Sharpening the Edge: The Evolution of CDN and Cloud Security
I’d like to begin with little bit of background about myself to help explain what we do at StackPath. In 2005, I was one of the founders and the CEO of a company called SoftLayer. It was one of the first Cloud Computing companies in the world. We grew rapidly through 2007 and 2008. Our company really exploded when iTunes and the App Store, Google, Android, and the rest of the mobile tools came out.
In 2013, we sold SoftLayer to IBM. I stayed with IBM for two years, and SoftLayer became the basis of the IBM Cloud and Bluemix. Over the course of those two years, we expanded to 40 data centers worldwide. These data centers encompassed tens of millions of physical and virtual machines in a scale that known by only four companies worldwide: Amazon Web Services, Google, Azure, and IBM SoftLayer. So, I come the CDN world from a world of scale.
From that perspective, when I looked at what was wrong with cloud, I concluded, “We’re missing the security piece,” because up until cloud, security was very easy. With on-premise, security was traditional--firewalls, IPS, IDS, AV, those types of services. Then we got to cloud scale or hyperscale. None of those things worked anymore. I said, “Why isn’t anyone focusing on security for cloud?”
Starting With CDN
When I left SoftLayer in February 2015, I began thinking about how to implement security for cloud. After a few months of study, I realized I needed to start with CDN. CDN is the man in the middle between all the data and all the eyeballs. You have to start with CDN and then wrap security around it so you can protect customers both ways.
Looking at the internet in 2015, I made some proclamations that made some people think I was crazy. I said, “By 2020, I don’t think the internet will be usable anymore. Unless someone fixes security, it’s not going to work. You’ll connect to it and do what you have to do, and then you’ll disconnect from it because it’ll be such a filthy, nasty, dangerous place that you won’t want to be connected 24/7. If we look at the size of the DDoS attacks, the amount of malware that comes out every day, the iterations on that and you put IoT and machine learning on top of that, it’s going to become such a nasty world that you won't want to stay connected to it 24/7. Somebody, some company, some industry has to solve the security issue or the internet is not going to work like it does today.”
When I looked at all the traffic projections, the numbers were way low. When I looked at traffic by Cisco, I said, “We’re doing one zettabyte today. By 2020, it’s gonna get to 2.3.”
Those are staggering numbers, but they’re from Cisco. When you really dive in to the big four, the companies that are operating at scale, guess who they’re not using? They’re not using Cisco. They’re not using Juniper. They’re rolling their routers. They’re rolling their own switches. So, nobody really knows how big the big four are in the scale that they’re growing at. We had a Google representative at Content Delivery Summit who showed a lot of numbers, but didn’t talk about their scale. No one really talks about their scale when it’s hyperscale or at full scale. When I look at this 2.3 zettabyte projection, I think it’s going to be 5 or 10.
When you add into that IoT coming online, we’re putting 5 million IoT devices online every single day. The IoT devices alone 600 Zettabytes by 2020. That’s going to be almost 300 times the traffic of normal content traffic that we see today. If you have all of those things out there--as we’ve already seen with Mirai BotNet--that traffic is not secure. Those IoT widgets out there are not playing well and could be used and abused by hackers to create even bigger problems.
Malicious activity continues to rise. In the first weekend after WikiLeaks released the NSA tools to the world, on May 15, there were 45,000 companies in 74 countries that had been compromised by security.
If there was man in the middle security out there, we could have stopped that, but as it sits today, no one is able to do anything. DDoS attacks are growing faster than ever. In 2015, my business plan reflected my expectation that DDoS attacks would get to 10 terabits by 2020. Donald Trump’s website was the largest at 350 gigs last march. Then we had the Krebs attack, which was almost 700 gigs, in August. Then we had the Dyn attack, which was a terabit, a month later. Then we had the OVH attack, which was almost two terabits, a month later. Now we have the Mirai BotNet out there that they’re saying is capable of 4-5 terabits. I think 10 terabits will happen before the end of this year.
Hyperscale Changes Everything
That’s how big and how fast this problem is growing. You can’t really blame the experts because they’re all using linear math to predict what’s going on, the growth of the traffic, the growth of the malware, the growth of DDoS attacks. What they’re not taking into account is hyperscale. Hyperscale changes everything. These things are changing exponentially and they’re growing exponentially. Four or five companies in the world are large enough to understand it. Buy they don’t talk about how fast they’re growing, which makes it even harder for researchers to figure out what’s going on. I even hate to show the slide below about companies that have gotten hacked. It happens so often no one cares anymore.
I stood in my kitchen two weeks ago with my wife and we had five things laying on the bar. Two of our credit cards hacked, our insurance hacked, our kids’ preschool had been hacked, and the Dallas municipal alarm system had been hacked. Five things laying on my counter in one day. We both looked at each other and said, “Yeah, whatever. We can get new credit cards.” We’ve become so used to it nobody’s focused on it. Nobody’s really talking about it. CDN is evolving because it’s in the middle.
When I look at the numbers, the numbers provided by Dan Rayburn, by Gardner, by Forrester, I see staggering growth. 34% CAGR is a very large number. I would tell you, “I think these numbers are half or 20% of what it’s actually going to be,” because no one really talks about the hyper-growth of the cloud. You don't see Amazon releasing how much Cloudfront uses. You don’t see Google releasing how much theirs uses. You don’t hear the big guys talking about how much is actually being pushed and consumed out there from a CDN perspective. It’s much larger than the traditional CDN industry.
This article is Sponsored Content
Nathan Moore, Director, Principal Software Engineer, DevOps, StackPath