The widespread integration of AI into enterprise applications, which is expected to increase as early as 2025, could further complicate already difficult management of multicloud hybrid cloud strategies in Australia and APAC regions and make them more unsustainable, according to application delivery and security firm F5.
Kara Sprague, executive vice president at F5, told TechRepublic in Australia that the growth of AI applications will accelerate the complexity, cost, and attack surface associated with enterprises using multiple environments, including cloud and on-premises systems.
To address these challenges, F5, which aims to serve as the ultimate abstraction layer for enterprises, suggests two possible solutions:
- Rationalize environments: Companies could streamline their operations by reducing the number of environments they use.
- Adopt a layer of abstraction: Leveraging an abstraction path could provide better control over various IT assets.
AI is expected to be introduced into applications between 2025 and 2026
F5 anticipates that enterprises will begin to widely adopt AI services and models in 2025, and they are likely to start appearing en masse in business applications.
“AI will be embedded in and enable the capabilities of many existing IT solutions,” Sprague said.
Analyst firm IDC predicted in January 2024 that by 2026, half of all midsize companies in the Asia-Pacific region, excluding Japan, will use AI-based generative applications to automate and optimize their marketing and sales processes.
SEE: 9 innovative business use cases for AI
“Every player in the security industry is incorporating some form of AI assistant or co-pilot into their consoles,” Sprague added. “In addition, we will also see many more use cases with new spending aimed at supporting AI workloads.”
The growing AI-driven 'crisis'
The integration of AI into business applications could intensify the “crisis” that, according to F5, companies are going through with the management of “unsustainable” hybrid and multicloud strategies.
“It’s adding fuel to the fire of what we describe as a fireball,” Sprague said. “Today, in the early days of AI, nine out of 10 organizations have ended up having their applications and data not in one public cloud, but in up to four different environments.”
These environments include public clouds, SaaS providers, co-location services, on-premises and edge installations. AI is expected to catalyze “a lot of new modern AI-based applications” that focus heavily on the application programming interfaces that are at the front of those applications.
“AI will drive an ever-increasing distribution of applications and data across hybrid and multicloud environments,” he explained. “So AI is going to accelerate everything that was already happening over the last seven years in terms of the increased distribution of applications and data, and the growing number of applications and APIs, which have increased the threat surface.”
Delving into possible solutions
To address this growing complexity, enterprises can look to rationalize their existing footprints into hybrid multicloud environments or adopt an effective abstraction layer to manage their underlying applications and environments efficiently.
“Those are basically the archetypes of the solutions that are out there,” Sprague said. “So you either reverse course and rationalize to reduce the number of environments or you abstract the environments in a way that makes logical sense for the business.”
Rationalization of business environments
Companies can aggressively rationalize the environments they support, Sprague said, and join the small number of companies that have managed to stick with a public cloud. However, he said he can “count on one hand the number of companies that have managed to do so.”
SEE: Cloud and cybersecurity to drive IT spending in Australia in 2024
According to Sprague, sticking to a single public cloud “would require an incredible amount of discipline.” This strategy could also lead companies to limit themselves to innovations from a single cloud provider, which may not be wise given that AI could drive shifts in market share and profit pools between providers.
Choose an abstraction layer to better manage multicloud
Enterprises can achieve greater control through an abstraction layer. One variant is hypervisor-level abstraction, similar to Red Hat OpenShift, which allows organizations to move OpenShift-based applications to any supporting environment.
F5’s abstraction layer is built on top of the L4-L7 elements of the Open Systems Interconnection model. This approach can handle “all application delivery and security, while remaining agnostic to the hypervisor or Kubernetes distribution across the stack,” Sprague said.
Abstraction layers come in different flavors from different vendors.
Few companies offer abstraction layers across all environments. For example, dominant cloud service providers such as Microsoft, Google, and Amazon excel at securing, delivering, and optimizing applications in their own environments, but are less effective at extending these capabilities to other environments, including on-premises ones.
Other companies in the application delivery control, content delivery network, or edge space space may lack extensions from on-premises to cloud environments, or vice versa. This leaves a small group of organizations that abstract neutrally across the growing number of environments. F5 falls into this category.
“We have completed a series of acquisitions over the last five years to get to the point where today we can definitively say that we are the only solution provider that protects, delivers and optimizes any application, any API, anywhere,” Sprague said.
API attacks are increasing rapidly
API-targeted attacks now account for more than 90% of attacks F5 has seen on its infrastructure.
“Just a couple of quarters ago, it was more like 70% or 75%,” Sprague said. “API security is an incredibly important security element that companies often don’t understand well enough.”
AI will only expand this exposure. “The more distributed your applications and data are, the larger the threat surface you have to cover,” Sprague explained. “And add AI-powered cyberattackers to that, and you have a recipe for even greater risk.”
Take a holistic approach to API discovery
F5 recommends that organizations treat API discovery for security like an iceberg.
“If you ultimately feel like you have a handle on where your applications are, APIs are everything beneath the surface of those applications, so you need multiple avenues and lenses of discovery,” Sprague said.
This should include real-time traffic analysis offered by most API security players, static application code testing and analysis, dynamic testing or code scanning, and external application threat modeling and assessment, which provides an external perspective on vulnerabilities that exist in an organization's publicly accessible web applications.
Sprague adds that it is important to “close the loop” between API discovery and securing those APIs by applying runtime measures. “We advocate for a very comprehensive and holistic approach to discovery,” Sprague says.
