Companies around the world are increasingly using Security-as-a-Service (SECaaS) solutions, Zero Trust and AI. For 42 percent of respondents, “threat defense speed” is the main reason for using SECaaS, i.e. cloud models for outsourcing cybersecurity services.
18 percent say SECaaS helps them address an in-house talent shortage. "In an economy increasingly driven by apps and APIs, cybersecurity processes must operate at lightning speed to stay ahead of rapidly evolving attacks," said Lori MacVittie, F5 distinguished engineer and co-author of the SOAS report.
Zero Trust and AI
Speed is also a factor driving the growth of Zero Trust security models: more than 80 percent of respondents are using or planning to use them. Overall, together with the convergence of IT and operational technologies, Zero Trust is the most exciting global trend of the next few years. He was still in third place in 2022. Above all, the prospect of faster response times is accelerating the use of AI/ML in the security sector. Almost two-thirds of companies are planning (41%) or are already using AI support (23%). For both groups, safety is the main reason. In addition, the desire for higher speed is driving further automation. In 2023, network security ranks almost as high as systems infrastructure as the third most automated of the six core IT functions. Network security, increasingly used as a service, also benefits from AI.
Platforms and Zero Trust go hand in hand
In the study, nearly nine in ten respondents (88%) say their organization is adopting a security platform. Almost two-thirds (65%) expect to use a network security or identity and access management platform. 50 percent are moving to a platform to secure web applications and APIs from the data center to the network edge. Another 40 percent want a platform for business security, such as fighting bots and fraud.
Security as an edge workload
Of all companies planning workloads for the edge, half will place security workloads there. Nearly two-thirds of respondents currently pursuing zero trust strategies plan to deploy security workloads at the edge. Because they recognize that fully implementing Zero Trust—and reaping the full benefits—requires leveraging the edge to secure all endpoints. Interestingly, surveillance is the fastest growing edge workload since 2022, although security services are the most important edge use case. According to the SOAS Report, this could be due to several factors including the explosion of remote work, IoT applications, the widespread adoption of applications, the global reach of today's markets, and the IT/OT convergence that requires real-time data to drive process adjustments requires.
Secure software development
This year's report also shows that security begins long before deployment—regardless of where those workloads are hosted. Similarly, three quarters (75%) of respondents have implemented or are planning to implement a Secure Software Development Lifecycle (SDLC). Most companies want to reduce all possible risks earlier in software development. For example, concerns about the security of the software supply chain are addressed in a number of ways. The most popular approach is to introduce a continuous test cycle. More than a third of companies (36%) are building DevSecOps processes, and more than a third (38%) are training developers to code securely. Financial and healthcare organizations are most concerned with software supply chain security. At the same time, almost one in five companies (18%) do not appear to be concerned about software supply chain security and do not plan to address it.
way to the future
The SOAS report proves that companies with increasingly modern app portfolios will continue to adapt their architectures for delivery. They want to balance operational and market requirements and find the right distribution between on-premises, cloud (whether private, public or hybrid) and edge environments - as well as between apps in the data center and as SaaS. The vast majority will use hybrid and multi-cloud models indefinitely.
"Comprehensive security platforms with SaaS-based services can protect hybrid apps and APIs across all host environments - from the core to the edge of the network, with consistent policies, visibility and easy management," continued MacVittie. “This approach can secure both modern and traditional architectures with WAF, DDoS protection and bot mitigation. Behavior-based intrusion protection and attack defense are integrated. Such effective security, operating at the pace required by the business, protects what matters most while unleashing the potential for growth.”
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.
Matching articles on the topic