If you asked CEO Tom Leighton to describe Akamai Technologies five years ago, his response would have been different from his answer today.
Today he describes the company as the “world’s most distributed cloud services provider” with services in compute, security and delivery. The company, which continues to evolve from its start as a content delivery network (CDN) provider, hit a key milestone in that journey last quarter.
Revenue from Akamai’s security and compute business combined to eclipse its delivery revenue for the first time. Security revenue increased 23% year-over-year to $382 million, and compute revenue hit $78 million, up 32%. Delivery revenue, meanwhile, fell 6% to $444 million.
“Next year, security will be the largest of the three,” Leighton said in an interview with Protocol.
“It won’t be the majority yet by itself, but it’ll be bigger than delivery and compute. Depends how fast compute grows, but that’s an enormous market, and who knows, maybe compute will be the largest in five years. It'll be a tough fight with security for that crown, because those are both very fast-growing areas for Akamai.”
Akamai bolstered its security and computing capabilities with two big acquisitions in the last eight months. It bought network security company Guardicore for $600 million in October, adding its micro-segmentation technology that blocks the spread of malware to Akamai’s zero-trust security portfolio for enterprises. In March, Akamai completed its $900 million acquisition of Linode, a cloud infrastructure-as-a-service provider that positions itself as an alternative to AWS, Microsoft Azure and Google Cloud.
Leighton, who has led Akamai since 2013 after co-founding the company in 1998 and serving as its chief scientist, talked to Protocol about Akamai’s cloud-to-edge strategy.
This interview has been edited and condensed for clarity.
Why did you decide to diversify Akamai?
It’s what customers want, and it’s something we always wanted to do. We started with delivery. Early on, we provided security solutions for the government, but the industry wasn’t ready yet for it, didn’t fully appreciate it. It wasn’t really until 2012 that companies started to appreciate they needed Akamai to protect them, that they just couldn’t do it themselves anymore.
Also, early on — 2000, 2001 time frame — we started edge computing and, again, we were ahead of the industry. That’s before AWS existed, and the industry wasn’t ready for edge compute then. We even had edge Java. We had edge WebSphere, Edge Side Includes. We pioneered the standard with Oracle back in 2001.
We did elementary things that our customers could use, but in terms of full-blown applications at the edge, it was too early. It just got popular lately. Actually, for 20 years the industry — our competitors — said edge was stupid. And all of a sudden they woke up and said, “Oh, edge is really the future,” and then they claim to have an edge, which they don’t. Now, fast forward, we have thousands of customers using our edge computing capabilities today.
And now with the acquisition of Linode, we’ll have core cloud computing capabilities. That’s the last big piece, in a sense, because now our customers can build their apps on Akamai, they can run them on Akamai, they can secure them with us and they can deliver, of course, through Akamai.
Akamai CEO Tom Leighton
Photo: Akamai
What are Akamai’s security strengths and how does Guardicore fit into your strategy?
We've been in security a long time. I don’t know that most of the world realized it, but we have been providing security services to protect U.S. government websites since probably 2001. We really started protecting major banks in 2012, 2013. And today we have the market-leading web app firewall solution [Web App and API Protector (WAAP), formerly known as Kona Site Defender] by far. Pretty much all the major banks and commerce companies use our security services. We have the best denial-of-service-prevention capabilities, the best protection for end-user accounts so they don’t get stolen. That’s really important for banking accounts or commerce accounts, but, increasingly, media accounts — your gaming accounts or your OTT [over the top] accounts are big targets.
What Guardicore does is that [it] protects enterprises from ransomware, and ransomware is the top problem today for enterprises. It’s crushing, and Guardicore identifies applications when they've been hit with ransomware, and then stops it from spreading. And that’s the key for stopping the damage from ransomware.
Typically segmentation has had sort of a bad name in the industry, because it was done in hardware, which made it really hard to do and not very effective. You physically separated your networks, and that’s just really painful in an enterprise, so most enterprises didn’t do it. But Guardicore invented a way to do it in software, where they place an agent or think of it as a mini firewall in every application. That agent tells when an application is doing something it shouldn't be doing or is being exploited in some way. It can also tell if it's got vulnerabilities like Log4j, and then it notifies the IT shop or the security shop that “you got a problem here.” Even better, it stops the problem from spreading. It doesn't let the malware jump from an HVAC unit into a critical operational system. And that way you limit the blast radius from ransomware. You limit the exposure to data exfiltration.
