GigaOM Radar Edge Platform Leader & Outperformer 2024 | 
The increased dependence on the internet and web-based applications have exposed individuals, organizations, and governments to various cyber threats, making web security an essential aspect of cybersecurity. However, despite the efforts to enhance web security, various challenges still exist.
In a recent workshop with security leaders, we tried to get to the bottom of what was keeping them awake at night.
Here’s a summary of their key issues and our tips on how to address them.
1. The time it takes to make changes using outdated processes.
Many organisations have outdated processes that require approval from various stakeholders before changes can be made, leading to delays in implementing security measures. This delay increases the organisation’s exposure to cyber threats and is further complicated by the other major obstacle in web security – determining who owns risk- the Board, CISO, CRO, or CEO. Each of these stakeholders has a different perspective on risk, making it difficult to come to a consensus on security-related decisions. We discovered that a number of organisations we spoke to were indeed frustrated by how long it takes to make even simple changes, like a firewall change. Such is the lack of confidence in making changes that they had to initiate processes where the Heads of Privacy, Risk, and Security are all in a room approving changes together. This is clearly an inefficient way of operating and is likely the result of not having clear enough data on the impact of changes in production.Solution
If engineers had access to real-life production data on their changes and received this data in real-time it would address many of the challenges listed above. By combining Edgio’s Dual WAAP (Illustration below), real-time observability (Core Web Vitals, Errors, Cache Hit), and config propagation in less than 60 seconds technical teams could make changes with greater confidence in a fraction of the time.
2. Challenges of moving left – more pressure on applications teams v. platform/infrastructure teams
Moving left refers to the shift towards addressing security issues early in the development cycle, the idea being that by shifting left, organisations can catch bugs earlier and get applications online quicker. This creates a challenge for application teams who must ensure security without compromising the application’s functionality. Whilst this is undoubtedly something that all organisations should embrace, it is clear that when executed at scale this is now placing extra pressure on development teams rather than it being the responsibility of the platform/infrastructure teams which was the case five years ago. As development teams now have a greater role in securing web applications, it is essential they are given the tools to do this as efficiently as possible so they can spend the majority of their time actually doing what they want to do…building web applications.Solution
To lighten the load on applications engineers, with the drive to shift left, it’s vital to give them a security solution that fits into their existing DevOps process. Edgio’s EdgeJS (CDN as code) integrates into many tools including Jenkins, Github, and Gitlab, and gives technical teams instant feedback on proposed changes and how this will impact a website’s CWVs, error rate, or cache efficiency in production. By combining EdgeJS with WAAP, engineers can have a solution that allows them to make config updates in less than 60 seconds and get instant data on the effectiveness of the change.3. Lack of talent/efficiency of talent
Everything we heard from our attendees indicated that current their security practices are inefficient, which has exacerbated the general industry challenge that there are simply not enough IT security professionals to keep up with an ever-evolving, and increasing, threat landscape. According to the International Information System Security Certification Consortium, known as ISC2, the total number of needed cybersecurity personnel across the globe rose to 3.4 million, up 26.2 percent in 2022. Alert fatigue, disjointed solutions, and difficult-to-use systems were also common issues that impacted how quickly teams can react when zero-day attacks like Log4j are identified.Solution
Edgio’s technology can be supported by a 24x7x365 SOC staffed with CISSP-accredited engineers. Our SOC team is designed to take an additional load off our customer’s overstretched technical teams, providing full monitoring and mitigation combined with industry-leading SLAs. The team is also on standby to offer emergency assistance for zero-day threats and, in case of all incidents, will provide detailed reporting that can be used to inform executives.
