The business leaders preaching digital transformation might as well be talking about applications transformation.
Applications are the key drivers for any business today and the way they are delivered and managed has an immediate impact on business growth.
Consumers increasingly go online to access services or to make purchases. These customers require their transactions to be fast and reliable. Equally, organisations are reliant on applications for their daily operations.
And this is why applications delivery services have emerged one of the most important cogs in the IT sphere.
Businesses increasingly seek reliable, smart and secure applications that need constant operations and maintenance, observed Hadi Alloh, sales director, networking and security, East, Emerging Market at Citrix.
Organisations are in the midst of a massive transformation from an application perspective, which also means the adoption or the leveraging of the cloud and the new applications architecture. The ultimate goal for them, Alloh said, is to increase profitability, enhance the security of their IT infrastructure, and improve the experience of their customers and users.
“Enterprises have to be agiler and be able to scale their applications to meet customer demands and enhance the experience for their users and customers by deploying the latest applications if they want to remain competitive in the market today,” said Alloh. “The new pillars for this kind of digital transformation or strategy is to leverage the new applications architecture and the new cloud to drive profitability and user experience while reducing security vulnerabilities and accelerating multi-cloud deployments,” he adds.
The pursuit of that goal has led to an increased dependence on application services. A recent research by F5 Networks reveals that application services continue to rise in importance, with the average enterprise deploying more than a dozen application services.
IT today is all about applications; it’s no longer about the infrastructure, said Tabrez Surve, regional director Gulf & Turkey, F5. “Applications have emerged as the main tool for user interaction with the business. Application services that support this process have thus become very crucial.”
The application delivery controller (ADC) remains the foundational platform for applications delivery. That said, the modern ADC is a far cry from the traditional hardware appliances that did little more than load balancing.
There's an evolution in the ADC market which is transforming from traditional hardware-heavy solution to software-based applications delivery controllers, designed for virtual environments and cloud portability, observed Alloh. This transition continues with the shifting of application delivery controllers to cloud providers by the likes of AWS and Azure to provide applications delivery services under their cloud offerings. Analysts expect 50-60% of the adoption of ADC will be towards software ADC and cloud provider ADC in the next few years. This transforms ADC it to applications-delivery-as-a-service, Alloh observed.
“From a management standpoint, we believe that the ROI is going to be much better by aligning application delivery process with more usage-based purchase models. This helps any provider to automatically provision, deploy and manage that application inventory on demand,” adds Alloh.
IT organisations are now employing a broad mix of modern application development platforms including PaaS, containers, and serverless technologies. Cloud-native containerised ADCs can auto-scale with container traffic analytics and security enforcement on top of leading Kubernetes orchestration platforms, Mohammed Al-Moneer, regional director, MENA at A10 Networks said.
Once an afterthought in software design, security is becoming an increasingly important concern as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.
Most enterprise applications, both off-the-shelf and internal custom software, will have some type of vulnerability as code development and SQA are not perfect, observed Al-Moneer. For organisations that involve personal identification numbers (PIN), PCI-DSS in 2010 mandated the use of code audits or application firewalls (WAFs). These platforms protect applications by preventing hacker’s ability to exploit the vulnerabilities. ‘Day zero’ attacks such as cross-site request forgery, cookie poisoning, forceful browsing, and X-Path and SQL injection attacks are prevented, Al-Moneer explained.
“(Ultimately) you cannot protect what you can’t see. Gaining visibility in application workflows helps to reduce threat attack surface and improve application vulnerability correlations,” he adds.
Cloud-first strategies, IoT, mobility and other transformation pursuits have made corporate applications the backbone of the digital economy, observed Charbel Khneisser, regional presales director, METNA at Riverbed. While delivering competitive differentiation, they also result in the IT perimeter becoming more distributed and complex to secure. “At the same time, security can’t be done at the expense of performance or agility. What enterprises need is an integrated set of solutions that treat security, agility, and performance as complementary goals,” Khneisser said.
Since data is held by the application itself, securing the application can go a long way in addressing security threats, said F5’s Surve. For F5, this means having security tools embedded within its products themselves. “And as applications move to the cloud, we can just replicate the same scenario of ensuring application security.”
Unlike cybersecurity firms that approach app security from a security mindset, applications delivery services providers such as F5 bring an applications mindset. “We have more than a million applications which are running behind F5 infrastructure, so the kind of vulnerabilities and patches that a particular application would need are known by us. We make sure we are able to secure those applications and any type of interactions that happen with those particular entities,” Suvre said.
As enterprises seek to transform their applications portfolio to compete in the digital economy, security challenges arise, observed Alloh. This has led to an increase in demand for application security and specifically the Web Application Firewall (WAF) such as those offered by Citrix.
Applications in the cloud age
Almost every organisation today (97%) has some form of clouds presence, as the value of the cloud becomes irresistible. Many of these businesses have adopted multi-cloud strategies, leveraging the strengths of the various cloud platforms. Ultimately, they realise that they have moved out but the shift is not uniform as different clouds have different cloud architectures and dissimilar ways of consumption. Enterprises, however, need some uniformity-users were used to a certain level of user experience and irrespective of where the application sits, or the cloud service they have moved to, their users want the same uniform experiences. This is one of the biggest challenges a lot of customers face when they are looking at a multi-cloud environment, said Surve.
“F5 works with the major cloud to create an abstraction layer because we sit between the users and the application. Irrespective where you migrate your workloads, you will still interact with the same applications and users get the same user experience,” Surve explained.
A10 Networks’ Al-Moneer said organisations need multi-cloud solutions with centralised management, orchestration, and automation and visibility tools to oversee the instantiation, deployment, monitoring and control of the app services. “By definition, this requires software-defined app services with virtual and bare metal options that support the same feature set as on-premise platforms,” he adds.
Security also becomes a challenge when they organisations are moving to the cloud. They want to replicate the same controls and the same policies they were using on-premise within the cloud environment. Another of F5 Network’s offerings is a security extraction layer. “We sit in front of these cloud environments and ensure that you not only have them highly available and performing, but we secure those applications also so that any data transactions that a user might be doing, irrespective of the cloud environment, follow the guidelines of the security policy of the organisation,” Surve explained.
In fact, the majority of new applications are native-cloud applications, Surve observed.
Instead of the “lift and shift” of applications from on-premise, apps are now built for the cloud (public, private or hybrid) with consumption through Pay-as-You-Go, Bring-Your-Own-License or SaaS subscriptions, observed Al-Moneer. “A flexible licensing pool structure is recommended for multi-cloud capacity management and the avoidance of over-provisioning,” he adds.
As enterprises drive toward “Cloud-First” or “Cloud-Only” in their digital transformation, the key considerations are agility, scalability, and security. In addition, DevOp workflow automation and application lifecycle visibility help reduce manual efforts associated with workload provisioning, Al-Moneer explained.
Alloh of Citrix said cloud is becoming a major pillar to Citrix’s technology with every single technology on offer, including the application delivery, built around enabling the cloud. “We see a major shift in enterprises in enhancing their infrastructure by moving to the cloud. We are now engaged in major deals by customers who have shifted from the traditional on-premise infrastructure to the cloud and every single technology today we have is cloud-ready,” he adds.
Moving applications to a public or hybrid cloud, or subscribing to software-as-a-service (SaaS) requires organisations to relinquish control to their cloud or SaaS provider. However, IT teams still remain responsible for excellent user experience and application performance even though they don’t control all of the infrastructures on which the applications run, said Khneisser. “This promotes the need for rapid development of high-quality apps that can be effectively migrated to the cloud, and the ability to monitor and control performance to assure performance is on par with the on-premise equivalent,” he adds.
Today, technology investments are being driven by the CFO and other C-level executives rather than just by IT teams. The reason for this is that digital technologies can now determine the organisation’s entire go-to-market strategy, observed Khneisser. “To stay competitive, organisations need to be agile and ready to adapt to the most suitable deployment model which can be public, private, hybrid and now even multi-cloud models. This promotes the need for flexibility and reliability of applications which is achieved when the delivery layer employs load-balancing, firewalling, service discovery and application chaining,” he adds.
The dependence on applications by businesses will only increase as digital transformation efforts gain even more momentum. Securely and efficiently delivering those applications will see the role of applications delivery vendors amplified significantly. The challenge for the vendors is to keep up with businesses that are under tremendous pressure to stay competitive.