, amid the global pandemic, we’ve seen an unprecedented spike. And then there’s the challenge of visibility. Part of delivering a compelling digital experience is being able to optimize the performance of each app. Gaining insight into how application traffic is flowing— and where and how to tune it—requires granular, end-to-end visibility. However,
CXO DX / NOVEMBER 2020
the infrastructure and services supporting these apps are complex and siloed, so very few organizations have developed this capability for even their most critical customer-facing apps. All these issues are further compounded by sheer scale. In the age of microservices and distributed computing, it is not possible to stay on top of an expanding growing app portfolio without increasingly sophisticated automation. F5 believes an important element of this more sophisticated automation is enabling applications to adapt. Much like a living organism, adaptive applications grow, shrink, defend, and heal themselves based on the environment they’re in and how they’re being used. This applies to bornin-the cloud, digital-native organizations as much as established companies with a complex mix of traditional and modern architectures. Practically, what does this look like? I’ve written previously about something called the application data path—the pathway through which application traffic flows to reach an end user—and application services—the set of capabilities that sit along the application data path to provide end users secure and reliable access to the application business logic. Application services include capabilities that facilitate application delivery, such as app servers, web servers, ingress controllers, load balancers, DNS lookup, and CDNs. A different set of application services facilitate application security, including web application firewalls (WAFs), secure application access, anti-DDoS technolo-
