From Akamai. We're excited to chat all things security, CDN, edge compute, delivery. I guess I'll just jump into it. You know, Tom, co-founder of Akamai, it's your 25th year in business, which, as we just mentioned, huge feat in technology. You know, can you maybe start high level, give us an overview on Akamai's product offerings and the different sub-segments that you play in?
Sure. We got started in delivery, created the CDN business. We're still the market leader there by a good margin, and about a decade ago, started in- Welcome, everybody. Whoops! Are we okay? Yeah. Yeah. About a decade ago, moved into security, web security in particular, and created the segment of application firewall as a cloud service, and market leader there, growing, you know, very nicely. In fact, security is now our largest product line this year. That was sort of a big change, starting as a delivery company. The third category is compute. We actually started with real edge computing in the early 2000s. you know, we had Edge Java. There was Edge WebSphere, literally GM, you could configure your car online using WebSphere, but the edge computing version of it.
A little before our time, though, and that wasn't especially successful. But we've been doing real edge computing, you know, since then, most recently making large investments in core cloud computing. You know, we're working on the capability to get containers and VMs in hundreds of locations, ultimately. I think, you know, core cloud computing, obviously an enormous market. You know, AWS gets a ton of credit for, you know, really creating that industry, and something our customers wanna see us move into, and so we're making a lot of investment there now.
A lot to dig into. I guess we'll start with CDN. You know, it's still a really healthy chunk of your revenues, but the market has its own challenges. You talked about commoditization, the price erosion with that. I know we've seen it in Akamai's numbers as well. How do you think about the market, especially on a go-forward basis, and how important is it to your clients now and the rest of your portfolio in the future?
Well, I think delivery is really important. You know, most of the world's major brands use us for the large majority of their delivery. You know, we're doing over 250 terabits per second, really vital, I think, to the internet and to our customer base. You know, That business has declined a little bit in revenue over the last few years. It's something we're looking to stabilize. Traffic growth, you know, annual traffic growth did tick up in March, which we were hoping for, 'cause it sort of, you know, ticked down last year in March. It was a pretty rough year for the world. So we're happy to see the traffic growth now be at better levels than it's been for the last year.
Obviously, commoditized, you know, pricing, is still continuing to decline on a per-unit basis but at a slower rate. A lot of players, you know, in that area, which makes it very competitive. Important business and, you know, we're the leader by far, and it's critical for our customers.
How do you differentiate yourself in a commoditizing market?
The best performance, the best scale, the best distribution. You know, the typical customers will use us for a very large segment of their delivery, if not all. We'll deliver the content faster, the video will be at a higher, better picture, less rebuffers, just overall quality, and, you know, competitive on price. We can deliver in the hard locations around the world or even in the harder networks, you know, in the U.S.
Can you walk us through, too, you know, if we think about web delivery today, it's not just CDN. Security is a very important aspect. How do you think about that at Akamai, and how does it really complement your delivery business?
You know, security, very important. It's a segment as a cloud service that we created, and we're unique in doing it in the same platform, the same CPU, the same colo, the same kilowatt hour as the delivery. As we're delivering content, we will protect our customer. We'll protect your bank account as we're delivering your bank balance. You know, we'll make sure it's really you that's accessing your bank account. All of that is done as part of the same transaction. It's not, you know, two separate things, which makes it very cost-effective, performs very well, it gives the best possible security.
Can you walk us through which products you really specialize in security? You know, we look at Cloudflare, we look at Fastly, we look at the hyperscalers, too, who have their hands in security for web delivery. What is it that is Akamai's secret sauce being successful, and where's the market focus?
The flagship product would be Web App Firewall. We're the market leader in that by far. In fact, you know, according to the analysts, we grew our lead in terms of capabilities there. On top of that, we're the leader in Bot Manager. That reached about a quarter billion dollars a year run rate, growing very well. There's other capabilities on top of that, Account Protector, literally, so that if somebody stole your credentials, tried to access your bank account, we can tell that it's not you, even though they have your credentials. That's very helpful, and so widely used by financial customers. Page Integrity Manager to catch and block, you know, malware that's gotten into the digital supply chain. That'll be a requirement for PCI compliance beginning in 2025.
That's on the App & API security side. Most recently, API security. We acquired a company we really like called Neosec. It's a new area. The attacks are just in the last couple of years. Typical large enterprise has a lot of APIs, and they don't even know all the APIs they got. A lot of them are not protected, and, you know, attacks are coming in that way, and it's a very nice adjacency to Web App Firewall. I'm very, you know, optimistic about the growth, you know, in that area. We also, you know, do infrastructure protection. This is the DDoS attacks at the routing layer with Prolexic.
Slower growing, we did have very good Q1, you know, the KillNet attacks, you know, very damaging to major medical centers in the US, you know, Russian-based, you know, Russian-sympathetic group, you know, attacking infrastructure. So we're able to help a lot of major companies with that. Then, of course, on the enterprise security, with zero trust led by Guardicore, where again, we've now become the market leader in segmentation, which I, you know, I think is probably the most important defense an enterprise can have. You know, today you can buy everybody's products, ours and everybody else's.
malware still gets in, you know, and the key is to identify that this has happened quickly and proactively block it from spreading, so you limit the blast radius, and that defends you against ransomware and data exfiltration, and that growing very well, you know, so that's exciting.
I'd love to dig a little bit deeper into zero trust, right? You know, we hosted Zscaler earlier today, Jay was talking about their vision of zero trust. You know, we hear a lot of other companies, cloud players in the market, saying they have a zero trust solution. How do you think about zero trust?
Well, zero trust has come to mean everything in security, just like edge has come to mean everything in the internet. You know, it's less of a useful term. You know, when we look at security, our goal is to protect applications. In terms of the internal enterprise applications, we do that through placing an agent, a software agent, on every app, on every container, can be on every switch if you want an agentless version. You know, it's a mini firewall, and it works with legacy OSS, so it can protect your legacy applications, and it governs what can talk to what, and it gives you visibility in terms of what's going on.
It can also identify for you if, say, you get a zero-day vulnerability like Log4j, you know, we can tell you within hours where you've got that vulnerability, and otherwise it takes weeks or longer to do. I think protecting the applications, and of course, Web App Firewall does that. That protects your applications from external users. You know, Guardicore segmentation is protecting your apps from malware that's inside from spreading. That's how, you know, we look at it. It sort of corresponds to that, I think, the early notions of zero trust. Also, protecting apps from internal users and their devices with our application access. You know, today, zero trust sort of means everything.
We've heard that a few times before. I also want to, you know, dive into application security before we turn to more of the meat and bones of your future growth, which is going to be in the edge compute. For application security, you know, we hear of Zscaler coming into the market. We hear of a bunch of startups coming into the market. Why would someone turn to Akamai and say, "This is who I want to buy it from," versus networking security versus endpoint?
Because it's really close to application firewall, where we're the leader by far, and our customers have been asking us to do this. In fact, I think Gartner did a study where, you know, half of the respondents said they looked to Akamai to provide this service, so it's a very natural adjacency. For those other companies, it's really not. A startup is complicated because, you know, are banks and major enterprises going to trust the startup with all their internal stuff? That's a leap. It took a long time to get them to trust us, you know, with all the secrets. It's a very natural thing for us to do. We're in the process of creating a very seamless integration with our application firewall.
Neosec already had integrations with the leading, you know, sources of traffic, you know, firewalls, load balancers, so I think it makes for a compelling solution from Akamai. Also, you know, they're unique, and they record everything, the whole transactions. You know, the other companies in this space don't, and so you can't do playbacks, you can't really do the forensics on it, and you don't have as much information to make intelligent decisions on.
Security now accounts for a large majority of your revenues, growing really strongly. You know, are customers starting to land with security, or is it still more of a cross-sell motion?
Well, yeah, our sales force, the lead by far is security. you know, pretty much everybody knows us, you know, for delivery, and we've got a lot of penetration there, but security by far is what the sales force is leading with today.
When you think about innovation, you've made some great acquisitions to really enhance your position in the security market. How do you think about build versus buy, especially going forward?
It's a blend. you know, we get a tech tuck in. You know, Guardicore, they've been working on this for 10 years to create what became now, with Akamai, a market-leading solution. you need both. With Neosec, you know, we're investing a lot around that, but we have a good seed to work from. Sometimes we do the seed ourselves and just do it organically. Web App Firewall, that's been entirely organic. I think it's a blend that's important.
Got it. Does anybody have any security questions before I move on to edge compute? Perfect. You know, Akamai's at a really interesting inflection point right now, announced a $500 million CapEx investment into really reinforcing your network infrastructure, I guess, you know, I'd love to hear in your terms, edge compute, more core cloud computing. Can you tell us, first of all, why is it so important to distinguish between the two, and then, you know, where you see yourselves in the market?
Great question. The investment in the CapEx is in the core cloud compute, and that's building the next generation of Linode to make it so it can work for big enterprise, big applications. You know, Linode focused on small and medium business, low ARPU, very popular with developers, very easy to use, very inexpensive, all great, but big enterprises really couldn't use it for big applications. You know, big enterprises with big applications is our specialty. We're in the process of, you know, building out new core data centers with a new architecture that will scale for big enterprises, have vastly more capacity, new storage, object storage capability, that big enterprises will need, getting the certifications big enterprises need and the basic functionality. That's all taking place, you know, through this year.
That's, today, would be core cloud compute, what the hyperscalers do. You mentioned edge computing, that's another word that got abused, you know? When we've been using the term edge computing for over 20 years, for us, it means compute in not two dozen locations, but in over 4,000 locations. Today, we do JavaScript as a service in over 4,000 locations. We'll spin up, you know, an app in 5 ms based on user demand, where they want it, great scalability and performance. We've been doing, you know, true edge computing for a long time. I think in the future, that is an important market. It's not a huge market today. 99 point nine something% of the revenue is in the core cloud compute, you know, what the hyperscalers are doing.
Over time, I think that moves more to the edge. The next phase for us, after we get the core data centers built out, which mostly will be done in Q3, is what we call our distributed compute, and that will be the ability to take containers, Kubernetes, VMs, and put that in hundreds of locations that already exist in our platform. Hundreds of cities where, you know, we won't have to build out new infrastructure to get basic container support there. That's something that we're working on now and, you know, hope to start deploying in beta late this year and then early next year. Ultimately, we'd like to be able to spin up containers where they're needed on demand, based on user demand.
That you don't have to figure out ahead of time, oh, I'm gonna need 10 VMs in Paris when I'm doing this event. If you guessed wrong and you really needed 20 VMs, you're screwed, and if you didn't need the 10 VMs, you overpaid. Much better if it spins up on demand, and that's what, you know, ultimately where we're headed with this. You get much better performance, much better scalability, and of course, it'll be at a much better price point, 'cause we do this stuff much more economically than you see in the market today.
We'll dig into price for a second, but I just wanna take a step back because what you said was, you know, pretty important, I think, to where the edge market is going. I think there's a misconception right now that edge compute is for gaming, it's for ticketing, and maybe the use cases are a bit more limited. Can you maybe give us one more example of another use case that, you know, investors should really be focused on for the meat and bones of edge, just outside of more of the traditional use cases that we would think about?
Well, real edge, it's something that you wanna be within 10 milliseconds from the end user. It could be any application at all that's chatty, like you wanna buy something. The APIs today are very chatty. You think you're doing one thing, one click. Underneath, there's a ton of back and forth going on. Every time you get that back and forth, you're picking up the latency, and if you're at 70 ms or 100 ms, and you got 20 back and forth, that's a disaster. Really slow. Plus, it's really expensive today with the, with the hyperscalers. You know, if you're, you know, 10 ms away, much better, and now you're viable. It can be, it could be anything. You know, Also, that it's user-specific, session-based.
Any transaction that you would do, that you wanna have a fast response. Non-example would be, QA testing. Put that in the core. You don't need to be close to the end user. Any time where your device is interacting with something. You know, like for, another example, you wouldn't think of being like this, but is transcoding. In fact, our largest user now of the new capability for computing is a big social media company. The first app they put on the platform was the ability. They've got a service where a user makes a video, and they want their buddies to see it. They upload it has to get encoded, it has to get ready for distribution, and then users can see it, and they want that to happen fast.
In fact, they want the user to be able to see it fast. That now runs on our core cloud computing becoming, you know, the more distributed version of it. For them, it was the low latency that was important for the performance, and we could do it with better performance than in the bake-off with the hyperscalers, and of course, cost. They care about that, and we can do it more economically. You wouldn't think, you know, taking a user video and putting it online. That would be something important on the edge? Well, it is, and the closer we can get, the better. You know, another example is live streaming.
We have, in fact, a very big cloud company using us for live streaming because they want the video tailored to what the end user's experience is, and that needs to be done close to the end user. They'd love to see us do that in thousands of locations. You know, today we don't, but probably we're at 50 locations for them, but that's something that will migrate into this next version that will be in hundreds of locations. You know, that's a very big cloud company.
Those are great examples, and I guess, you know, competition and pricing go hand in hand. Can you talk about how Akamai fits in with, first, the hyperscalers, but then also, you know, other competitors in the space, the Fastly's, the Cloudflare's?
Well, first of all, Fastly and Cloudflare do not do this. They have JavaScript. You know, Cloudflare has JavaScript as a service. Fastly, you can morph it into doing that. Neither of them operates containers or VMs as a service. Don't have it. Can't support these applications that I'm talking about, 'cause you can't do that in JavaScript. They're not competitors. Our competitors are the hyperscalers, and they do this a lot. It's an enormous market. We are going after a segment there, and the good news is we can do it... You know, the movement of data, we can do less expensively. They'll have less cost on the CPU and the colo, 'cause just at their scale. Right now, I would say the margins in that space are very high.
That gives us an opportunity to come in, especially for existing Akamai media customers, and offer them a service that will perform better, it'll be lower cost, and we'll make very good margin on it. But it is competing against the big giants to do that. We're going after a small segment of a giant market. For us, it's, well, potentially billions of dollars, which matters a lot. It's too small to matter to them.
No easy feat, though, going after the hyperscalers.
You know, we've been doing that, well, for 15 years on delivery and, well, probably seven or eight years on security, right? You know, CloudFront is, I think, 15 years old, and we compete with those guys even for their own business, you know? Two of the hyperscalers are our largest customers, even though we compete with their internal offerings, and that's because we do a better job at what we do. You know, we perform better, we have better security, and we have a very competitive price point. We're gonna do that for the kind of compute that we do, same thing, and we'll be competing with them on compute for their compute business.
I wanna talk about AI, too, as you just think about potential, just going back to potential, you know, opportunities here. Obviously, the buzzword, think, of the year. Could you talk a little bit around, you know, what potential opportunities are, both internally, from how Akamai is going to leverage it in your own products, but also externally, customer opportunities?
AI, broadly construed, we've been using for a long time in our security products, in particular, heavy users there. You know, the recent buzz around Large Language Models, LLMs or GPT, generative AI, you know, less use. You know, our developers are playing with it for QA. Can it find bugs? I don't think we're gonna be using it anytime soon to write code. You know, there is a problem with the attackers can, you know, morph malware to create lots of different versions of it, which is problematic for signature checking. That is a potential problem. I don't know that it really helps us in a fundamental way. Marketing documents, all that kind of stuff, probably there's some uses there.
In terms of the business, it takes a lot of compute cycles, and anything that sucks up a lot of compute, good for people in the space of selling compute. Now, today, that stuff is GPU-based, and we support GPUs with our compute infrastructure, but we're not making major investment there right now. That's because, you know, with GPUs, the economics aren't necessarily as good. Our big customers that want GPUs are the gaming companies. There's two challenges. One is different gaming companies may have different specs on the GPUs you want, which makes it a little hard to have a shared service, and the other is they tend to want the latest GPU each year, and that makes it harder to monetize the initial investment over a period of years.
Now, you know, we can go there, but we're not right now. We have the technical capability, but it's the financial decision. Now, with large language models, yeah, it's a good question. We're not running out buying a lot of GPUs. The creation of the model, that's gonna be done in the core. The actual response to your queries, good reason why that could be done at the edge, that is lighter weight, and actually, some companies working on capabilities to do that on CPUs just as efficiently, which would be better, that's, you know, as a whole. Yeah, maybe that we would support, you know, down the road. Day one doesn't change what we're focused on and doing. Longer range, yeah, maybe. It's good for the people who are selling compute as a whole, for sure.
For sure.
It is an interesting advance. You know, it's. The reliability's terrible, but it does give human-like responses. You know, so it parses, you know, very well, and if they could get it so it's, you know, somehow more accurate. Pretty interesting, I think.
I guess how early, you know, is the edge compute market and the core compute for what you're doing? Do you guys going to do a lot of market awareness and market education for your customers, or do most of them understand what they need?
