Companies that specialize in helping businesses speed delivery of their applications and Web content are increasingly involving themselves in IT security as the continued proliferation of systems-defense technologies has become a potential roadblock to the performance and quality of the services they already provide.
Business leaders at applications acceleration providers like Akamai Technologies and Symphoniq contend that as their customers continue to layer additional security devices and programs into their IT infrastructures, they are creating new obstacles to maintaining swift delivery of everything from customer-facing e-commerce systems to supply chain networks shared among partners.
As a result, the technology and service providers are moving to help growing numbers of their customers find the most effective manner to tailor their security systems in a way that reduces the strain on their applications while maximizing protection.
Security has always been a major consideration in the applications delivery world, but the continued explosion of new technologies that customers want to utilize to prevent attackers from compromising their systems has forced companies like Akamai -- which claims to handle performance and availability issues for 300 of the top 500 e-commerce sites in the world -- to up the ante in recent years, executives said.
"As an overlay on the network, we're an overlay for users both good and bad who want to access to these applications," said Keiran Taylor, senior director of product marketing at Akamai. "Whether you're talking about denial-of-service threats or other types of attacks carried out against these systems, in many cases we're actually the first line of defense that can thwart something before it harms an enterprise customer."
In addition to a number of homegrown technologies that the company already uses to ensure that its customers' applications and sites are running at full speed, many of which are delivered as an element of its core services -- such as tools that monitor for activity that might indicate emerging DoS attacks -- Akamai also sees new business opportunities helping companies deal with other security-related headaches.
Earlier this month, the company launched its first service aimed at aiding customers who process credit and debit cards maintain compliance with the Payment Card Industry (PCI) Security Standards Council's DSS (Data Security Standard).
Backed by the world's largest credit card providers, the PCI DSS mandate requires businesses to bolster their security systems to protect cardholders' sensitive personal data.
Akamai's service includes additional "assurance" for securing card data involved in online transactions as well as its new Dynamic Site Accelerator PCI service, which includes an audit management portal, systems configuration validation tools, infrastructure scanning reports, service integration guidelines, and an SSL network tailored to meet the regulation's specific terms.
Thus far, the PCI service is only available as a beta, but Akamai is planning to make it a commercial offering in 2008.
"If you look at what Visa and these other card companies have said, caching secure content is a key component of meeting the requirements," said Taylor. "In the quest for performance sometimes people let security take a back seat, but clearly it can come back to bite you, so we're trying to deliver both pieces of the equation and make it as simple as possible for our customers to do business."
Symphoniq sees an opportunity
At Symphoniq, company officials are now marketing the firm's Real User Monitoring Web applications performance measurement service as an ideal way to head off potential attacks carried out against online transactional systems, including e-commerce sites.
Architected to help companies understand what the in-the-browser experience is like for users of their online systems, Symphoniq is now pitching the product's ability to sniff out attempts to break into online applications to steal data, carry out fraudulent transactions, or launch attacks such as cross-site scripting threats.
"The customers are trying to solve these problems by adding a lot of security devices and applications into the pipeline, which is having a huge effect in some cases on the performance and reliability of the applications themselves, so we are being asked to do more around security," said Hon Wong, chief executive of Symphoniq.