If you've been paying attention, and I know you have, then you've noticed there's a considerable amount of movement in "the network."
Long-time readers will recognize “the network” as consisting of the plumbing from L3 to L7 that has served to scale, secure, and optimize applications for most of the 21st century. In many cases, those services – from load balancing to identity federation to caching and acceleration – have been happily living together on network platforms such as the application delivery controller (ADC).
But since the stabilization of public cloud, the subsequent adoption of modern (microservices-based) application architectures, and the latest movement toward distributed cloud and Edge 2.0 platform, "the network" has steadily arrogated its responsibility to a growing cadre of SaaS-delivered services.
I’m not playing prognosticator here; there are many industry surveys and research that point to a new era in which most application security and delivery technologies are delivered “as a service.”
Consider this research from Deloitte on XaaS that found “Eighty-one percent of adopters agree the pandemic has accelerated their organization’s shift to XaaS from traditional IT, and 55% report that the crisis is causing their organization to invest more in XaaS than initially planned.”
The survey further found that “organizations are deploying many different kinds of XaaS, either within selected departments or across their organizations, including
- software-as-a-service (90% use it today)
- platform-as-a-service (84%)
- infrastructure-as-a-service (83%)
- cybersecurity-as-a-service (81%)
- hardware-as-a-service (79%)
- advanced/emerging technologies as-a-service (72%).”
I don’t have hard data now to break out security and delivery services, but that’s coming in our next State of Application Strategy analysis. Promise. That said, there’s been strong interest in previous years to deploy individual application security and delivery services ‘as a service”, particularly security-focused technologies like those that defend against DDoS, protect apps from abuse and exploitation (WAF), and federate identity.
What we’re seeing more generally in the market is a considerable move toward even more traditional app security and delivery services consumed as services in a SaaS model. This includes a growing breakdown of identity-related services such as authentication, access, and identity. The latter is moving particularly quickly because identity is growing to encompass the new definition of user, which includes workloads and devices.
Now, I’ve said it before, and I’ll say it again: “the network” always reacts to shifts in application architectures. As microservices have steadily consumed the app portfolio, we've seen this phenomenon repeat, and now API Gateway, Service Mesh, and Ingress Controller are a standard part of the technology vernacular.
But note these new services are focused on specific capabilities and are designed to fit a microservices-based approach; that is, they are localized functions that fit into a composable architecture.
At the same time, "the network" has expanded to include the network between clouds and out to the edge. Container-native apps are the current architecture du jour. Their architectural foundation includes the ability to span clouds and deploy at the edge and basically distribute varying app components across the "network." New edge-native patterns are emerging that make use of multiple properties to distribute functionality and capabilities, highlighting the distributed nature of modern apps.
The reaction to this is naturally to insert “network” services into the stream between user and app in a way that makes functional and operational sense. As most of today’s app security and delivery technologies are either based on or operate in a manner similar to that of proxies, they can be deployed anywhere “in the network” without significantly impeding performance.
Combined with the obvious need to protect, defend, and deliver apps that are themselves deployed across the cloud and edge universe, the rise of SaaS-delivered security and delivery technologies is unsurprising.
Thus, network modernization is resulting in a new, distributed model for security and delivery technologies. Increasingly these services will be delivered not just as SaaS, but as micro-SaaS: the delivery of individual app security and delivery technologies as SaaS offerings.
Welcome to the era of micro-SaaS.