Cxo of the week: Ajay Kapur, CTO/GM of Applications, Edgio

Edgio is an edge-enabled software solutions provider powering unmatched, secure

digital experiences through a seamlessly integrated delivery, applications, and streaming platform.

Our globally-scaled technology and expert services fuel the world’s top brands with the capacity to

deliver the fastest, most dynamic, and frictionless education, entertainment, events, and applications

to every user. Dedicated to providing unparalleled client care and extending value every step of the

way, Edgio is a partner of choice, driving about 5% of worldwide internet traffic to support the

most popular shows, movies, sports, games, music, and instant-loading websites.

Ajay Kapur is CTO/GM of Applications at Edgio and joined via the acquisition of Layer0 where he was Co-Founder and CEO. Layer0 is a leading developer-focused platform-as-a-service for application acceleration and deployment. Prior to Layer0, Kapur published mobile apps downloaded by tens of millions in the early days of the App Store. His first job was investing in technology companies for Goldman Sachs' private equity arm. Kapur earned an MBA from Stanford and bachelor’s degrees in physics and Computer Science from UC Berkeley.

Recently, we engaged in an interview with Ajay Kapur, CTO/GM of Applications at Edgio talked about the cybersecurity practices and strategies that Edgio must implement to strengthen its cyber ecosystem and plans for future expansion and much more.

Give us a brief introduction about the company, its specialization and services.

Edgio is a globally scaled, edge-enabled solutions provider for businesses, looking to meet the growing demand for fast, secure, and frictionless digital experiences.  Through our fully integrated platform and end-to-end edge services, companies can deliver content quicker and more securely, boosting overall revenue and business value.

We offer powerful solutions across web applications, content delivery, and video streaming, servicing 5% of global internet traffic and clients in 38 countries around the world. Edgio offers full Web Application and API Protection (WAAP) natively built into every edge location to mitigate known and emerging zero-day threats. Our next-generation Web CDN features help in predicting, monitoring, and releasing capabilities that improve site performance and outcomes.

Edgio is on a journey to expand its presence in India and globally, with an additional expansion focus on the markets in Southeast Asia.

What are some cybersecurity practices and strategies that organizations must implement to strengthen its cyber ecosystem?

It is important to implement robust security measures, such as encryption, access controls, and monitoring tools, to protect against attacks and data breaches. The Zero-trust framework provides a holistic approach to strengthening a company’s overall security posture.  Do not assume users are trusted and apply high levels of network security to segment users and devices, and between devices and between networks, using firewalls so would be attackers or malicious insiders cannot access privileged data, settings, or move laterally within your environment.

It’s also important to choose solutions that provide strong centralized control, with single pane-of glass views to reduce blind spots and ensure consistent policies are applied across all edge devices.  Strong analytic and streaming capabilities are also essential to detect and respond quickly to security events. Companies should look for vendors with rich logging to support monitoring and audit activities, as well as integration capabilities to support SIEMs and security automation via SOAR integration with the WAAP in order to reduce manual intervention that can be error-prone and bog down DevSecOps teams.

Additionally, secure coding practices should be applied when developing new applications.  Code reviews, automated testing, and vulnerability scans apply to all composable application components. APIs endpoints must be protected via authentication and positive security model, as well as against DDoS and malicious bots. Employ holistic security with a Web Application and API Protection (WAAP) solution across the edge to lower risk.  

What, as per you, are the five important things that Edgio should be looking at today?

The five important things that Edgio is currently looking at today are:

