BLOG

F5 Research Shows How APIs and AI Are Transforming App Security

Kara Sprague Miniature
Kara Sprague
Published April 30, 2024

Over the years, F5’s State of Application Strategy report has been a resource for organizations seeking to understand the technologies and trends driving application security and delivery. This year’s survey, our 10th annual, shows both the benefits organizations are experiencing as well as the struggles holding them back at the dawn of broad enterprise adoption of AI and during a time of rapid digital evolution.

While the report is packed with important findings, and I encourage you to read it in its entirety, three trends that stood out to me as especially important: the exploding use of APIs and the security threats there-in; the challenges of hybrid, multicloud operations; and the necessary role of automation and AI in reducing toil for IT operators.

1. APIs are on the rise, and they require new security measures.

I’ve talked before about how we’re now in the era of app capital. It’s now clear we've also entered the era of ubiquitous AI. And one result of both is that APIs are proliferating. As more organizations modernize their apps, APIs have become central to how companies create value for themselves, their partners, and their customers.

Our research shows the average number of APIs organizations are managing is growing rapidly. Indeed, 41% of organizations now manage at least as many APIs as apps—and we expect these numbers will only increase as companies incorporate AI into their businesses.

While APIs have become as critical to businesses as apps themselves, the downside is that they’re more difficult to monitor, protect, and manage. API security is of particular concern, and our research shows organizations are starting to take the steps needed to manage this growing challenge. Indeed, 95% of survey respondents report using an API gateway, compared to just 35% in 2019. Likewise, 43% are automating app and API security, compared to just 25% for app delivery.

As more companies adopt AI and machine learning models in the coming years, API security will only become more critical. We expect more companies to implement the comprehensive measures required to protect these business-critical assets, including continuous monitoring, code scanning, API testing analysis, API discovery through traffic analysis, threat surface mapping, and enforcement.

2. Companies are choosing to manage multicloud complexity—not eliminate it.

Through our research over the years, it’s become clear that organizations want to deploy each app on a case-by-case basis where it makes the most sense for their business—whether that’s in an on-premises data center, in multiple clouds, or at the edge.

And as organizations deploy AI models and services, the same phenomenon holds true—solidifying distributed, hybrid, and multicloud environments as the norm. In fact, this year’s research shows that 88% of organizations now operate in hybrid environments spanning on-premises and cloud, while 38% have apps deployed in six different environments. 

The number of app environments organizations are using continues to trend upward.

The number of app environments organizations are using continues to trend upward.

Distributed environments are here to stay, despite the great deal of operational complexity, cost and risk they bring. So much so, that at F5 we’ve named this new reality for enterprise IT the “ball of fire.” The ball of fire is the tangled reality in most enterprises today and it’s not going away. In fact, current trends suggest it’s only going to get more complex as enterprises continue to adopt microservice-based application architectures and AI. 

Today’s organizations operate in hybrid, multicloud environments—and the complexity continues to grow.

Given this reality, there’s intense interest in technologies that promise to tame hybrid multicloud complexity. As a result, it’s no surprise that multicloud networking was cited the no. 3 most exciting trend by our survey respondents for the second year in a row. As companies look for ways to simplify the management of their distributed environments, multicloud networking offers a way to unify, secure and obtain visibility across these networks.

3. Organizations are turning to automation to reduce complexity, and they’re counting on AI to help.

As organizations get deeper into their digital transformations, they are increasingly automating their IT functions. Our survey results show that 52% of organizations have automated their app infrastructures, while 43% have automated app security. On the other hand, app delivery was the least automated IT function, with just 25% of respondents automating this function—both because of budget limitations and the complexity involved. 

How organizations responded when asked, “What use of generative AI is the most valuable to you with respect to security?”

While operational complexity presents a barrier to automation, organizations are counting on generative AI to help, rating it the no. 1 most exciting trend of the year. Security is the top use case for generative AI, with 35% of respondents interested in using generative AI to automate policies and configuration tasks too complex to manage manually, and 29% wanting to use it to improve their ability to detect and neutralize threats. 

Solutions are emerging to tame hybrid multicloud complexity

New solutions such as API Security, multicloud networking, and automation and AI are emerging to tame this hybrid, multicloud complexity—and the most successful digital businesses will be the ones that move rapidly to adopt them.

To learn more, read the full 2024 State of Application Strategy Report.