It’s not every day you meet security vendors as passionate as Andrew Peterson and Zane Lackey, co-founders of Signal Sciences, now part of Fastly. That’s because their vision to provide next-gen protection for web applications and APIs combined with actionable visibility to development and DevOps teams comes from a place of empathy. Once practitioners themselves, they faced the same challenges their customers face today: they were frustrated with security that was cumbersome to implement and didn’t keep pace with their evolving needs.
This origin story of solving a problem for the way they were working is a lot like our own. It’s one of the things that first drew us to Signal Sciences, along with our shared relentless focus on modern DevOps. By combining their powerful security solutions with our edge cloud platform, we now offer a robust security portfolio, giving developers the visibility, control, and speed they need to safely build incredible online experiences.
I hosted a fireside chat with Andrew and Zane at our customer conference — Altitude 2020 — back in November, where they discussed what makes their approach to security different. Here are some of the highlights.
The rate of change is increasing. Businesses need security solutions that will keep up.
New services, applications, and APIs are being shipped faster than ever. While modern CDNs have learned this lesson and adapted to support the pace of application delivery that enterprises want to achieve, security solutions are still learning. What Andrew and Zane found at the start of their journey is that many existing security solutions were built for a different generation. They lack what’s needed today, including:
The ability to work regardless of the technology choices people are making, and
Accessibility. Solutions that work for just one or two siloed security experts are no longer useful. Solutions need to empower the broader development and DevOps teams with the visibility and capabilities to push things forward.
No matter what stage of digital transformation businesses are in, they recognize that the rate of change is increasing and that they need security solutions that support — and don’t slow down — their momentum.
“One of the things that we always hear from our customers that are C-level executives is, ‘You enabled us to do what we wanted to do in a secure way, at the pace we actually wanted,’” Zane told virtual Altitude attendees.
Security should be flexible enough to support both legacy systems and shiny, new tech.
One of the reasons security slows down transformation is because it’s not always a seamless part of the workflow. It’s difficult to find an all-in-one security solution that’s simple to deploy wherever you choose to build an app or API.
While enterprises at the leading edge of digital transformation get a lot of attention, the truth is that many organizations are still at the beginning or middle of that journey. Not only are they working with and trying to learn new cloud and edge services, but they’re also still dealing with legacy systems. They need security solutions that can be deployed on each of these — while also keeping up with new technologies that are introduced every day.
“As new technologies come out, we increase our support for each one of those architectures and technologies,” Andrew told the Altitude audience. “This means security people don’t a) have to learn those architectures and understand what they do, and b) don’t have to go and search for a separate solution to get protection over their API system or the new system someone’s using. We have an architecture that is flexible enough to deploy not just for the brand-new stuff, but also for the legacy things, and tie all of that together through one console, one management plane, and one way of enforcing policies.”
Visibility deepens the bench of defense-minded players on your team.
Historically, security technology was used by siloed security experts. This has created a frustrating situation and progress-blocker for application teams. Developers, for instance, might see errors happening in their applications, but aren’t sure if what they’re seeing is an attack. They could file a ticket and have the security team look into it, but it’s likely they’d wait a few days for a response.
Andrew and Zane want to see this process change, by empowering all teams with the same actionable insights and security observability. When developers, DevOps, and security teams all have a real-time view, they can have a more two-sided and equal-footed conversation. Instead of relying on the security team to potentially bring attack information, or the application team needing to lodge a ticket, both teams can identify and respond to the problem in the moment.
“You’re really extending that front line of defense from people that are just looking out for bad things happening to your entire development team,” Andrew explained during the talk. “The hacker's not going to wait around for your security team to show up. The application team can now actually be on the same level as them. They can see the attacks going on right now, go in, and solve those things."
A unified security platform for secure DevOps is possible.
We’re excited about what all of this means for security at the edge. With the merging of the Fastly and Signal Sciences teams, we’re able to provide our customers with even more security tools that are fully programmable and built with their developers in mind. We’re empowering them to innovate and build forward in a way that keeps their applications safe, their security teams happy, and their customers at ease.
This blog post was based on a talk given at Altitude, our customer summit held in November 2020. Watch other talks on the future of Fastly and the internet from the virtual event here.