In a thought leadership article, Kara Sprague, Executive Vice President and General Manager of F5 Networks' Application Services business unit, explains Application Capital and the importance of an app strategy. Her article offers insightful industry knowledge and advice for further women wanting to work in this sector.
Welcome to the age of application capital
"It’s not even a question anymore: Every company is now a software company with a digital mandate. Applications are firmly established as the primary vehicle through which companies develop and deliver goods and services. They have become the most important asset of the modern enterprise, especially for those digital natives: the Lyfts, LinkedIns, and WhatsApps of the world," writes Kara.
"Today a company’s application portfolio can be worth billions, and apps are found wherever work is done—conferencing equipment, factory floors, thermostats, aquariums, you name it. And yet most companies only have an approximate sense of how many applications they actually have, where they’re running, or whether they’re under threat. Organizations worldwide have continually innovated, iterated, and built their application capital—without also building a cohesive organizational strategy for managing it.
"Compounding this is the challenge of complexity. In our latest research, 90 per cent of customers reported that they were using multiple clouds, averaging 2.5 per organization. More than half said they’re making decisions on where to host applications on a per-app basis. Larger companies could have hundreds—if not thousands—of permutations of applications, clouds and servers, and the support those applications receive might vary dramatically."
Apps are spreading far and wide
Kara states that, for most companies, application capital is poorly supervised at best and under serious threat at worst. But with so many apps spread far and wide, threats can come from almost anywhere, and the effects of a breach can be devastating for the organization.
"A few years ago, the CEO of Target resigned after hackers stole millions of customer records from the company—the attackers had gained access to Target’s point-of-sale devices through an HVAC system. A London-based casino lost its high-roller database after hackers got into their network through the digital thermometer in a lobby aquarium. These two seemingly innocuous entry points show the serious danger of free-range application portfolios. And yet I have not encountered a large organization that can report, with confidence, the number of applications they have in their portfolio," she continues.
"In contrast, the way organizations manage physical and human capital has been a continual focus in business, refined over the course of decades. Companies like Airbus rely on a network of thousands of suppliers and precision timing across a worldwide supply chain to make one airplane. Airbus is also able to track and monitor the performance, usage, location, and health of each of its jet engines at any moment in time."
According to Kara, UPS has a similar level of sophistication when it comes to managing people. The company oversees a huge global delivery network that employs hundreds of thousands of workers, with such granular insight into their activities that it can prescribe how drivers should enter and exit their vehicles to maximize efficiency and minimize injury.
"If we’re going to gain a toehold toward minimizing threats so we can maximize the value of the application ecosystem, organizations need to start investing the same energy and resources into their application capital as they do with physical assets and talent. The trick is how to apply the same rigor and discipline to the ephemeral nature of digital items," Kara adds.
How to build an application strategy
To manage application capital effectively, Kara asserts that companies need to start by establishing a company-wide application strategy that sets policy and establishes a basis for compliance. The application strategy should address how applications in the enterprise portfolio are built, acquired, deployed, managed, secured, and retired. There are many ways to go about this, but F5 Networks generally prescribes six distinct steps:
- build an application inventory that includes the function and origin of every app, along with the data it consumes, services it communicates with, open-source or third-party components it contains, who has access to it, and who develops or maintains it
- assess the cyber risk for each application in terms of the relative cost or impact of a breach of the application itself or the identities associated with the application
- define application categories around the cyber risk associated with the applications, and assign minimum application service requirements for each
- Identify the application services needed to support each of the application categories, such as web application firewalls, anti-DDoS, anti-bot, global availability, and load balancing services
- Define parameters for application deployment and management for each application category, including deployment architectures, acceptable public cloud options and third-party services
- Clarify roles and responsibilities around deployment, security, user access, third-party monitoring, and accounting for apps as they are added and removed
"The primary aim of an application strategy should be to enhance and secure all digital capabilities—even while the company continues to increase and expand those capabilities. The combination of these elements helps ensure that everyone is doing the right thing, accounting for and protecting all applications in the organization’s ecosystem while keeping the wheels of innovation turning," says Kara.
"One major difference between physical and digital assets makes this process all the more important: the ever-present threat landscape. Because applications extend beyond the company to the customers and partners who use them, effective stewardship of application capital is a business imperative. This is an issue that is only getting more complex and challenging, so there is no better time to start."
Kara discusses the importance of Application Capital in the cloud native world
A true expert in the field, Kara regularly speaks to the media about how applications are already one of the most valuable assets of modern enterprises because most companies are transforming digitally and investing heavily in digitizing various parts of the business to offer new customer experiences and to access to new opportunities.
Join informed tech women like Kara at F5
F5 is always looking for talented women with a passion for the wonderful, challenging and fast-moving world of technology. Learn moe about the F5 or research their latest job opportunities.
Find out more
Disclosure: Where Women Work researches and publishes insightful evidence about how its paid member organizations support women's equality.