Akamai pressed its case for becoming a strategic DevSecOps platform by adding a range of security capabilities to its network service platform that help isolate applications from cybersecurity threats.
The company has added support for scripting to automate application security using its Kona Site Defender web application firewall as well as improved management and versioning support for application programming interfaces (APIs). Those capabilities complement an Akamai API Gateway for securing and managing APIs.
Akamai is also updating Akamai Bot Manager, adding a client SDK for mobile applications to help mitigate distributed denial of service (DDoS) attacks. The company also is adding capacity to its scrubbing centers to further defend against large-scale DDoS attacks.
Ari Weil, vice president of product marketing for Akamai, said the company is evolving into a platform that securely provides web applications with access to caching software and network infrastructure that dynamically scale up and down as required.
The goal is to make the Akamai network a seamless extension of any DevOps processes that developers can programmatically invoke on demand regardless of whether their applications reside in a public cloud, on-premises or in a third-party hosting center, said Weil. Because Akamai sits between users and production applications, Akamai now plays a critical role in terms of bother DevOps and DevSecOps, he said.
In term of accomplishing that goal, Weil conceded Akamai doesn’t have as much visibility in the DevOps community as it would like. The company has integrated its platform into continuous integration/continuous development (CI/CD) platforms such as Jenkins to reduce as many steps as possible for DevOps teams. But developers are not always fully cognizant of the security services that Akamai makes programmatically available, he said.
Weil noted that as DevSecOps continues to gain ground, Akaimai expects many developers will increasingly appreciate those security services, especially as cyberattacks become both more frequent and lethal. A 2017 security report published by Akamai finds DDoS and web application attacks rose 14 percent and 10 percent, respectively, year over year.
In effect, Akamai turns web application security into a large-scale zero-trust managed service that is available on thousands of points-of-presence (PoPs) around the world. In time, developers will only have to express their intent concerning the level of security to be applied. The execution of that intent will all be automated, Weil said.
In an ideal world, all cybersecurity battles would be fought as far away from applications as possible. Rather than focusing solely on the edge of the corporate network, Akamai is encouraging DevOps teams to think in terms of layers of defense that starts where applications are cached at the edge of the network. In theory, platforms such as Akamai provide a lot more visibility into what types of cyberattacks are circulating in the wild hopefully long before they ever get a chance to impact an application. The challenge, however, lies in distinguishing between what security technology needs to be embedded in the application itself versus an on-demand service that’s only a simple API call away.