Hybrid IT is here to stay, according to F5’s 9th annual State of Application Strategy Report (SOAS).
Globally surveyed IT decision-makers claim that more than one-fifth of their applications are hosted in six different environments, resulting in a series of security and operational challenges, as well fuelling demand for multi-cloud networking solutions.
“App hosting decisions are typically based on specific goals, and organisations have realised that there’s simply no one environment that’s best for them all,” said Lori MacVittie, Distinguished Engineer at F5, and SOAS report co-author.
On-premises deployments remain the foundation of today’s application architectures
Against this hybrid-centric backdrop, the SOAS report found that that public cloud aspirations (and hype) are returning to earth.
In 2018, 74% of survey respondents planned to deploy “up to half” their apps in “a cloud.” Today, just under half of respondents (48%) say they currently have any apps deployed in the cloud, and on average organisations deploy only 15% of their app portfolio in the cloud.
After years of decline, the percentage of applications hosted in traditional, on-premises data centres grew by 2% over 2022 levels to 37%. The share of on-premises deployments exceeds 50%, as both traditional and cloud environments exist on premises.
Although most other deployment models—such as public cloud and SaaS—have been on the rise in recent years, each levelled out or slightly decreased in 2023. The mobility of applications facilitated through app repatriation is a key driver of that trend. This continues at high rates for the second year in a row: more than a third (43%) of respondents are repatriating apps or plan to do so soon. The need to control app sprawl in a multi-cloud world is the top motive here, cited by 54%.
Repatriation is especially concentrated in the financial services, telecommunications, and technology industries—those likely to be juggling multiple clouds and potentially also the most likely to possess the necessary skills to efficiently manage their apps on premises.
Private clouds host only 17% of the average enterprise portfolio—barely half as much as on-premises data centres. SaaS is close behind at 16% (though technically it’s a consumption model, not a deployment model).
The overall picture is one of hybrid diversity anchored by business priorities for data sovereignty, risk management and customer experience requirements.
Modern app architectures are everywhere.
Every surveyed organisation operates modern apps, consumes SaaS, or does both. On average, more than a third (40%) of their portfolios (excluding SaaS) can be described as modern, which includes mobile apps and the use of microservices. This percentage has been growing steadily and is expected exceed 50% (and probably 60%) by 2025.
Nevertheless, 95% of organisations still operate traditional apps, with 85% stating that they are managing and securing both.
When it comes to retiring traditional apps, 59% of respondents are replacing them by building modern versions. Organisations in manufacturing and government are most likely to build their own. Meanwhile, about 46% of organisations—healthcare prominent among them—are replacing traditional apps with SaaS offerings. One in five expect to simply decommission apps that are no longer needed.
At the same time, 16% have no plans to retire traditional apps that may preserve core business functionality, as in banking or insurance. In industries such as energy, healthcare, or telecommunications, where slow-moving regulatory requirements tend to lock in technologies, up to 33% of respondents expect to retain traditional apps.
The SOAS report predicts that the percentage of modern apps in the average portfolio across industries is likely to steadily rise throughout the decade. A significant portion of those may be microservices chained together solely to interface with a traditional app.
App security and delivery technologies are also distributed
59% of SOAS respondents deploy app security and delivery services on premises, and an equal majority deploy at least one in a cloud.
Cloud deployments are especially common for security technologies. But the delivery of app security and delivery technologies via SaaS is growing in popularity. Nearly one-third (30%) use this method, which can help grow and scale apps across clouds or other environments without increasing complexity or reducing control.
Identity and access management (IAM) technologies such as SSL VPN, single sign-on (SSO), and identity federation are the most commonly deployed app services today. Notably, the number of different app services deployed overall has more than doubled since 2017.
Multi-cloud challenges continue, but solutions exist.
Nearly nine of every 10 respondents operating in multiple clouds continue to cite challenges with multi-cloud security, performance, and cost.
The top challenge in 2023 is the complexity of tools and APIs that results from the lack of standardisation or interoperability of the tools used for different deployment models (39%). Applying consistent security policies is the next largest challenge for the second year in a row (36%), performance optimisation (36%), and determining the most cost-efficient cloud for the app (35%).
“These challenges are no doubt why organisations in the Americas and EMEA called multi-cloud networking the most exciting trend over the next few years,” said MacVittie.
To keep pace with all the challenges and opportunities, the SOAS report recommends that organisations embrace and combine complementary approaches, including IT practitioners that aren’t limited to siloed expertise, process methodologies such as site reliability engineering (SRE), and tools such as declarative deployment policies.
Crucially, they also need to explore app security and delivery technologies that cross deployment models, may be delivered as a service, perform consistently across all the organisation’s distributed apps and architectures—including those it obtains as SaaS.
“Digital business requires an adaptive IT infrastructure, and organisations need solutions that mitigate the challenges of operating in hybrid and often multi-cloud landscapes,” MacVittie concluded. “The key to easily achieving that is to engage with partners whose solutions extend the connectivity of multi- cloud networking to secure and deliver all kinds of apps and APIs that are distributed across various clouds, data centres, and edge locations.”