1. There is definitely a skills gap in the cybersecurity industry: According to the SANS Institute there’s currently more than 3.5 million of global cybersecurity talent shortage. It’s confirmed by the customers we speak with every day. This customer reality guides Edgio’s strategy, from a product and services perspective in several ways: (1) We design products and services in ways that are highly intuitive, developer friendly, and with automation in mind (2) Our solutions are designed to help customer accelerate detection & response time to new threats (3) Our detection/decision engines are carefully designed and updated to reduce false positives to cut down on alert fatigue (4) Edgio’s solutions are built for self-service, but our managed security services can help with day-to-day operations and our 24x7 SOC is there for you before, during and after an attack.
2. Greater need to help customers achieve and maintain compliance: In addition to regulations and mandates specific to any given industry, each year new rules and regulations put into place by governments worldwide (e.g. GDPR, CCPA, etc.).  Edgio continues to invest in innovative protections to guard PII stored behind applications, Edgio invested heavily in compliance measures including PCI-DSS Level 1, SOC2, ISO27001 to meet the most stringent requirements of nearly all organizations and entities, lowering their burden when it comes to protecting their stakeholders’ privacy.
3. Artificial Intelligence (AI) and Machine Learning (ML) in cybersecurity: We’re actively looking for more ways to maximizeand leverage AI and ML to enhance our solutions and services.Our Advanced Bot Manager’s detection engine leverages ML on top of the massive dataset we’re privy to due to our position in delivering 5% of global internet traffic, to detect anomalousbehavior, and ultimately distinguish between good and bad bot traffic. We’re also adding AI to aid SecOps teams, recently releasing a feature that allows our customers to use natural language prompts to efficiently complete routine tasks. We are looking at additional uses for AI in ways to decrease effort in incidence response, SOC investigations and more.
4. We continue to see an uptick in cyber-attacks: Which is probably no surprise to anyone, but the driving forces change over time. We saw attacks accelerate during the pandemic as life shifted even more online due to necessity, and today we find that the trend is at least partially attributed to the ongoing war in Ukraine and other major conflicts across the globe.  Criminal organizations are finding nation-state buyers happy to pay handsomely to DDoS adversaries and their allies.  Additionally, the number of vulnerabilities (CVE’s) discovered in the software supply chain rises every year (23.92% YoY in 2022) along with the discovery of critical zero-day vulnerabilities seems to become more frequent: Log4j, Spring4shell, to name a few. Compromising web applications to steal valuable data never goes out of style and that’s why we continue to invest heavily in R&D to keep our WAAP solution on the cutting edge.
5. As IoT devices proliferate, we see an increase in bad bot activity:With bad guys having greater incentives than ever before to innovate and build new evasive behaviours as the value of commerce applications continues to rise.  Even as crypto prices fell from their peak in 2021, ransomware attacks rise as many organizations are underprepared to deal with the threat, and unfortunately see no choice but to pay their captors to (hopefully) release their stranglehold on their critical systems and data.

Can you showcase some cyber-security solutions that you offer to the Indian market?

Edgio’s is a leading distributed platform in edge computing and multi-layered cloud security that protects business capabilities from vulnerabilities and mitigates attacks. Some of the special features of our web security solutions are:

• Web Application and API Protection (WAAP) which speeds up response times to vulnerabilities and threats with comprehensive web application and API protection solutions, including a dual WAF mode to predict the impact of a patch before deployment.
• DDoS Protection which automatically detects and mitigates DDoS attacks on our distributed network edge—before they impact your web infrastructure. Our software-defined, always-on DDoS protection is backed by a massive global network with 70x the capacity of the largest recorded attacks.
• Advanced Bot Manager is powered by AI and ML to accurately determine, in real time, if an application request is from a fraudulent source and mitigate it.
• Origin Shield which provides an intermediate caching layer reducing requests back to your origin, improving availability and helping you lower egress costs.
• Transport Layer Security (TLS 1.2+) which encrypts information in transit to prevent data theft and other tampering.

How do you see the emerging technologies impact your business sector?

The threat landscape in cybersecurity is constantly evolving, and with the rise of new technologies and evolving practices, it is becoming challenging for organizations to mitigate these risks. Furthermore, there is simply too much at stake for enterprises nowadays. Hence, it is important for organizations to adapt and evolve their cybersecurity strategies to remain protected and safe. Also, enterprises should keep an eye on potential threats, build stronger, unified defences against them, and respond to them in effective, efficient and in a collaborative manner.

Tell us about your growth plan for year 2023-2024.

Ans: The last ten years have been all about cloud and SaaS. We believe that the next ten years will be all about the edge. Hence, we are strategically reshaping Edgio into a more profitable and growth-oriented company, one that is better equipped to compete with the competition.

This year we have launched our Edgio Applications Platform version 7, empowering enterprises to drive revenue growth enhancing their web security, optimizing site performance and boosting team velocity. With granular policy controls and ML-based detection against evolving automated attacks, Edgio's Advanced Bot Manager is an integral component of our multi-layered security approach, which includes Access Control, Rate Limiting, Custom, as well as Managed Rule Sets, providing holistic protection against web security vulnerabilities.

We will continue to focus on making meaningful improvements to our culture, organization, and talent. We have implemented our target operating model that fully integrates us into “One Edgio.” This model is flatter, more agile, and more efficient.

Looking forward, we believe as the stakes get even higher and privacy of sensitive data continues to be the highest priority for organizations, Edgio is best positioned to help future clients achieve top performance for their outcome buyers.