We view it as the cornerstone of a zero-trust strategy for an enterprise. The problem today is you could buy everybody's security services, and malware's still probably getting in somewhere. The key is really to know when it got in, where it got in and to stop it from spreading.
Why should enterprises use Linode over AWS, Microsoft Azure or Google Cloud or in addition to them under a multi-cloud strategy?
In short, it's the same reason that so many enterprises use us for delivery instead of AWS and Google and the other hyperscalers, and the same reason why they use us for security instead of those giant companies. In fact, those giant companies use us for delivery and security today. We have edge compute, and we're the best at that. Edge compute lives in 4,000 locations on Akamai, close to 1,000 cities around the world. Major companies, including those hyperscalers, use us for that.
For the core cloud compute, it is really easy to use Linode, very popular with developers and it's less expensive. Now what we need to do — and will do over the course of the next year or so — is make sure that Linode has the capabilities and the features that major enterprises need. Today they have some large customers, but mostly small and medium businesses and developers, and so there are some things that we need to do there that will make it enterprise-grade. When you put it in connection with our edge platform that has edge computing — and, of course, our market-leading delivery and security — you get a really exciting combination.
There's a lot of room for growth in cloud computing for the workloads. We know all the major enterprises or a lot of the major enterprises. They know us, and they're using us for delivery and security. Many of them have been asking us to develop a compute capability. And many of those companies compete with the hyperscalers, and they would like to have Akamai provide that capability, because we don't compete with them. We're not a threat to them. We're not a threat to be looking at their data. Of course, the fact that it's really easy to use and less expensive, I think that's helpful, too. It's about a third off [competitors’] published pricing.
I expect that down the road the hyperscalers will also be using our compute solution as part of the overall Akamai platform. Some of the hyperscalers’ [parent companies Amazon and Microsoft] are our largest customers, and some are really good partners as well. It just broadens the capabilities that they can do on Akamai. I expect they will have applications that they're going to want to have running on containers or VMs in hundreds of places close to end users, and Akamai will have that capability. We're pretty unique in that.
What products or services do you need to add to entice enterprises? Will you offer managed services in the future?
There's certain base capabilities that we're in the process of adding — VPC, reliability zones, getting it to be PCI-compliant, FedRAMP-compliant, that sort of thing — just sort of basics. Linode has a good ecosystem of apps on top of it [that are] not managed today. And so for those customers that want to have managed third-party apps on top of Linode and not do it themselves, yes, we would be offering that capability over time or in conjunction with partners that would do the management of the services for them.
What edge computing products and services do you have today and what industries are using them?
There's a variety of things we do. We have a JavaScript engine that's running on all our edge servers, and customers can use that to create functions as a service. We also create packaged functions, we call them Cloudlets. In some cases, our customers created those, and then we offer them to other customers. So things you'd like to do with a website or application, A/B testing, failover capabilities, personalized content. And there's a special class of capabilities we call Edge Side Includes, which we launched in 2001, that allows our customers to program their page so it's dynamically assembled on the edge. We have thousands of customers using that today — have for close to 20 years.
Delivery is still your largest business, but the growth is slowing. What's driving that, and do you expect it to recede to pre-COVID levels?
The traffic is growing, [just] not at as fast a rate. We're in a year now where it's a non-COVID year lapping on top of a COVID year, and so people are outside more, they're actually going back and doing shopping in stores more, so there's less traffic growth. I think this year will not be a strong year in terms of the delivery business revenue. Next year you get back into a more normal situation where you have a non-COVID year over a non-COVID year, and so you have more of normal dynamics then.
The main verticals for delivery are sort of two components. There's the big traffic verticals, which would be OTT and media: software, gaming downloads. Then there's the transaction verticals, which don't have a lot of traffic, but have high value for the traffic that they have, and that would be led by commerce, retail, hospitality and so forth. They're all growing traffic, but not nearly at the rates that they were.
This story was updated to correct a few transcription errors.
