Increasing use of cloud technologies was always going to be the logical next step for companies that were forced to accelerate digital transformation plans as a result of the COVID-19 pandemic.
With remote-access usage exploding and new security threats emerging as a result of the new normal, strategic investment in cloud platforms offered a way of scaling with demand and increasing agility.
This meant, for example, tapping serverless applications to enable automated deployment of new capacity in seconds rather than days.
Yet the biggest benefit of the change, says Fastly Chief Product Architect Sean Leach, is that companies’ increased reliance on cloud technologies encouraged them to dive into a new application architecture – the secure access service edge (SASE) – in which secure, programmable cloud-based services build and secure the new network perimeter.
“The data centre took some of the responsibility off developers’ hands by managing the network and racks and power for them,” he explains, “and managed hosting took servers out of the mix.”
“Now, you’re really starting to see this with serverless environments that are taking the application stack out of their responsibility as well – and because there are a lot of really smart people helping with the securing of things, it takes that burden away from developers who just want to write business logic.”
Particularly given the pace of transformation during 2020, companies’ ability to lean on the cloud to do their heavy lifting has been a boon for developers charged with delivering major organisational transformation – and doing so without being affected by a growing climate of malicious attacks.
This growth in demand is creating opportunities for edge cloud platform providers like Fastly – which cut its teeth in Australia providing streaming-at-scale services to the likes of Network 10, but is also positioning security and other value-added cloud services as a way to broaden its value proposition.
Using cloud-based services to secure the edge allows even small businesses to tap into enterprise-scale detection and remediation capabilities that can, for example, detect malicious botnets and distributed denial of service (DDoS) attacks such as RangeAmp – and stop them before they affect company applications.
“We’re seeing some really creative attacks pivoting around the defences and the attacks are getting quite large,” Leach says, “but many customers don’t know what their threat is at any particular time.”
“The more solutions that can protect across the broader range of threats, the more value they’ll get out of it,” he says, adding that many increasingly cloud-dependent companies aren’t necessarily taking the time to evaluate their dependence on third party services (like ad networks) that may or may not be as well protected.
SASE, which was only identified as a trend by Gartner in late 2019 and is expected to grow by 42 per cent annually through 2024, has come onto the radar so quickly that Gartner now expects 40 per cent of companies will have “explicit strategies” to use it by 2024.
Yet for all their enthusiasm, Gartner senior director analyst Steve Riley warned, companies need to make sure they choose their SASE architecture wisely.
“Watch out for slideware,” he advised, “especially from incumbent vendors that are ill-prepared for cloud-based delivery as a service model.”
“This is a case in which software architecture and implementation matters. True SASE services are cloud-native.”
Automating the future
If cloud-native secure edge providers are the future of the extended enterprise, automation is its catalyst.
An extensive catalogue of automation services helps enterprise applications tap into Fastly’s Australian network of four points of presence in Sydney, Melbourne, Brisbane and Perth – ensuring performance and redundancy that will help keep cloud-based enterprise applications humming along no matter what happens.
As increasingly complex and interconnected applications become the norm, developers are also being increasingly pressured to back their cloud-based applications with security architectures that are regularly reviewed and updated.
This burden – which is replacing the traditional ‘build first, scan later’ development approach – has accelerated recognition of the importance of DevSecOps.
This development and deployment methodology, in which security is ‘baked in’ and iteratively tested as software evolves, has hastened appreciation of security’s importance in the software development lifecycle – and automation’s ability to ensure that security keeps up with the pace of development.
“There was just no agility in the old model,” Leach explains. “You would write some code, ask the security team to check it, wait until they give it their blessing, and then push it live. It could take days and weeks.”
DevSecOps, by contrast, leans on automation to integrate security scanning and remediation as part of the development process.
“When you write that code, you can check it for the most common security issues and vulnerabilities,” Leach says. “You don’t have to make security that gate anymore; security just flows, like water, around the entire process – and it just makes things so much easier.