Akamai Diversity

The Akamai Blog

How Akamai InfoSec Answers Customer Compliance Questions

Part 1 in a series. For more information, see "Everything You Want To Know About Akamai Security & Compliance."

The process to address customer security and compliance questions used to be somewhat chaotic. Questions would float around in random emails and elsewhere, and which ones got answered was a luck of the draw. We found this unacceptable, and did something about it.

In an interview last week, Akamai InfoSec Program Manager Meg Grady Troia -- who has had a big role in the customer service and compliance arena -- gave me an overview of the improvements made. 

It's been a three-pronged strategy:

  • Create an internal document of 100 basic security questions to give our sales staff clearer guidance on what to expect from customers and how best to answer them.
  • Create a structured process where sales people can pass customer questions along to us and we can supply them with answers in rapid-fire fashion.
  • Gather up documentation that deals with the most-commonly-asked-about issues and make them public.
The internal document deals with the first issue by laying out 100 common questions in detail and offering a variety of answers to take back to customers. The goal is to make it easier for sales staff to find answers on their own. When that can't happen, the second piece of the strategy comes into play.

An overhauled email list and ticketing system went online in late spring 2013. Senior Program Manager Lead Daniel Abraham and Security Researcher Kevin Riggle designed the improvements for easier communication between sales and our team. Sales staff asks us a question on the customer's behalf. We supply them with answers -- including documentation -- they can take back to the customer.

The third prong is about providing sales staff and customers with the tools for self service. As documents are made public, they will be housed on a compliance page that will be part of our soon-to-be-released Akamai Security microsite on Akamai.com.

Meg says the most sought-after documentation is the material dealing with PCI compliance and, as part of that, how we secure our servers and racks around the globe. Also popular are documents that map out Akamai human resource policies and insider threat information. 

"PCI is a very thorough standard about how you secure cardholder information," Meg says. "It allows us to talk about a variety of topics."

When the new security microsite goes online, customers will be able to go to the compliance page and type any topic they want to know about into a search box, which will then return every scrap of public documentation we have on the given topic, be it HIPAA, PCI, FedRamp or Sarbanes-Oxley.