UPDATED 15:59 EDT / DECEMBER 17 2013

NEWS

2014: Akamai’s Andy Ellis on enterprise security at scale, risk strategy and the complex web

Our 2014 CyberSecurity prediction series continues with Andy Ellis of Akamai.

SiliconANGLE: We’ve talked a bit about the threat landscape in 2014, do you think that there is enough technology and personnel to meet all of these threats right now?

Ellis: There aren’t enough security personnel that really understand the business. There are lots of people that are good at specific tasks, but they can’t talk about maximum security and overall strategy to protect and enable the business. So you end up with situations where people gamble sometimes, picking and choosing based on what they think might be acceptable risk based on business goals. That’s one more risk that they end up taking. The security scene is a challenge especially smaller end of spectrum. We will actually see an evolution of medium size businesses running on somebody else’s platform, like AWS. So security will be something that is actually part of the product. And that may end up being the best approach is embedding this at that level. It’s not going to work for everybody, but it is something the community can expect.

I’m a huge believer that security professionals don’t always make good business decisions because they are not part of the assessment or decision on what risks are acceptable for the company. So risk can be put to the side when it comes to overall strategy. For example, new products come out all the time and they have a list of problems they help fix and they have problems they bring to the table. Security folks are faced with the question of whether they’re acceptable problems. The old model of asking the security team if application is going to be acceptable ends up falling short. There’s an issue there where all risk is not quantifiable, otherwise the world would be more predictable, much easier if that was the case. Unfortunately many security teams mostly ignore this element of the business. There should be regular good advice being delivered to decision makers. Big picture. Risk. Both at the same time.

Akamai:2014

 

SA: Describe Akamai’s role in a better cybersecurity profile in 2014

AE: One of biggest advantages we’ve always had is that we’re network agnostic. We’re present throughout thousands of networks around the world, and when you consider that a lot of the problems around internet are oriented around structure, that is an advantage. You see this same thing with Prolexic, which is the market leader around network layer scrubbing and they have done this in an agnostic fashion. That acquisition really cements our strategic differentiation. We are not tied to anything, therefore we are not limited.

Another piece of that is that we aren’t a tack-on service. Because we build our services on top of our website performance services we’re already in line with traffic. Security services are added into the chain. That makes things like the scale we deal in possible – the sheer numbers and volume all within this delivery network. We’re talking about 22TB per second and our normal peak traffic is 60 times what others in the business have. Other players, ISP’s and individual players, they can’t afford that advantage, while this is implemented many times over in our normal provisioning model. With our lineup of website protection services, and adding the Prolexic strategic advantages of DDoS protection, these upscale pieces and throughout our portfolio are unmatched.

Federation, authentication and identity

 

SA: Let’s talk about this grand frontier. Multiple clouds, integrating environments, devices and apps everywhere – Identity is big, authentication is big and the demand for answers around this is only going way up, complexity is going through the roof. Explain the challenges and evolution here in light of cybersecurity threats.

AE: We’re certainly seeing a big movement and an increase in critical importance in these fields. Identity, federation, encryption, there’s so many things going on out there and many more ways to do things wrong. Just look at federation and what that has brought with it. You have many federation situations where the numbers get into hundred and even thousands of logons in a given month. That’s something that can easily be painful, especially when things go wrong because of how critical the constructs are. It’s important to not only build these systems right but to have enterprise availability and good security practices around that. Even around the web you can see how in the social media world these Facebook, and Google logins can be found all over the web.

The insertion model for federation is coming around, but we don’t really see anybody tying those constructs all together – Identity, authentication, and Federation. Enterprises still want their own identity info and for good reason –the last thing people want to give up is control over authentication. While the industry has done some enablement such as when you log into multiple devices, to the cloud and so on, the question of potential for fraud can’t be escaped. How can you be sure that your identity or authentication systems haven’t been compromised? That’s a very fertile field and part of the Prolexic acquisition means we are freeing up resources to deal with these issues and put a bigger focus on client reputation. We are focusing on these things and the bigger picture of fraud, enabling models that have a sharing construct like a reputational index and learning about bad behaviors before it happens to you or your neighbor for that matter.

 


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU