Every company today is in the digital experience business. And, in the wake of COVID-19, because those experiences are now the primary way that people interact and transact with just about every organization, customer expectations are higher than ever.
Applications are at the core of digital experiences. Whether it’s a company’s website or business app, the applications those organizations design, build, and operate are the face to their customers. The digital experience enabled through these applications is not only critical, but can be fragile: According to AppDynamics’ App Attention Index, nearly 80 percent of consumers have sought discounts or refunds due to a poor digital experience. And 32 percent report that they’d abandon a brand they’ve previously been loyal to because of one bad experience — just one!
Clearly expectations surrounding today’s apps are incredibly high and are only getting higher. This is largely being driven by innovators — Amazon, Apple, Uber, to name a few — that continue to find new ways to disrupt and differentiate through digital experiences. But most companies struggle to keep pace with customers’ rising expectations.
Many companies have vast application portfolios that enable them to connect with customers, employees, and partners. Because of factors like cost, risk, and compliance, these apps are often a complicated mix of services and functionality stitched together with traditional and modern technologies. Think of a bank with a slick, modern mobile app that serves up account information or calls on business logic sourced from an archaic back-end system, which must be maintained to ensure reliability and continuity with complex systems that can’t all be changed at once.
Challenges around security are also daunting and appear to be getting worse. One reason is complexity. Our latest State of Application Services report highlighted the difficulty organizations have managing the security of their applications in today’s multi-cloud environments. This is heightened by the rapidly evolving cyber security threat landscape, where the cost of sophisticated attacks keeps dropping, but the cost of defense keeps increasing. In particular, the huge number of data breaches in the last decade have made it possible for nearly any cybercriminal in the world to take over application accounts by checking to see where users have reused passwords across websites.
In fact, research has found that 86 percent of cyberattacks target applications or identities associated with them. The number of attacks on apps increases every year and, amid the global pandemic, we’ve seen an unprecedented spike.
Then there’s the challenge of visibility. Part of delivering a compelling digital experience is being able to optimize the performance of each app. Gaining insight into how application traffic is flowing and where and how to tune it requires granular, end-to-end visibility. However, the IT infrastructure and services supporting these apps are complex and siloed, so very few organizations have developed this capability for even their most critical customer-facing apps.
All these issues are further compounded by sheer scale. In the age of microservices and distributed computing, it is not possible to stay on top of an expanding growing app portfolio without increasingly sophisticated automation.
The role of adaptive applications
An important element of this more sophisticated automation is enabling applications to adapt. Much like a living organism, adaptive applications grow, shrink, defend, and heal themselves based on the environment they’re in and how they’re being used. This applies to cloud services and digital-native organizations as much as established companies with a complex mix of traditional and modern architectures.
Practically, what does this look like? Something called the application data path is a good place to start. This is the pathway through which application traffic flows to reach an end user and application services. It is the set of capabilities that sit along the application data path which provide end users secure and reliable access to the application business logic.
Application services include capabilities that facilitate application delivery, such as app servers, web servers, ingress controllers, load balancers, DNS lookup, and CDNs. A different set of application services facilitate application security, including web application firewalls (WAFs), secure application access, anti-DDoS technologies, anti-bot technologies, and defenses against fraud and abuse. Essentially, these app services are the foundation for digital customer experiences.
Each of these application services generate valuable data about what’s going on with the application traffic, such as latency, steering, and policy enforcement. Harvesting that telemetry creates the necessary granular visibility to then be able to change controls and configurations to optimize performance and security along the application data path.
Many of these capabilities are in place already, but to take the next big step toward adaptive applications, we need to layer a few more on top — a layer of analytics and automation that takes in the telemetry coming off the application services and passes configuration back down to them. Machine learning and other AI techniques can enable the system to learn from historical or similar traffic patterns and provide insight into exactly what’s happening as well as the best path forward for optimization.
How adaptive applications work
An adaptive application can act on this telemetry to grow, shrink, and adjust behavior on demand. Think about it this way: your favorite global coffee purveyor probably has a mobile app that you can use to find the closest store, order drinks from your smartphone, pay directly from an e-wallet, and acquire rewards points. All of those interactions need support to keep them performant and secure. Because coffee drinking spikes in the morning, you don’t need the same resources distributed evenly across the globe twenty-four hours a day — your resources are going to change based on business needs.
Adaptive apps allow businesses to scale up performance, security and experiential resources to meet the morning rush in London and then redeploy them in data centers or points-of-presence (PoPs) on the US East Coast to support peak caffeination times in New York…and keep following the sun west.
What’s more, adaptive apps can defend and heal themselves. So if a bad actor tries to attack or defraud the application to steal data or money or rewards, through AI the app can learn and apply that knowledge across the network to block further attempts from that actor or similar activity from other actors. Human operators can then set rules about how similar issues should be handled. In this way, the adaptive application is not just scaling and securing, it’s actually learning and improving over time.
Looking to an adaptable app future
Right now, the general norm is that these things do not happen automatically in hybrid or multi-cloud environments. A great deal of manually implemented policies and scripting are required to establish what is effectively hardcoded adaptability. Most companies operate in a world today where if a customer experience is poor, they hear about it first through social media and then must scramble to track down enough specifics to narrow in on a resolution. This method of managing applications, a static process where the organization manages its resources in a manual way, does not scale to deliver against the sky-high customer experience expectations companies are faced with today.
In an adaptable app world, app services independently scale themselves depending on demand. They defend themselves and provide alerts to the overall system if they’re suffering from any challenges. They coalesce into an end user experience that’s as adaptable as possible, with the ability to configure and orchestrate into different kinds of experiences. With the ultimate result being an extraordinary digital experience for the end user of the application.
- Kara Sprague, Executive Vice President and General Manager of BIG-IP at F5.