The widespread integration of AI into enterprise applications, predicted to surge as soon as 2025, could further complicate the already challenging management of hybrid multicloud strategies in Australia and APAC regions and make them more unsustainable, according to application delivery and security firm F5.
Kara Sprague, executive vice president at F5, told TechRepublic in Australia that the growth of AI applications will accelerate the complexity, cost and attack surface associated with enterprises’ use of multiple environments, including cloud and on-premise systems.
To address these challenges, F5, which aims to serve as an ultimate abstraction layer for enterprises, suggests two potential solutions:
- Rationalise environments: Enterprises could streamline their operations by reducing the number of environments they use.
- Adopt an abstraction layer: Leveraging an abstraction pathway could provide better control over diverse IT estates.
AI predicted to move into applications through 2025 and 2026
F5 anticipates enterprises will begin widely adopting AI services and models in 2025, likely to start showing up en masse in enterprise applications.
“AI is going to be embedded and facilitate the capability of a lot of existing IT solutions,” Sprague said.
Analyst firm IDC predicted in January 2024 that, by 2026, half of all medium-sized businesses in the Asia-Pacific region, excluding Japan, are expected to be using generative AI-based applications to automate and optimise their marketing and sales processes.
SEE: 9 Innovative Business Use Cases for AI
“Every security player is embedding some sort of AI-type assistant or copilot into their consoles,” Sprague added. “In addition, you’re also going to see a lot more use cases with new spend going to supporting AI workloads.”
The growing AI-driven ‘crisis’
The integration of AI into enterprise applications could intensify the “crisis” that F5 argues enterprises are having with managing “unsustainable” hybrid, multicloud strategies.
“It’s pouring gasoline on what we’re describing as the ball of fire,” Sprague said. “Where we are today, at the dawn of AI, is nine in 10 organisations have ended up with their applications and data not in one public cloud, but rather in up to four different environments.”
These environments include public clouds, SaaS providers, colocation services, on premise and the edge. AI is expected to catalyse “a whole bunch of new, AI-based, modern applications” that are heavily focused on the application programming interfaces that are fronting those applications.
“AI will drive an increasing distribution of applications and data across hybrid, multicloud environments,” she explained. “So, for each of those things that were already happening over the last seven years in terms of the increasing distribution of apps and data, and the growing number of apps and APIs, which have increased the threat surface area, AI is simply going to accelerate all of it.”
Diving into potential solutions
To navigate this growing complexity, enterprises can either seek to rationalise their existing footprints across hybrid multicloud environments or adopt an effective abstraction layer to manage their applications and underlying environments efficiently.
“Those are basically the archetypes of the solutions available,” Sprague said. “So it’s either you reverse course and rationalise down to a smaller number of environments or abstract the environments in a way that, you know, logically makes sense to the enterprise.”
Rationalising enterprise environments
Enterprises can aggressively rationalise the environments they support, Sprague said, and join the small number of companies that have managed to stick with one public cloud. However, she said that she can “count the number of companies that have managed to do that on one hand.”
SEE: Cloud and Cyber Security Driving IT Spending in Australia in 2024
Sticking to one public cloud would “require an incredible amount of discipline,” Sprague said. This strategy could also lead to companies limiting themselves to the innovations of a single cloud provider, which may not be prudent given that AI could drive shifts in market share and profit pools among providers.
Choose an abstraction layer to better manage multicloud
Enterprises can achieve greater control through an abstraction layer. One variant is abstraction at the hypervisor level, similar to Red Hat OpenShift, which allows organisations to move OpenShift-based applications across any supporting environment.
F5’s abstraction layer is built across the L4-L7 elements of the Open Systems Interconnection model. This approach can manage “all the application security and delivery, while remaining agnostic to the hypervisor or the Kubernetes distribution all the way down the stack,” Sprague said.
Abstraction layers come in different stripes at different vendors
Few companies offer abstraction layers across all environments. For example, dominant cloud providers like Microsoft, Google and Amazon excel at securing, delivering and optimising apps in their own environments but are less effective at extending these capabilities to other environments, including on premise.
Other companies in the application delivery controller, content delivery network or edge spaces can lack extensions from on premise to cloud environments, or vice versa. This leaves a small pool of organisations that neutrally abstract across the growing number of environments. F5 puts itself in this category.
“We’ve completed a number of acquisitions over the last five years to get us to the point where we can definitively say today that we are the only solution provider that secures, delivers and optimises any app, any API, anywhere,” Sprague said.
API attacks are rapidly rising
API targeted attacks now make up over 90% of the attacks F5 has seen across its infrastructure.
“Just a couple quarters ago, it was more like 70% or 75%,” Sprague said. “API security is an incredibly important element of security that enterprises often don’t understand well enough.”
AI will only expand this exposure. “The more distributed your applications and your data ends up, the bigger the threat surface area is that you have to cover,” Sprague explained. “And you combine that with the AI powered cyber attackers, and that is a recipe for more risk.”
Take holistic approach to API discovery
F5 recommends enterprises treat API discovery for security as an iceberg.
“If you finally feel like you have your arms around where your applications are, the APIs are everything below the surface of those applications, so multiple avenues and lenses of discovery are needed,” Sprague said.
This should include the real-time traffic analysis offered by most API security players, static application code testing and analysis, dynamic testing or code scanning, and external application threat modeling and assessment, which provide an outside perspective on the vulnerabilities that exist in an organisation’s publicly accessible web applications.
Sprague adds that it is important to then “close the loop” between the discovery of APIs and the protection of those APIs through runtime enforcement. “We would advocate for a very comprehensive and holistic lens at discovery,” Sprague said.
