A March Menagerie of Data

March is here, and with it comes my most favorite source of data. Now, I may be biased - no, I am biased - but I happen to think the F5 State of Application Strategy (SOAS) is one of the best things since sliced (gluten-free) bread.

But as much as I love my own data, I love industry and analyst-sourced data, too. Most of the time it validates what we discover in our annual research, and other times it brings perspectives and insights on topics we just don't or can't cover.

If you've been watching, you'll find that #cloud #repatriation is a hot topic right now and that's no surprise to me as we've been seeing that trend in SOAS for a couple years now. But there's also the rising reality of #HyrbidIT and the need for a way for organizations to operate its entire stack seamlessly across core, cloud, and edge. And we see that in the data too. Especially when it comes to #security because security is constantly a hot topic. This month is no exception and there's some scary stats out there, people. S-C-A-R-Y.

So let's dive in, shall we?

Security

First up is some security stats from Imperva's DDoS Threat Landscape Report 2023. I like to make the distinction between objective (observed) data and survey data and this report is based on the former. One of the scary stats is also not a surprising one: application layer DDoS attacks increased in 2022 by 82% compared to 2021 with attacks on the financial services sector growing by 121% year on year. Also interesting was the finding that L3-4 single vector DDoS attacks dramatically increased year over year. In past years multi-vector attacks have dominated with DDoS typically used to divert resources and attention away from the real target. But this appears to be changing and the reason why is not clear, although punitive attacks are certainly not unknown.

Also notable is Wallarm's 2022 Year-End API ThreatStats. You should expect to see more API only related research and reports as it becomes clear that APIs are more than just URIs today. That's a subtle but important distinction that will continue to shape the future of API-related technologies, especially security. The scariest stat in this report? Attacks against customer APIs grew +197% from H1 to H2. Yikes! Now, that could be because APIs are ascending to the top of the stack and thus gaining a lot of attention or it could be because the source of this data is primarily serving customers looking to protect APIs. Either way, that's one scary stat.

I'm not usually a fan of reports that are just curated from other reports, but I'll include this one because you don't have to track down the sources. This one is from 2025 Security Trend Report from the Info-Tech Research Group . It's not very up to date, but I liked one data point that is a good one to keep in your pocket: $243000 stolen using synthetic voice audio in one 2019 incident, DeepTrace 2019. I'm sure I don't have to spell out why this is a good one to keep in your pocket, but just in case, we're only seeing the tip of the iceberg in terms of what generative AI can do. Spoofing your voice is pretty darn easy, and if you think about phishing attacks, well, you can see where the threat landscape is likely going.

AI and ML

Speaking of AI and ML, I've got a couple reports here on that, too.

The first one is from Google, and like the Info-Tech Research Group, it's mostly curated from other sources. I do like that Google adds some predictions in its 2023 Data and AI Research Report though saying "70% of new apps will be developed on open source databases (Google)" is kind of like saying "99% of all apps developed will need the Internet (me)." Like, yeah? Seems a pretty safe prediction to me. Interesting AI-related stat inside: By 2025, at least 90% of new enterprise application releases will include embedded AI functionality. (IDC FutureScape: Worldwide AI 2020 Top 10 Predictions)

Okay, sure, AI is hot, but what are people actually spending their money on with respect to this emerging, exciting technology? According to Verta's 2023 AI/ML Investment Priorities? that would be on the data side: 43% cited MLOps and ModelOps platforms as a priority for attention in 2023. Makes sense to me, as AI without data is like a glass without anything in it and I've read other reports that more than half (54%) of all AI projects fail today and the mitigating factor is almost always immature data pipeline and practices. So pay attention to the data, people!

Also interesting in Verta's report was this: Nearly half (48%) of respondents described their organizations’ infrastructure approach as hybrid, versus 32% that said they have a cloud-only strategy.? Hybrid is going to win, for everything.

API Everything

So right now my attention has been diverted to doing research related to APIs, and more specifically the infrastructure / app delivery side of APIs. After all, APIs don't scale or secure themselves. I know, right? Seems obvious, but a lot of people seem to forget that until, well, they have to secure or scale them. So watch for more API-related stats in coming months.

Until April then, take care, be well, and stay safe!