F5's 2022 State of Application Strategy Report identifies five trends in application modernization for the financial services industry

The "2022 Application Strategy Status Report" released by F5 this year found that today, almost all companies have transformed into digital companies, using IT technology to provide customers, partners and employees with a more seamless experience of optimized workflows. When analyzing and comparing various industries, the financial services industry is a digital pioneer, with up to 94% of financial institutions actively implementing business automation, and 99% of financial services institutions actively promoting application modernization.

It can be seen that digital applications are a priority strategy to help companies stay ahead. As consumers pay more and more attention to the high security needs of digital interactions, companies from banking services, electronic payments, insurance to investment services are actively promoting digital transformation. The application of modern technologies such as artificial intelligence (AI) and machine learning (ML) helps to provide a more personalized customer experience.

However, as the financial services industry races on the path of digital transformation, many of them are still struggling with traditional IT processes that are still unable to keep up with the pace in terms of speed and flexibility. Major changes require a modern approach, from APIs to today's microservices, new user interfaces and other components. This year's survey found that more than one-third of financial institution respondents have adopted site reliability engineering (SRE) practices to address infrastructure and operational issues to increase the speed, automation and agility of development and deployment of modern applications and components, and manage telemetry, data and application security and delivery technology in today's distributed architecture .

Survey question: What approach do you use to modernize your applications?

Multi-cloud strategies mature

In their efforts to modernize their applications, 71% of financial institutions have adopted cloud, hybrid cloud and multi-cloud strategies, with the same proportion in the Asia Pacific region, where 69% of financial institutions have chosen a multi-cloud strategy. As confidence in cloud adoption grows, cloud deployments include more than just commoditized features such as data lakes, with 32% of financial institution respondents adding infrastructure as a service (IaaS), 34% using platform as a service (PaaS), and another 42% using security as a service (SECaaS).

For the financial industry, which used to focus on infrastructure, this shift reflects their recognition that most attacks no longer regard networks and infrastructure as the primary targets, but rather applications and APIs hosted anywhere are subject to the greatest threat. Therefore, although public cloud service providers are constantly improving the complexity of their security products, financial institutions still need to protect ubiquitous applications and APIs. As a result of this shift, building a zero-trust security mechanism has become a common development trend for enterprises.

Cloud repatriation is gaining momentum

More and more enterprises are relocating selected applications from the cloud back to internal or hosted data centers, with the report showing an explosive growth of 168%. One reason is that the cost benefits promised by the public cloud may be harder to achieve than expected. Second, financial institutions are figuring out which data, applications, application security and delivery technologies they really must control themselves and which can be more effectively hosted and managed in the public cloud. As people realize that cloud computing is not the best solution to IT cost, control, flexibility needs and security issues, the development of cloud repatriation is becoming stronger and stronger.

Edge without edge

Edge deployment can be seen as an extension of the multi-cloud strategy. 87% of financial service decision makers plan to use edge deployment, and this figure is as high as 81% in the Asia-Pacific region. 49% of financial institutions prioritize edge deployment of digital experience-related workloads such as mobile apps and web front-ends, followed by workloads related to security services.

Internal data centers still exist, but at the same time, application modernization is driving the adoption of multi-cloud. Whether deployed in public, private or edge clouds, the applications, application security and delivery technologies that support them will become increasingly distributed, which also means that most organizations will continue to face the challenges of complexity and security.

Survey question: What are the challenges in a multi-cloud environment?

Consistent security remains multi-cloud's biggest challenge

Almost every multi-cloud organization faces many challenges, with security and visibility at the top of the list. The choice between security and efficiency is a pain point for decision makers in financial institutions. The top three security technology trends they are most concerned about in 2022 are web application and API protection (WAAP), zero trust, and secure access service edge (SASE), while artificial intelligence operations (AIOps), which was the most concerned last year, has dropped to fifth place this year.

The financial services industry is well aware that they are a target for attackers, but now attacks are often indirect, that is, attacks on APIs through third parties in financial services. New features and service applications make risk management more difficult. 96% of people responded that they had made changes in the past year to respond to security threats. Two-thirds of the respondents conducted ransomware awareness training for employees, and more than half of them also increased their focus on vulnerability management and automation.

Modern Application and API Security

Open banking has made the use of APIs almost ubiquitous, so the adoption of API solutions is also very popular. The survey found that 86% of financial institutions have implemented or plan to implement and deploy API solutions in the next year. Compared with other industries, the proportion of financial services industry adopting API solutions is 77%. It is not difficult to find that the breakthrough innovations and risks brought by financial technology have forced the financial industry to pay attention to security issues.

New vulnerabilities discovered every day are a clear demonstration of why the industry continues to pay close attention to security, especially for the riskiest applications and APIs. In addition to planning to build WAAP and zero-trust security strategies, the financial services industry should ensure that their web application firewalls (WAFs) and bot defenses are advanced enough to handle the latest threats with minimal friction and false positives.

When it comes to security management across multi-cloud environments, flexible security deployment options and consistent security management policies allow enterprises to deploy, protect and operate applications wherever they need to be (such as in data centers, multi-cloud, hybrid clouds or cloud-native environments at the edge of the enterprise), thereby helping enterprises focus on the features and functions of the application itself and improving customer experience.