Businesses must increasingly deploy application gateway services to enforce consistent security standards across the 16 different application services that the average enterprise is currently using, according to a new survey that also flagged difficulties in enforcing security across ‘multi-cloud’ application strategies.
Fully 47 percent of the 3000 respondents to the F5 Networks State of Application Delivery 2018 report said their digital-transformation initiatives were pushing them to change the way they develop applications, with 49 percent agreeing that transformation was driving them to bolster their delivery of applications from the cloud.
As a result, many were exploiting the fluid architectural constructs that underlie cloud-driven transformation, with 41 percent of respondents exploring new applications architectures such as containers and microservices.
Perhaps coincidentally, a similar percentage – 40 percent – said a key challenge of multi-cloud deployments was protecting applications from existing and emerging threats.
“Even with the constant threat of security breaches, there is no sign that digital transformation is slowing down, said Adam Judd, F5 Networks senior vice president for Asia Pacific, China and Japan in a statement.
“Digital transformation is impacting Asia Pacific businesses as they focus on building the foundation for application-driven customer experiences which are faster, smarter and safer.”
The results reflect ongoing challenges companies have in promulgating risk-focused SecDevOps culture that has been struggling to gain traction against fast-moving Australian developers that often don’t engage with security teams until the end of each development cycle.
“We’re trying to break down the traditional stovepipe,” Accenture Security APAC managing director Joshua Kennedy-White recently told CSO Australia, noting that development costs many times more if it’s not run iteratively. Yet that iteration – espoused in the Agile development that usually goes hand-in-hand with modern digital transformation projects – causes its own issues.
“We’re trying to build SecDevOps into every phase through development, user acceptance, and so on,” he explained. “By having SecDevOps throughout the whole lifecycle of the development phase, you’re allowing the incremental – the delta – to be built into the development phase and identified early.”
This approach also helps organisations pace their investment in security, Kennedy-White added, noting that security issues would also emerge outside of the development cycle.
“Organisations tend to have their budgets for security, testing, and development, and this is a different way of spreading that investment,” he said. “It tends to make the process a little less linear.”
Despite broad support for the idea of cloud platforms, developers are adopting different approaches to the transformation depending on the application.
Fully 56 percent of respondents to the F5 survey said they chose the best cloud for an app on a case by case application, with just 30 percent saying that the IT organisation dictated the choice of cloud and 22 percent reporting that it was business units deciding which cloud a particular application should use.
Given the diversity of approaches to cloud application deployment, it can be little surprise that security practitioners have struggled to stay ahead of the changes. Some 42 percent of respondents said it was a challenge to apply consistent security mechanisms across all company applications, whether hosted in public clouds or – as was most common for finance, billing, and HR applications – on-premises private clouds.
Application gateways and Web application firewalls (WAFs) are proving popular as a way of addressing multi-cloud security strategies, with businesses using them to manage and secure the flow of data to and from multiple cloud platforms. Increasing demand has driven demand for WAFs, in particular, that led Gartner to predict that 2018 will see that market “ripe for disruption”.