Security embedded into content delivery network
According to Akamai’s Security CTO in APJ, Michael Smith, the basic premise for a content delivery network (CDN), is that you have a deployment strategy designed so that your servers are located as close to the end user as possible.
“This offers local performance globally, which is a key point of differentiation when talking about improving the user experience.”
This distributed footprint however, also means that Akamai has fault-tolerance across data centres, ISPs, cities, and even countries, and this helps immensely with availability issues even when Akamai’s customer’s data centre is down because of a power outage or natural disaster.
This also gives rise to a significant but complementary capability for Akamai.
Smith explained, “We are successful at defending against Distributed Denial of Service (DDoS) attacks and flash crowds because of the amount of bandwidth, servers, and PoPs (points of presence) that we have. Add to that the 17 years of experience that we bring to the table and you have a pretty compelling value proposition for our customers and ultimately, their users alike.”
So, it comes as no surprise that security is currently Akamai’s fastest growing product category globally.
Akamai’s second quarter ended June 30, 2015 showed a total revenue of USD$541 million, a 14% increase over second quarter 2014. Of this, their Performance and Security Solutions revenue was reported to be USD$256 million, up 15% year-over-year.
But Smith opined, “What’s more exciting to me is that income drives development. This implies that we have a lot of new products and solutions coming this year and the next couple of years that put us into solution spaces where people wouldn’t expect us to be.”
Akamai has been able to build and deliver a layered security defence for businesses on the Internet because of their approach within the CDN ecosystem, that is to think and act like a gatekeeper.
“Many vendors focus on specific elements within the CDN ecosystem instead, like video for instance.”
Smith opined that Akamai’s gatekeeper approach is critical today and is going to be even more important in years to come. “I believe you can’t separate the CDN from security components. Some attacks are big and some attacks are small – which is important to remember as it highlights an oft overlooked challenge with security online.
“The scale to protect against the big attacks means that sometimes you can’t see the small attacks because they get lost in the noise. And the protection against the small attacks uses a lot of resources that make you more susceptible to large attacks.
“Our approach here is to use a little slice of processing across all of our servers to defend against both the big attacks and the small attacks at the same time.”
Akamai’s other Advantages
According to the APJ CTO, as a sole defense against cyber security threats, on-premise appliances and software burden an organisation in terms of capital expenditures due to their short lifecycles and the need for ongoing operations and maintenance.
“Businesses that have built their security solutions over the years need to reexamine those to stay relevant and protected as they do business on the Internet today.”
Lo and behold, enters Akamai’s Cloud Security Solutions which is a suite of cybersecurity applications integrated into their web content and application delivery network. Even their CDN and web application firewall (WAF) are consumed as a cloud platform, and with security benefits.
One of the facts of life of WAFs and other application controls such as fraud detection is that they do use lots of RAM and CPU to do their job. As such, on-premises controls have a hard limitation in how many transactions per minute they can accomplish
Smith pointed out, “The dirty little secret is that a lot of organizations deploy their controls with “the red button” that turns off some of the checking during peak traffic times such as flash crowds, good marketing events, or DDoS attacks.”
He also shared that with Akamai’s CDN/WAF combination, organisations can drastically minimise the impact of peak loads without having to use this ‘red button.’