F5: AI applications will complicate ‘temporary’ hybrid multicloud deployments in Australia

According to application delivery and security firm F5, the widespread integration of AI into enterprise applications, which is projected to grow by 2025, could further complicate the already challenging management of hybrid multicloud strategies in Australia and the Asia-Pacific regions and make them more volatile.

F5 executive vice president Kara Sprague told TechRepublic in Australia that the growth of AI applications will accelerate the complexity, cost and attack potential associated with enterprises’ use of multiple environments, including cloud and on-premises systems.

To address these challenges, F5, which aims to serve as the ultimate abstraction layer for enterprises, suggests two potential solutions:

• Make the environment rational: Enterprises can streamline their operations by reducing the number of environments they use.
• Adopt an abstraction layer: By leveraging abstraction, better control over diverse IT assets can be achieved.

Projected AI applications by 2025 and 2026

F5 estimates that enterprises will begin to widely adopt AI services and models in 2025, and they will likely become widely used across enterprise applications.

“AI will be embedded in and will facilitate the capabilities of a lot of existing IT solutions,” Sprague said.

Analyst firm IDC predicted in January 2024 that by 2026, half of all mid-sized businesses in the Asia-Pacific region, excluding Japan, would be using generative AI-based applications to automate and optimize their marketing and sales processes.

SEE ALSO: 9 innovative business use cases for AI

“Every security player is embedding some kind of AI-type assistant or co-pilot in their console,” Sprague said. “Plus, you’re also going to see a lot more use cases with new spending to support AI workloads.”

The Growing AI Crisis

The integration of AI into enterprise applications could further intensify the “crisis” that F5 argues enterprises are facing in managing “temporary” hybrid, multicloud strategies.

“This is like pouring fuel on what we’ve been calling a fireball,” Sprague said. “The situation we’re in today, at the time of the rise of AI, is that nine out of 10 organizations have their applications and data not in one public cloud, but in four different environments.”

These environments include the public cloud, SaaS providers, colocation services, on premise, and the edge. AI is expected to catalyze “a whole bunch of new, AI-based, modern applications,” with a heavy focus on the application programming interfaces those applications face.

“AI will drive the increasing distribution of applications and data across hybrid, multicloud environments,” he explained. “So, everything that’s been happening over the last seven years in terms of the increasing distribution of apps and data and the growing number of apps and APIs that have increased the threat surface, AI is just going to accelerate all of that.”

Considering Possible Solutions

To cope with this growing complexity, enterprises can either try to rationalize their existing footprints in a hybrid multicloud environment or adopt an effective abstraction layer to efficiently manage their applications and underlying environments.

“These are basically the archetypes of the solutions that are available,” Sprague said. “So either you change direction and rationalize into a smaller number of environments or abstract the environments in a way that, you know, makes sense logically for the enterprise.”

Rationalizing the enterprise environment

Sprague said enterprises could aggressively rationalize the environments they support, and join the small number of companies that have managed to stick with a public cloud. However, she added that she could “count on the fingers of one hand the number of companies that have managed to do this.”

See: Cloud and cybersecurity will drive IT spending in Australia in 2024

Sprague said sticking to a public cloud will require “an incredible amount of discipline.” This strategy could cause companies to limit themselves to the innovations of a single cloud provider, which may not be prudent, as AI could lead to shifts in market share and profit pools among providers.

Choose an abstraction layer to better manage multicloud

Enterprises can gain more control through abstraction layers. One type is abstraction at the hypervisor level, similar to Red Hat OpenShift, which allows organizations to migrate OpenShift-based applications to any supporting environment.

F5’s abstraction layer is built on the L4-L7 elements of the Open Systems Interconnection model. This approach “can manage all application security and delivery, while remaining oblivious all the way up the stack to the hypervisor or Kubernetes distribution,” Sprague said.

Abstraction layers come in different stripes from different vendors

Only a few companies provide abstraction layers across all environments. For example, major cloud providers such as Microsoft, Google, and Amazon are excellent at securing, delivering, and optimizing apps in their own environments, but are less effective at extending these capabilities to other environments, including on-premise.

Other companies in the application delivery controller, content delivery network or edge space may lack extensions from on-premises to cloud environments or vice versa. This leaves a small group of organizations that abstract neutrally across a growing environment. F5 puts itself in this category.

“We’ve completed several acquisitions over the last five years that have brought us to the point today that we can say with certainty that we are the only solutions provider that can secure, distribute and optimize any app, any API, anywhere,” Sprague said.

API attacks are on the rise

API targeted attacks now account for over 90% of attacks against F5’s infrastructure.

“Just a few quarters ago, it was closer to 70% or 75%,” Sprague said. “API security is an incredibly important element of security that enterprises often don’t understand well.”

AI will further increase this risk. “The more distributed your applications and your data are, the bigger the threat area you have to cover,” Sprague explained. “And if you combine that with AI-driven cyber attackers, that’s a recipe for greater risk.”

Take a holistic approach to API discovery

F5 recommends that enterprises think of API discovery as an iceberg for security.

“If you ultimately feel like you’re fully aware of your applications, APIs are everything beneath the surface of those applications, so there are multiple avenues and lenses needed for discovery,” Sprague said.

This should include real-time traffic analysis, offered by most API security providers, static application code testing and analysis, dynamic testing or code scanning, and external application threat modeling and assessment, which provides an outside perspective on vulnerabilities that exist in an organization’s publicly accessible web applications.

Sprague said it’s important to “close the loop” between the discovery of APIs and the security of those APIs through runtime enforcement. “We would advocate for a very broad and holistic lens in discovery,” Sprague said.