Released Friday, the study revealed that IT executives recognized the importance of Web applications in driving their business as well as the seriousness of Web-based security. However, bandwidth dependence and fallacies still exist and application security is still not well understood, noted the report.
Commissioned by F5 Networks, the survey polled CIOs and senior IT decision makers from over 300 enterprises in six Asia-Pacific markets--China, Hong Kong, Singapore, India, South Korea and Australia--and five verticals: financial, telecommunications, government, manufacturing, and IT.
Some 44 percent of respondents believed utilizing more bandwidth was the best way to boost application delivery. The survey noted that this bandwidth-dependence fallacy ranked highest among respondents in India, followed by China and Singapore.
According to Jason Needham, senior director of product management at F5 Networks, this mindset came from the past when bandwidth was difficult to come by. "But now, with users and applications going over greater distances, increasing bandwidth does not solve problems such as latency and packet lost," Needham explained in an interview with ZDNet Asia.
Kunaciilan Nallappan, regional product marketing manager at F5 Networks Singapore, added: "This [mindset] ignores the fact that by having technologies like caching and compression at the server site, we can also solve the problem [of low bandwidth]… The technology built within the application delivery controller is not exploited as much as we thought it would."
Mismatch in security investment
The survey also showed that over 70 percent of respondents viewed Web applications security as very important. However, 61 percent believed that using network firewalls alone was adequate in preventing Web attacks, said Nallappan, who noted that in reality, businesses would need to implement a firewall at the applications level as well.
"The network firewall protects against common network-related threats such as virus and signature-based attacks, while the application firewall protects against fraudulent behavior," he added, pointing to the recent attack on Google as an example of attack on the application level.
Needham added there was a mismatch between security expenditure and where attacks occurred in an enterprise. "Globally, about 75 percent of security expenditure goes to [network] firewalls but today, about 75 percent of the attacks are at the [Web] application level," he said.
The Frost & Sullivan survey noted that China had the most deployment of network firewalls, but these respondents did not demonstrate a high level of awareness regarding the importance of implementing a firewall at the Web application level.
Singapore and India were the top adopters of Web application firewall, the survey found. This adoption was also highest among respondents in the telecommunications and financial service verticals.
The study also showed that close to three-quarters of respondents wanted more than two features in a single application delivery platform. However, there was a disconnection with reality as enterprises in the survey were buying point-products instead of a converged unified platform, said Needham.
He attributed this problem to IT departments working in silos where, the security and application teams, for example, would focus on resolving issues separately. "They end up looking at point problems and buying a device [to resolve that problem] or taking a wrong approach to their problem."
The survey also determined that enterprises believed cloud computing could increase their agility and scalability, but were hesitant about adopting cloud applications due to concerns over security, loss of control and performance.