theNet by CLOUDFLARE

Why web applications are a C-suite priority

Protect the bottom line by delivering reliable customer experiences

Web applications are at the heart of modern business. When these apps are slow or unavailable, user experiences immediately suffer and businesses quickly feel the impact.

In October 2021, Facebook, Instagram, and WhatsApp experienced more than six hours of downtime which cost Facebook approximately $60 million in revenue. Subsequently Facebook's stock price dipped, causing the company to lose billions of dollars more in market capitalization.

Not all web app failures are as dramatic or costly as Facebook’s. However, even relatively small, temporary problems can affect a company’s bottom line. If an e-commerce website is even a little sluggish, users will turn to another site — and they might never come back.

The serious financial and reputational consequences of web application issues mean that maintaining app performance and availability must be a high priority for a company’s technology leaders. And to deliver responsive, reliable experiences, they need to do more than cobbling together a few point solutions.

Technology leaders need to construct a multi-faceted strategy that involves improving development processes, modernizing their application architecture, and rethinking how they combat security threats. The first step in building that strategy is understanding why web apps sometimes fail.



Key causes of web app failures

While some failures are caused by atypical issues — like the specific human error that led to the Facebook outage, there are a few fairly common problems that can negatively affect performance and availability. In particular, poorly written code, complex architectures, and cyber threats present challenges for many organizations.

Poorly written code: In many cases, performance and reliability are directly related to the quality of the code. For example, a cloud-based application that has inefficient database requests can start to slow as requests scale. Bugs — including those that are only triggered under rare conditions — can also bring web apps to a screeching halt.

Developers might also inadvertently leave vulnerabilities in the code, putting web apps at risk of zero-day exploits that lead to data theft, compromised web servers, or other harm. In 2017, for example, an unpatched vulnerability in Equifax’s web application framework resulted in a data breach that affected more than 147 million people.

With websites, inefficient coding and design are frequent causes of performance problems. Pages might include unnecessary code that loads before the most important page content, slowing the overall load time. Moreover, website designs that use large, uncompressed images can cause frustratingly slow page loads for users.

Complex architectures: Complex or legacy network architectures are another source of serious performance and availability issues. Architectures that do not employ load balancing, for example, can lead to performance and latency problems when traffic overloads any one server.

In addition, users might experience latency when network congestion develops between the user and the web server: The shortest path between the two points is not always the fastest one. And of course, the physical distance between users and web servers can also cause latency, especially when remote users are thousands of miles away.

Cyber threats: Attacks on web apps are a potentially major cause of failures. In particular, malicious bots and distributed denial-of-service (DDoS) attacks can substantially reduce performance or make apps unavailable altogether. In 2018, for example, GitHub was rendered unavailable by a massive DDoS attack — one of the more famous DDoS attacks in recent years. Fortunately, the organization was using a DDoS protection service that helped end the attack after only about 20 minutes.

Application programming interfaces (APIs), which often play an essential role in an app infrastructure, are also frequent targets. Malicious bots, DDoS attacks, and other, API-specific attacks can impact performance while exposing organizations to data breaches.


Limitations of current solutions

Your organization might have accumulated multiple-point solutions to keep web apps secure, reliable, and performing well. But these solutions — whether delivered through hardware-based appliances or as cloud services — often have serious limitations.

First, hardware-based solutions require you to estimate the amount of traffic you will receive. If you are using a hardware-based firewall, and traffic exceeds your predictions, the firewall will drop traffic, letting it pass without inspection. These solutions are also prone to supply-chain challenges since you might be locked into buying systems with specific components. And overall, the costs of operating, managing, and maintaining hardware grow along with new purchases.

Networking and security solutions from public cloud vendors such as AWS or Azure can eliminate capital expenditures. However, organizations often encounter hidden expenses using these clouds, including data egress fees for moving data from the cloud. These solutions also tend to work best when organizations are running their business solely on one cloud: The solutions are not designed for multi-cloud or hybrid environments, since the cloud provider has little incentive to facilitate your use of services from another provider.


Defining solution requirements

As you start to construct a new strategy for improving performance and security, carefully define your solution requirements. Most organizations need solutions that combine scalability, flexibility for supporting multiple clouds, visibility across clouds, and tightly integrated capabilities.

  1. Scalability: If your business is growing quickly, scalability is non-negotiable. You need to be sure that you can accommodate more visitors to your web apps — and potentially defend against more attacks — while maintaining strong performance and availability.

  2. Multi-cloud: Support for multi-cloud and hybrid cloud environments is also critical. The majority of organizations today use more than one public cloud, and many have hybrid environments. Choosing any solutions that lock you into a single cloud provider does not make sense.

  3. Visibility: More than merely accommodating multiple clouds, new solutions should help provide visibility and control across your entire multi-cloud environment. You need to quickly identify and address all security and network problems that could affect your web apps.

  4. Integration: Security and networking solutions must work together. For example, a load balancer should work with a web application firewall (WAF) to maintain both performance and security simultaneously.

    Working with vendors that offer truly integrated capabilities will help reduce management complexity. If you can implement a single platform, with a single interface that integrates multiple security and networking capabilities, you can dramatically reduce administrative overhead.

  5. Streamlined development: While you are defining requirements for performance and security, also consider what your developers need to accelerate innovation. A developer platform should help boost productivity, capitalize on your scalable, multi-cloud environment, and enhance reliability by improving the quality of code.



Building a web strategy on a single platform

Cloudflare’s connectivity cloud can help deliver reliable, responsive user experiences by improving the performance and security of web apps. Cloudflare offers a full range of integrated networking and security services that can be deployed easily across a multi-cloud environment and managed from within a single platform.

The Cloudflare developer platform helps software engineers produce robust, reliable, and secure web apps. Integration with databases, object storage, AI models, and other services streamlines the construction of modern software with sophisticated capabilities.

Meanwhile, Cloudflare’s massive global network minimizes latency. With Cloudflare, you can serve web applications at the edge, close to users, wherever they are.

Providing strong performance and maintaining uninterrupted availability is essential for producing positive user experiences and avoiding costly downtime. With the right integrated platform of services, your organization can address threats to those experiences while controlling complexity.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.



Key takeaways

After reading this article you will be able to understand:

  • What factors impact web applications' performance and availability

  • Where current solutions fall short

  • The requirements for improving app performance and security



Dive deeper into this topic.

Learn more about key trends shaping the web application and API threat landscape in the State of Application Security report.

Get the report!

Receive a monthly recap of the most popular Internet insights!