Getty Images/iStockphoto
F5 distributed cloud security services strike a trendy chord
As talk of multi-cloud management gives way to distributed cloud, which also ties in edge computing, F5 bundles application security services to expand its appeal to enterprises.
The notion of distributed cloud has gained traction over the last two years as the COVID-19 pandemic prompted companies to prioritize digital services to reach customers in various locations, and IT vendors are adjusting their offerings to accommodate the trend.
distributed cloud refers to cloud computing services that take the physical location of computing resources into account -- in other words, that encompass both data center and edge computing to place digital services closer to end users, often at retail stores or other edge locations, as well as on mobile devices.
"By 2024, most cloud service platforms will provide at least some distributed cloud services that execute at the point of need," according to an August 2020 Gartner report.
As a result, specialist startups and open source projects such as Alkira, Prosimo and Skupper have sprouted over the last two years to capitalize on the distributed cloud buzz. Existing vendors such as Imperva and Akamai have added distributed computing tools as well, while Cisco's emerging technologies division is working on distributed cloud products, including API security tools.
IT security has separately become a critical issue for enterprises after years of escalating high-profile cyber attacks and critical vulnerabilities.
Mike RothmanAnalyst, Securosis
Now, F5 has made its own entree into distributed cloud with this week's launch of F5 Distributed Cloud Services. While it has rivals in various aspects of distributed cloud security, it's also among the earliest established enterprise networking vendors to provide a production-ready product in the space.
"Most large enterprises are in a situation where they're [deploying] their applications based on what their applications need, [and] the ability to provide a consistent application security layer on top of that is difficult," said Mike Rothman, an analyst at Securosis, an infosec research firm based in Phoenix, Ariz. "F5 has a huge global infrastructure and customers that have been using it to deliver applications for years -- they're really relying on that enterprise heritage and being able to support various infrastructure platforms, including on premises."
The first of F5's new Distributed Cloud Services is Web App and API Protection (WAAP), which integrates both the front-end user interfaces and back-end data lake for distributed cloud security services, including the BIG-IP application delivery controller, web application firewall, NGINX web application server and API security tools F5 acquired in 2021 with Volterra. WAAP also includes bot protection F5 acquired with Shape Security in 2019. These services can be used with F5's existing distributed application hosting environments, which run on a set of data centers and points of presence that F5 customers can use to move edge computing services closer to end users.
F5 will add more services to the new platform, such as policy management that encompasses all these layers of distributed cloud, according to company officials.
F5's free tier services include support for a global application delivery network, or a set of network edge apps, hosted by F5; distributed denial of service mitigation; a Kubernetes gateway; application traffic management; and limited ticketing and email support.
Starting at $25 per month, the Individual plan adds web application firewall support, global load balancing, cloud and edge network security management, and standard support. Starting at $200 a month, the Teams plan also includes F5 network edge hardware, single sign-on, an uptime service level agreement and advanced support. F5 also charges for individual cloud infrastructure resources such as the number of endpoints required for load balancing, according to the company's website.
Distributed cloud vs. DevOps platforms
As F5 and other networking players broaden distributed cloud security services, they may be on a collision course with another consolidation trend among large server-side vendors. Companies such as VMware, Red Hat, GitLab and the major cloud service providers now tout "end to end" DevOps platforms that consolidate multiple layers of infrastructure for modern applications.
Between DevOps platforms and distributed cloud platforms, there's potential for both overlap and integration. But in some ways, these overlapping consolidation trends only deepen the complexity of choosing a product for IT buyers in search of integrated IT automation tools, said Brad Casemore, an analyst at IDC.
For example, a modernizing IT ops team might look to a data center vendor's DevOps platform for microservices management among multiple cloud service provider data centers, Casemore said, while an application or IT security team might prefer a distributed cloud platform from F5 or another network vendor to manage application-level security.
"Some of this is playing out in real time for many organizations," Casemore said. "They're deciding not only what they need to do [in app modernization], but who does what, and that's another area of human organizational complexity that's playing into this as well."
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.