Our CyberSecurity prediction series continues with the CSO of Akamai, Andy Ellis.  Akamai delivers up to 30% of the world’s internet traffic and as one of the world’s largest distributed computing platforms, it sees a whole lot of security, a whole lot of infrastructure and a whole lot of scale.  Its content delivery network is in the business of making customer’s web perform faster, more securely and do it globally.  Security has always been an integral element to the Akamai proposition, and just about a week ago Akamai picked up Prolexic automatically boosting its denial-of-service capabilities in a $370 Million dollar deal.

SiliconANGLE:  Let’s kick off with projections.  What are the biggest cybersecurity threats in 2014?

Andy Ellis: The Prolexic acquisition is very telling of how we feel about that.  DDoS is one of those top threats.  It will prove to be an interesting and very large market for next few years at least.  The way we look at DDoS is that most of threats you might worry about are tightly limited, by which actors find them interesting.  People that want to steal something like identities or credit cards, those are limited.  We are seeing criminal agents with completely different motivations and many using same tool to get their goals done.  That makes for a very fertile market for us.  Our customer’s websites have to be up and all of these threats have to be contained.

That’s the reality out there where downtime is just simply unacceptable and protecting sites is critically important.  We talk to customers and see situations where they report to the board about outages, but they don’t have the same level of conversation about threats.  It’s something that is changing, boards are paying more attention that’s a good thing because denial of service is becoming a bigger part of that threat picture and we’re driving that message home.

We are seeing many positive things as well.  There’s a strong trend in migration from really old legacy systems on the internet.  Threats that are bound to older hardware, older operating systems, infrastructure and software, we can start looking to putting those things behind.  You can actually see this from one point of view, through our Akamai.io site.  It indexes browser usage data, a bunch of trends from leading websites throughout the world.  One figure is the plotting of what browsers are being used, many ancient browsers had historically represented a huge chunk of this statistic but it has been on a rapid decline of late.  People are moving up the technology scale.  So what this buys is a big step up in the baseline.  Part of this change is just slow attrition, a lot comes from mobility and the updated browsers that come with these devices.  So now, many legacy protocols can get put to the side, things like TLS v1.2 and better crypto-algorithms can start to dominate those stats, it’s just better for everyone.

SA: You mentioned global computing trends and how mobility is stepping up.  Companies are still looking at BYOD, mobility and all that comes along with that.  Apps, security, infrastructure, encryption – the list goes on.  What kind of impact is this having on the web platforms out there?

AE: The advice I give to CSOs especially on the consumer facing side is that – BYOD is kind of a poor term because it misses on what that device really is.  There’s this historical paranoia, where some new technology comes out, and people don’t understand what that thing is, so they look at history to say this is something they should be worried about.  History tells us however that this is a lot like password rotation in that it’s just something we do and the latest things now are mobile devices, but it’s important to take the right approach now.  Consider what the technology world will look like in say 5 years.  The devices will be all over the spectrum.  Whether it’s some device like my iPhone, some employer’s device or whatever, in 5 years it could be anything.  What is important is finding the security model for that future world, not today.  Standard controls too often look backward, and we need to look at how to move forward.  The world of apps will follow that as well.  Just look at how every 2 years a bunch of new frameworks come out and everything moves to it.  The older and present day platforms start to decay, they don’t get patched, they had possibly outlived their usefulness in light of the new platform.   Look at things like Rails and PHP, we’ve moved on and they can easily become unstable platforms.  That’s why security teams are better served focusing how to secure the app interface.  Web interfaces have to be protected.  So we’re hoping more trends emerge where people will be focusing on that problem.

We’ll follow up with Ellis with perspective on risk, more on Prolexic, Akamai’s mind-blowing operations at scale and how security is deeply tied to all of this.

photo credit: -= Treviño =- via photopin cc