Through internal development and acquisitions, cloud security has grown rapidly to become an $800 million annual run rate business for Cambridge, MA-based Akamai Technologies (NASDAQ: AKAM). The business is on track to generate nearly 30 percent of sales this year, up from 16 percent of sales for all of 2016. Through its early work with Kona Site Defender, which protects websites, web applications, and APIs against cyberattacks, Akamai developed a core competence in protecting against Distributed Denial of Service (DDoS) attacks against data center software assets. Such attacks involve the high-jacking of a large number of computer servers to overwhelm a target website or data center with malicious traffic.
With users, applications and devices moving outside the traditional perimeter of corporate firewalls, new approaches are required to ensure against the infection or theft of corporate data assets. To address this growing problem, Akamai has been developing a new cloud security architecture which it calls Zero Trust. The underlying principle behind zero trust is akin to that promulgated by former US president Ronald Reagan, who described the necessity to “trust, yet verify” any agreement that might be reached with the Soviet Union. In the same way that treaties must be verified, so must the identities of those who present a higher risk to data access, including contractors and employees in remote geographies. In such instances, corporations will wish to only grant precise access to what is needed, rather than broad access to a corporate network.
A key element of Akamai’s approach is centered around technology acquired last year from Janrain, which helps Akamai to decipher login history and access patterns, such as the city and time of day when such logins occur. With technology provided by Janrain, Akamai now helps customers in the area of identity proofing, authentication without using passwords, access control, web fraud prevention, and advertising fraud.
Last week, Akamai announced the tuck-in acquisition of KryptCo, a Cambridge, MA startup, whose engineers have developed mobile-based technology for multi-factor user authentication, which will fit into Akamai’s Enterprise Access Control Framework. Authenticating and assigning users the correct level of access to a data network remains a key technical challenge, as many approaches to access control are vulnerable to phishing attacks, in which user data, including alphanumeric login credentials, are targeted. Kryptco has developed a new approach, which does not require a pin number for authorization.
By next year, cloud security could contribute in excess of $1 billion in revenue and comprise about 34 percent of sales, which would be twice the percentage of revenue contributed just three years ago. The challenges posed by corporate data theft and espionage are likely to keep the category of zero trust in focus for many corporations and government entities for many years to come.