What a year it's been, eh? There's been so much change in the past twelve months that I don't even know where to start reviewing and considering what is most important to pay attention to in the next twelve months.
A big part of my role in the office of the CTO at F5 is to track trends and technologies and identify which are the most important to investigate and adopt. Now, of course, those are biased toward F5 interests, but a lot of that is driven by recognizing what trends and technology will have the biggest impact on the market and, specifically, on app delivery and security. Typically, that impact is a result of changes in applications, like development languages, architectures, and new protocols and approaches to solving challenges arising from the last big shift in applications.
So, with that in mind, let’s look at a few of the trends and technologies that have grabbed my attention in the past year, shall we?
To say that APIs are ascending to the top of the IT stack is an understatement. In the past year, there have been more acquisitions and funding related to APIs than any other technology. A broad swath of existing trends and technologies – particularly observability and security – have aggressively been focusing on the challenges of visibility and security of APIs. The former is an attempt to address the growing issue of API Sprawl, and the latter is driven by the close relationship between data and APIs.
The thing is that APIs can be tied to multiple trends and technologies that need attention. APIs are the single most common factor driving changes across the IT stack.
ADOPT: Adaptive bot detection and neutralization
I'm sure you've read, as I have, about the growing volume and frequency of API-related attacks, many of which are driven by bots and seeking financial reward through the exfiltration of data. This was inevitable, given that APIs make navigating business logic and applications much easier for software than now-defunct scraping techniques. Visibility is needful not just for health and performance but to identify bad actors and indicators of malicious use of APIs.
This is why we see bot detection and neutralization as being high on the list of "must-adopt" in the next year. We don't mean "add CAPTCHAs" and multi-layered security that adds friction to the employee and customer experience. We mean technology-based, adaptive bot detection and API protection that combines sophisticated behavioral analysis with robust digital signal analysis that more accurately identifies bots and recognizes behavior indicative of malicious intent.
That last part is important because a growing number of "bots" includes software and machines acting on behalf of human beings. Their use is not malicious but rather by design. RPA and other forms of automation consume APIs on behalf of other software and users to relieve toil from human beings. These are good uses and should be encouraged while weeding out the bad uses and bad bots.
The rise and dominance of APIs is also providing fertile ground for changes in application architecture. The last ‘big shift’ in app architecture was the introduction and subsequent adoption of microservices, leading to the rise of Kubernetes and a new operational paradigm.
APIs, and in particular their use to access data more directly, is driving headless architecture to emerge. This app architecture is an API-first – and sometimes only – approach to applications that democratizes data and elevates app delivery, making both first-class citizens in the application architecture. You can see this shift occurring in the rise of protocols like GraphQL, which focuses on API delivery and offers a federated approach to architecting digital services. GraphQL is one of the few technologies to generate so much activity in the market it’s nearly impossible to ignore. It's also unsurprising. That last big shift in app architecture to microservices gave us REST and encouraged us to retire SOAP. It's not hard to posit that GraphQL is about to push REST off its throne or at least demand half the chair.
Needless to say, the adoption of headless architecture and GraphQL would have profound impacts on app delivery and security. It would also have a significant impact on enterprise architectures, practices, and tooling. So, in the next year, take a look at GraphQL and start evaluating its possible use within your portfolio because it's coming.
I've talked about this before, and I'll keep talking about it because it's still happening. This topic – that of pulling workloads out of the public cloud and bringing them 'back home' to the data center – is one that's continued to be contentious for some reason. Given the macroeconomic conditions, there are a lot more people talking openly about repatriation than in the past. Some folks point to rising cloud provider revenue as a counter to the reality of repatriation, but I've yet to see proof that increased revenue is coming from more customers and not just more consumption.
Our research tells us organizations are continuing to repatriate and plan to continue repatriating. But it also tells us that businesses are not leaving the public cloud. They're just using it more strategically – and perhaps more pragmatically. That same data tells us organizations aren't leaving the data center, either.
So, what does that mean? That means multi-cloud is here to stay, and with it, all the challenges around consistent security, the complexity of tools and APIs, and optimizing performance. It's also one of the forces driving the idea of superclouds to the surface.
Whether you hate or love the term, the concept it embodies is one of the answers to the continued challenges of operating in a multi-cloud environment. I don’t see organizations existing in the cloud entirely or dropping their data centers either, so an answer to multi-cloud madness is needed. In the next year, pay attention to supercloud as it will no doubt begin to produce roadmaps and solutions that address the challenges most organizations are experiencing with multi-cloud environments.
Over and Out
To recap (and for those of you who skipped to the end), here’s a quick redux of my advice for 2023:
- ADOPT: Adaptive bot detection and neutralization
- EXPLORE: GraphQL
- WATCH: Supercloud
That’s all there is. That’s a wrap. I’m outta here for the year. I want to say thank you – yes, YOU – for reading this far and for reading all year. I am constantly honored and humbled by the privilege of getting to pontificate month after month for you, and I look forward to sharing more insights and opinions in 2023.
Have a safe and happy holiday season!