CDSA

Akamai sees its application security and access control network security product categories as two of its largest opportunities for revenue growth over the next 3-5 years, according to Tom Leighton, its CEO and co-founder.

Security overall accounts for about a third of Akamai’s revenue today and “it’s been growing at a very strong rate,” he said Feb. 25 during the online Akamai Investor Summit.

Although the company’s content delivery network (CDN) business accounts for about two-thirds of its total revenue now, it’s a much more mature business that has been growing at a slower pace than security, he noted.

In the past five years, Akamai has become the market share leader in a few security areas, including Distributed Denial of Service (DDoS) attack prevention, web app firewalls and bot management, he said. “We have excellent margins in this business and, as it continues to grow, that should help margins for the company as a whole over time,” he explained.

The security business, meanwhile, also helps Akamai’s content business via bundling opportunities, including Protect & Perform, which he said has been especially popular with customers.

Akamai’s security business is made up of: application security (including app/API protection and fraud prevention); network security (including infrastructure protection and access control); and security services.

Application Security

Akamai’s app and application programming interface (API) protection products include Kona Site Defender and Akamai’s new Page Integrity Manager. Last year, those products accounted for $480 million in revenue, a 28% increase from 2019, Leighton said.

“We have about 2,000 customers using these products, which means that there’s plenty of room for growth,” he said of the application security offerings. “Our goal is to sustain” a compound annual growth rate (CAGR) of about 18-22% for these products over the next 3-5 years, he told viewers.

Moving on to fraud prevention, he pointed out: “There are many attacks today where user credentials are stolen from one site and then used by bot armies on thousands of other sites to see if the same credentials work on multiple sites and, when they do, the credentials are sold to a criminal organization that uses them to take over your account. In fact, this is so pervasive today that most login attempts at many of our customers’ sites aren’t human. They’re bots trying to break in.”

However, Akamai’s Bot Manager solution identifies and stops those attacks and “it’s a big reason why it’s been one of our fastest-growing new products over the last decade,” he noted.

Last year, Akamai’s fraud prevention products accounted for $176 million in revenue, up 36% year over year. “We have about 500 customers using these products today, which means” the average revenue per user (ARPU) is “very good,” according to Leighton. As Akamai looks out over the next 3-5 years, the company’s goal is to sustain a CAGR of about 20-30%, he said.

“Altogether, we generated $656 million from our app security products last year,” a 30% increase from 2019, he noted, predicting: “This will be the area of greatest absolute dollar growth in the business over the next few years, and our goal is to sustain a CAGR of 20 to 25 percent in this area over the next three to five years.”

Network Security and Security Services

In network security, infrastructure protection products generated $191 million last year for Akamai, up 9% from 2019, and its goal is to grow the category about 3-5% a year, he said. But the company may do better than that, like it did in 2020 due to the rise in ransom DDoS attacks seen last year, he noted.

“Access control is a much faster growing area and one of our most exciting opportunities for growth over the longer term,” he told viewers. Those offerings include enterprise security products such as Enterprise Application Access, Enterprise Threat Protector and Akamai’s new Multi Factor Authentication solution, as well as products it sells through carriers.

Those access control products “keep an enterprise safe from malware attacks and data theft attacks,” he pointed out, calling it a “very exciting area for growth as enterprises move away from traditional security defenses and adopt Zero Trust” solutions in the cloud.

Last year, the access control products accounted for only $50 million in revenue for the company, he noted. But that was up a whopping 62% from 2019. And Akamai expects revenue to double to about $100 million in 2021, Leighton said, adding the firm’s goal is to sustain a CAGR of at least 50% over the next three to five years in access control offerings.

Combined, the company generated $241 million in revenue from its network security products last year, up 17% from 2019, and its goal is to sustain a CAGR of 20-25% over the next three to five years, he said. Nearly all that growth will come from the access control products, he projected.

Security services, meanwhile, generated $164 million in revenue last year, up 20% from 2019, and Akamai’s goal is to sustain CAGR of about 10-15% over the next 3-5 years in those products, he said.

Combined across all security offerings, Akamai expects CAGR of at least 20% over the next 3-5 years, he added.

“Strong Tailwinds”

There are “several strong tailwinds helping” Akamai, including the fact that cyberattacks are becoming bigger, more sophisticated and more unpredictable than ever before, Leighton told viewers.

“It seems that everyone’s getting hacked and just when you think it can’t possibly get any worse, it does,” he pointed out.

Meanwhile, “the volume of attacks that we’re managing at Akamai has also risen dramatically over the last year,” he said, noting the company mitigated over 1,800 DDoS attacks in Q4, up 40% over a year earlier. The company also saw a “record-breaking numbers of malicious login attempts last year” and almost 200 billion credential abuse attacks, he said.

“Malware is literally everywhere,” he said. It’s become even worse during the pandemic because so many employees are working remotely, increasing the exposure to bad actors, he explained, calling it a “perfect storm of attacks.”

Akamai’s Intelligent Edge Platform solutions, however, “stop the attacks at the source, at the edge, long before the malicious traffic ever reaches the target,” he told viewers.

Although there is no shortage of rivals, including startups, the company is “performing very well against the competition because we have the best scale and intelligence, we have the most complete suite of defenses [and] we’re constantly innovating and evolving our defensive capabilities to respond the latest threats,” he explained.

The Edge Platform’s Scale

The Akamai Intelligent Edge Platform now operates at a “massive scale with over 340,000 servers handling trillions of requests per day and well over 100 terabits per second of concurrent traffic around the clock,” according to Leighton.

“No other company comes anywhere close to this kind of distribution and proximity to end users, and that gives Akamai a big advantage over the competition,” he said.

Most companies “still make some use of enterprise data centers but many also use services like AWS and Azure for storage and compute,” he noted, adding:

“This helps lower cost and improve agility but there’s still the problem of being close to end users and getting the scale you need for today’s digital business. And for that you need a true edge platform. That’s why more and more functionality is moving to the edge and why most major enterprises use Akamai’s Edge Platform to deliver and secure their content.”

What makes the edge so important is that’s “where all the users are,” as well as “where all the devices are and it’s where most of the bandwidth is,” he said.

However, “it’s also where most of the attackers and bots are, so it’s where your defenses need to be,” he noted.

“The edge will become even more important in the future since it’s where 5G will be,” he added.