Through internal development and acquisitions, cloud security has grown rapidly to become an $800 million annual run rate business for Cambridge, MA-based Akamai Technologies (NASDAQ: AKAM). The business is on track to generate nearly 30 percent of sales this year, up from 16 percent of sales for all of 2016. Through its early work with Kona Site Defender, which protects websites, web applications, and APIs against cyberattacks, Akamai developed a core competence in protecting against Distributed Denial of Service (DDoS) attacks against data center software assets. Such attacks involve the high-jacking of a large number of computer servers to overwhelm a target website or data center with malicious traffic.
With users, applications and devices moving outside the traditional perimeter of corporate firewalls, new approaches are required to ensure against the infection or theft of corporate data assets. To address this growing problem, Akamai has been developing a new cloud security architecture which it calls Zero Trust. The underlying principle behind zero trust is akin to that promulgated by former US president Ronald Reagan, who described the necessity to “trust, yet verify” any agreement that might be reached with the Soviet Union. In the same way that treaties must be verified, so must the identities of those who present a higher risk to data access, including contractors and employees in remote geographies. In such instances, corporations will wish to only grant precise access to what is needed, rather than broad access to a corporate network.
A key element of Akamai’s approach is centered around technology acquired last year from Janrain, which helps Akamai to decipher login history and access patterns, such as the city and time of day when such logins occur. With technology provided by Janrain, Akamai now helps customers in the area of identity proofing, authentication without using passwords, access control, web fraud prevention, and advertising fraud.
Last week, Akamai announced the tuck-in acquisition of KryptCo, a Cambridge, MA startup, whose engineers have developed mobile-based technology for multi-factor user authentication, which will fit into Akamai’s Enterprise Access Control Framework. Authenticating and assigning users the correct level of access to a data network remains a key technical challenge, as many approaches to access control are vulnerable to phishing attacks, in which user data, including alphanumeric login credentials, are targeted. Kryptco has developed a new approach, which does not require a pin number for authorization.
By next year, cloud security could contribute in excess of $1 billion in revenue and comprise about 34 percent of sales, which would be twice the percentage of revenue contributed just three years ago. The challenges posed by corporate data theft and espionage are likely to keep the category of zero trust in focus for many corporations and government entities for many years to come.
Founded twenty years ago by MIT graduate student Daniel Lewin, and Dr. Tom Leighton, his applied mathematics professor, Akamai Technologies, based in Cambridge, MA specializes in internet content delivery, web performance, and cybersecurity software. With trailing twelve month revenue of $2.6 billion, and a market cap of roughly $13 billion, the company serves more than 60 percent of the Fortune 500, each of the top 15 US and Canadian retailers, all of the top 20 global ecommerce companies, the 50 largest global carriers, 47 of the top 50 American television networks, 21 of the top 25 global gaming companies, 17 of the top 20 global social media platforms, the largest 25 banks in the US, the 10 largest global auto manufacturers, and all branches of the US military. More than 500 customers spend more than $1 million annually with Akamai, and no customer accounts for more than four percent of sales.
Akamai’s software and services are delivered over a proprietary global network that has grown to exceed 240,000 servers embedded in 1,700 networks in 3,900 locations in 133 countries. The distributed nature of this global network with servers located locally at the “edge” of the internet ensures that content is delivered quickly and efficiently.
Versus four years ago, when cloud security comprised just $50 million in annual revenue, the Cambridge-based company has developed a growing cloud security business, which contributed $486 million in revenue last year, or 20 percent of total sales. At present growth rates, even in the absence of acquisitions, cyber security could become the company’s largest business within four years.
Increasingly sophisticated cyber attacks funded by governments, organized crime, and political activists place banks, global media, and governments and their constituents at increased risk of fraud, identity theft, loss of reputation, and loss of revenue. In response, Akamai has developed a differentiated series of cloud software services designed to protect against such attacks. The basic premise behind its approach, and the key demand driver for its services is that it is much easier to attack a corporate network, than to protect it, as even a single hole can become the stalking horse for massive bot armies that can bring a network to its knees.
Through its early work with Kona Site Defender, which protects websites and APIs against cyber attacks, Akamai developed a core competence in protecting against Distributed Denial of Service (DDoS) attacks against data center software assets. Such attacks involve the high-jacking of a large number of computer servers to overwhelm a target website or data center with malicious traffic. DDoS attacks, launched by political activists, cyber criminals, and hackers seeking notoriety have become the bane of large bank and ecommerce companies in particular. Akamai has since developed and acquired new capabilities to protect against DDoS attacks, and added products to protect against web application layer attacks, as well as solutions to block and mitigate malware, ransomware, and phishing attacks.
Akamai has also had success with Bot Manager, a product launched in 2016, which provides insight into the amount of bot traffic accessing a website, as well as prevention of price and content scraping, which is particularly worrisome to ecommerce companies. Utilizing Bot Manager, the company reports that a single bank achieved a reduction in account takeovers from 8,000 per month to just one or two per month. Bot Manager has thus helped save the bank tens of millions of dollars in direct fraud each year.
From its roots in content delivery and web performance, Akamai has been able to leverage its massive, distributed global network to delivery increasingly sophisticated lines of defense against cyber security attacks. No longer a noise level item in its income statement, cloud security now exceeds 20 percent of sales, and is growing rapidly. As IT security professionals increasingly embrace cloud solutions for perimeter defense, Akamai is well-positioned for growth.