Edge compute, we've been doing for over 20 years, and it's, you know, growing, you know, nicely, but it's small. With IoT and more edge applications, there's more of a need for that, I think. You know, the vast majority of the market is in the core cloud compute, and that's well established. You know, for us, you'll see us marketing more as we get our platform ready. You know, right now, we, as we talked about, we got to build out the capacity in the new architecture that's going through Q3. We've got our first three data centers live. We do have a large, as I mentioned, social media company, and as we turn on new data centers, they are using a lot more of it.
Mm-hmm.
Great to see, and some other work that carries us into Q4, and that's when you'll see us do more marketing around it, when we're really ready to start, you know, signing up more customers on it, and for big applications.
Actually, you know, speaking about your investment into the network, something that surprised me was looking at your numbers this past quarter. CapEx did tick down a bit, the percent of revenue, but you're still making these very large investments. Where is that benefit coming from, and how should we think about that for the remainder of the year?
Right. We're making a big investment in core cloud compute, that's the big ticket item that a big CapEx bill in Q1, a big one in Q2, be less in Q3, and way less in Q4. From there, it'll depend on how fast we sell the compute and how fast we fill up that capacity. Good news story is we're wildly successful, and we fill it up quickly, and then we'll buy more capacity. If it takes longer, CapEx bill will be very low next year. What you saw come down is the CapEx as a percentage of revenue for our delivery platform. Traditionally, that was the high single digits. We've cut that in half, partly because we're not taking on the spiky traffic anymore, at least a lot of it. If the pricing's not right, we've walked away from some business.
Partly, traffic growth is less than it was historically. Of course, we're shifting focus, you know, into the compute. We've, you know, really, that's much more attractive now in terms of the CapEx spend. Instead of 8% or 9% on the delivery network, looking at 4%, 5%, something much less. Compute will drop off substantially through the year until we generate a lot of revenue, which will be a good news scenario.
Sure. Makes sense. We only have, you know, two or so minutes left here. I'd love to chat a little bit about economic cycle. Obviously, you feel it with traffic, too, online shopping, great benefit during COVID, seeing a bit of a slowdown now. Can you tell us the sensitivity to your business, specifically around the economic cycle and how you've noticed the trends over the last few weeks?
Last few weeks, it's a pretty short time frame for trends, yeah, it's a challenging environment. We notice our big deals take a little bit longer to do. You know, customers need to save money, that puts pressure. You feel it more in the security business, I think, where we are the market leader, we have the higher-priced products, it maybe takes a little bit longer on some of the big deals. Delivery has already been very competitive. Compute, it's a plus because we're the lower-cost provider there, we can save companies money, and they need to save money now. You know, there is a little bit of a tailwind, oddly enough, with security, you know, especially in the financial, vertical, and critical infrastructure.
You know, banks cannot afford to have a blip now. You know, an outage or a successful attack, they are scared to death that their customers will think something's wrong with the bank, and that could create them a run. They could withdraw their funds, and no bank in this environment, with how they're set up, wants to see a lot of funds withdrawn. That helps us because the lower-cost providers aren't very reliable. You know, then we've seen a few banks try a competitor, and they had big reliability challenges, and they're back, you know, because they can't afford that. In fact, we had one bank that went to a competitor, and just in nine months, they had more in fines from the regulator because of the outages than they would have paid Akamai for our services.
It made no sense to have a look, the lower-cost guy who just wasn't reliable. It's helped our business that way, oddly enough.
Are there ways, too, for your business, and we spoke with Zscaler earlier today on the security front. They're trying to navigate through this difficult time, pulling a few levers that they can. Are there ways for your business to try and mitigate some of the pressure you're feeling, maybe on the sales cycle elongation? Maybe you're seeing more discounting, or just anything that you can do to help with that, ease that pressure?
No. At the end of the day, they need the capabilities. In fact, you know, we can bring a lot more capabilities to the table. We'll give them more enterprise licenses, you know, more new products. The bill will ultimately go up. Maybe they get a discount on the old product they had. Our goal is to be growing revenue in the account. We have a lot of new capabilities to bring to bear. That's primarily how we would deal with that.
Great. Well, we have no time left. Tom, thank you so much. It was great to host you in Akamai.
Well, thank you very much.