Akamai Diversity

The Akamai Blog

Access and Delivery different sides of the same coin

We are often so caught up in our own realities that we miss obvious similarities or synergies. Luckily when various people look at the same situation, different perspectives emerge. I was reminded of that recently during a conversation with one of our large pharma customers.

Akamai helps our customers fully embrace the transition of their users and applications to the cloud. For most, even if their apps aren't in the cloud yet, end users expect to access them from their favorite managed and unmanaged devices as if they were.

For many enterprises, that means providing network access to users so they can interact with a few enterprise apps behind the firewall, whether on-prem or in the cloud. As I have talked about previously, this perimeter-based security approach and trust model belongs in the past.

Now if an enterprise wants to transform enterprise security, there are obviously a lot of options (probably just as many as there are vendors). At Akamai we believe in zero trust and the power of the cloud and simple, elegant solutions. So if your users and applications are moving to the cloud, shouldn't your enterprise security perimeter and network do so as well?

Either way, we have been focused on transforming access to enterprise applications behind the firewall with Akamai's Enterprise Application Access (EAA). But as the large pharma customer reminded me, is it really access that Akamai is trying to transform, or is it enterprise application delivery?

I thought that was an interesting point and ultimately led me to the conclusion that enterprise application access and enterprise application delivery are really different sides of the same coin.

AppDeliveryAppAccess Fig1.png

The more I thought about it, the more obvious it seemed that it is largely just a matter of perspective. Perhaps enterprise application access can even learn something from the world of application delivery, an area that Akamai knows a thing or two about.

AppDeliveryAppAccess Fig2.png

In terms of enterprise application delivery, there are some unique requirements that we don't really see on the consumer application delivery side, such as identity provider integration, single sign-on support, or the fact that the application cannot be exposed on the Internet. No public application infrastructure IPs or open inbound ports on your firewall.

The obvious conclusion: Why not shift all your attack surface to the cloud where a provider - like Akamai - can deal with that aspect of your business?

Traditional access to enterprise applications is focused on providing network access to get application access. As you know, I am not a big fan of handing over the master keys to the kingdom. Akamai as an organization assumes that there is no inside and that everyone is untrusted and doesn't need access to everything.

But network and application security is only part of the story. Application access, and more importantly application delivery, includes another vital component - application performance (another area Akamai knows a bit about).

As part of working with our customers to transform how they deliver enterprise applications, we have not only helped them with security and simplicity, but also performance. And performance matters in the enterprise context. Nothing worse than employees wasting time and money waiting for applications to load as they try to do their job.

It used to be all about optimizing traffic on your enterprise WAN, but as applications and users move to the cloud, these techniques and transport choices often no longer make sense. Why backhaul enterprise traffic over the WAN to your enterprise security stack? In fact, do you even need a WAN when most of your workloads are in the cloud?

Perhaps it is time to face the inevitable. The Internet will become part of your WAN. Most of us are well on our way with hybrid WAN topologies today.

We worked with a customer recently that implemented EAA - or delivery depending on your perspective - for about 50 enterprise apps. Based on business priority and the distribution of end users who needed to access certain applications, they chose ~25 where they wanted to ensure blazing-fast experiences globally.

Their old access method was not only mired in complexity and left something to be desired in terms of security, but because of legacy network architecture, latency, congestion, and security requirements, they also suffered from application performance issues. The simple solution was to utilize Akamai's Web Performance Solutions in conjunction with Akamai's Enterprise Application Access to ensure fast, reliable, enterprise apps globally - all accessed over the Internet, without any endpoint clients, or public application infrastructure IPs. Only Akamai's platform is visible to the outside world.

In this particular example, Enterprise Application Access already helped with performance since EAA-enabled apps could now be accessed from any device with an HTML5-compliant browser over the Internet. Adding a web performance solution to the picture improved performance even more. For a transaction measured using last-mile agents, the performance improvement was significant.

AppDeliveryAppAccess Fig3.png

For this customer, better performance of their enterprise applications meant that employees were more productive and IT didn't have to deal with the incessant corporate app performance-related tickets. It also meant that the enterprise application traffic shifted to the Internet, offloading the enterprise network.

So bottom line, enterprise application access can learn a thing or two from consumer application delivery. A change of perspective is often exactly what we all need.

To learn more about how to deliver fast and secure enterprise applications, check out Enterprise Application Access.