Lessons in security leadership: Andy Ellis

Senior director of information security, Akamai Technologies

. What's this?

By

August 08, 2011CSO

The 2011 CSO Compass Award winners discuss prioritizing investments, learning lessons the hard way, and much more

As a cloud-optimization services provider, Akamai handles tens of billions of daily Web interactions for 90 of the top 100 online U.S. retailers, 29 of the top 30 global media and entertainment companies, nine of the top 10 world banks, and all branches of the U.S. military. Overseeing the security architecture of this massive, globally distributed network is MIT graduate and former Air Force Officer Andy Ellis, now Akamai's senior director of information security and chief security architect. He is a noted speaker and the author of Protecting a Better Internet, a blog focused on key issues facing the information security industry.

CSO: What is unique about the security challenges you face at Akamai?
Ellis: Nearly all security problems start with a human being who does something they shouldn't or makes a mistake. But we decided early on that we didn't want humans in the loop. Instead, we built our systems so that failures would be dealt with by systems. So whereas the normal security concern is what people would do to you, we have to look at what the system can do to you. That takes adversarial engineering: You design assuming everything is an adversary so you're naturally resistant to it.

More lessons from the 2011 CSO Compass Award winners

Why is transparency a particular concern of yours?
In the past, we'd tell customers as little as we could about our security. But making them pull teeth to get that information was very expensive because they'd spend a lot of time asking questions. So more and more, we're telling people proactively what we do, to the point where we've added a line item to the contract that gives them visibility into Akamai controls. We want people to think of us as the cloud vendor that gives them intelligence.

What is the most difficult or rewarding accomplishment of your career?
The building of a secure content-delivery network, which goes back to Akamai's founder [Daniel Lewin], who perished in the 9/11 attack. This was 10 years ago, when cloud wasn't on anyone's radar. Danny and I went back and forth deciding the minimal set of controls needed for security, and there were days I didn't think we'd ever build it. Then, one morning at 8 a.m., I get a phone call. I'd been up until 5 a.m., responding to an incident. It's Danny, and he's with a financial-services customer. He says, "I'm going to sell them the secure content-delivery network, and I need you to talk to them about it." This was literally three days after I was ready to throw my hands up on the whole thing. I said, "OK, Danny, I need two minutes to splash water on my face so I'm coherent."

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER