This month, we’re celebrating our 6th year anniversary of reporting on the CDN industry and 12 years of working in it. It’s been quite a ride. When we first started, the CDN industry was boring because there was very little product innovation. Today, rapid change is constant and game-changing product innovation is on overdrive, unlikely to slow down anytime soon. As a result, we’ve personally changed our mindset about what is a CDN.
A CDN is no longer a stand-alone business model, and we feel sorry for those who treat it as such, it’s a networking stack (“CDN stack”). The CDN stack is a high-performance, low latency, finely-tuned, continuously optimized, fully integrated, global network. And the purpose of the CDN stack is to support various software stacks like edge computing, security, WAN, networking, and so on.
However, before we get started, let’s review the most disruptive events and products in 2019.
- Fastly and Cloudflare IPO: Fastly and Cloudflare made history in 2019, joining Akamai and Limelight in the public market. With 4 vendors publicly traded, the industry can analyze, compare, contrast, and dissect business models in ways that weren’t possible before. Also, difficult questions can be asked and answered from public data, such as, is the Cloudflare and Fastly software stack better suited for the cloud-native world than Akamai’s?
- Edge Computing: CDNs entered new territory when they developed edge computing capabilities that allow customers to build applications at the edge. Edge functions were the first product to hit the market in 2019, followed by the CDN edge database. Expect a lot more services to be introduced in 2020. For the CDN, edge computing means having the ability to ingest, process, store, and deliver data from the edge (PoPs). Cloudflare was the first vendor to introduce an edge computing product, Workers. However, Fastly and others are right behind them. In 2020, we forecast that 15-25 CDNs will offer an edge computing product. The good news, the edge computing market is extremely large and it can support all 50 CDNs. The fight next year is about CDN industry vs AWS.
- CDNs Enter WAN Market: Cloudflare Access (VPN-less product) is a game-changer. This particular stack transforms the CDN into a cloud-based WAN provider. In 2020, it’s going to be CDN vs Telco MPLS. Akamai and Instart also have an application access product and we expect others to follow suit.
- CDN Edge Database: The CDN edge database is another game-changer that will be the pillar for all edge computing services in the future. The edge database transforms the stateless CDN model into a stateful model. Cloudflare was the first to introduce a CDN edge database called Workers KV. In addition, database products like Fauna, Yugabyte, and Coachroach Labs are available for CDNs to use in their network to develop stateful models. Better yet, Yugabyte has an open source product for anyone to use and resell w/o paying Yugabyte if they wish to do so. It’s baked into an open source licensing agreement, Apache 2.0.
- Distil Networks and Shape Security Acquired: Distil Networks and Shape Security are not CDNs but the services (bot mitigation, API security, credential security) they provide are offered by CDNs. As such, we classify them as being part of the CDN ecosystem. Shape Security was acquired by F5 Networks for $1B, a homerun for the Shape Security team. What does this mean for PerimeterX, the last of the large bot mitigation startups that raised $91M? Acquisition perhaps.
Looking back at 2019
In 2019, the CDN industry witnessed significant product innovation in the areas of edge computing, security, networking, and WAN. The CDN business model is in a constant state of change and the competitive landscape is being rewritten. In the near future, it will no longer be about CDN vs CDN but CDN vs some legacy provider in a large established market. Of course, this only applies to the CDN product leaders.
The CDN product leaders in our industry can be counted on two hands. They are no longer focused on competing with Akamai, the big fish in the small pond. Instead, they have been building out their product portfolio to take on legacy vendors, from AWS to the appliance vendors like Cisco, F5, Palo Alto Networks (PANW), Riverbed, etc., in established markets.
Who would have thought that one day Cloudflare would become a competitive force in the VPN market with their “Access” product? Well, they are, having recently closed a 25,000 user Access deal with a major European pharma company that replaced their problematic VPN with Cloudflare’s VPN-less solution. And the thing about the Access product, it transforms Cloudflare into a cloud-based WAN vendor that can compete against the telco WAN. The new reality is this, Cloudflare Access vs AT&T MPLS, Cloudflare Access vs Verizon MPLS, and so on. What are the benefits of Cloudflare Access vs Telco MPLS? Cloudflare Access can be provisioned in minutes anywhere in the world, it cost less, no lengthy contracts are required, multiple formats are supported, and most importantly, no specialized VPN hardware and software is needed.
The theme for 2019: Convergence
The theme for 2019 was convergence. New CDN business models will compete against legacy providers in established markets. The product leaders are building new capabilities (stacks) in areas of security, edge computing, networking, and WAN. The common element of the new business model is the CDN stack. CDN’s are in a strong position to compete in established markets once dominated by the legacy appliance vendors and traditional service providers.
The competitive advantage the CDN brings to an established market is its global network. Without a high-performance, low-latency, finely-tuned, fully integrated global network, the Zscaler’s, PANW’s, Juniper’s, Riverbed’s, and F5’s of the world will struggle to compete against the product-driven CDN. Maybe not today, but soon. And the best part, some of these legacy appliance vendors won’t even know what hit them. The VPN vendor that Cloudflare replaced in the pharma company likely had no clue on how to respond to Cloudflare, a new kind of threat.
And no, an F5 or PANW or Riverbed building a software stack on AWS is not enough to compete against the new CDN business model because total control of the routing infrastructure is required. By using AWS, these vendors give up that control and have to rely on AWS network engineers to optimize the global network. And one thing is for sure, AWS network engineers are going to do what’s best for AWS and their hundreds of thousands of customers, not an individual company like F5 or Riverbed.
Today, the CDN is a networking stack on which software services reside on. Building a software stack on a CDN, whether it’s in edge computing, security, WAN, or other area is difficult because the stack must be developed to scale globally, on-demand, provisioned in minutes, offered at a low-cost, be multi-tenant, and support thousands of customers from day 1 of operations. CDNs like Cloudflare, Fastly, and others got their feet wet by building stacks from the ground up like WAF and DDoS protection. With the newfound experience in building software stacks that reside on the CDN, these same vendors have turned their attention to developing stacks in edge computing and security. Cloudflare Workers and Workers KV, Cloudflare Access, Fastly Compute@Edge, StackPath Serverless Scripting, CenturyLink CDN Edge Compute, and so on, represent a new kind of business model.
Since the beginning, the most basic feature that a CDN provides is performance, so that websites, mobile apps, and web-based applications load fast on every device, anywhere in the world. For the last two decades, CDNs competed against each on network performance. Each vendor would tout their network performance against the competition, often saying we’re 5% to 15% faster than our competitors. An entire industry popped up to cater to this need, think of Gomez (Last Mile), Catchpoint, Cedexis, etc. Thus, squeezing every millisecond of performance out of the network became a life or death situation.
Thus, performance has become engrained in the DNA of every CDN. If your network is slow, then you know you suck and so does the competition. The performance mindset has crept into the software development process. Every new software stack that developed to run on the CDN must perform at a very high level that doesn’t hinder response times in any way, shape, or form. If it does, then developers go back to the drawing board.
This was the case when Verizon Media (EdgeCast) first introduced its WAF product to the market. Initially, Verizon used the open source WAF ModSecurity out-of-the-box. However, out-of-the-box ModSecurity is bloated and slow, in that it tries to serve every use case known to man. After a while, it became apparent that ModSecurity was not a good fit for the global CDN. The global CDN is a very unique use case. Thus, the Verizon development team went back to the drawing board and built an entirely new multi-tenant WAF from the ground up called waflz. The walfz product is a beauty because it adds almost no latency to response times. Cloudflare, Fastly, StackPath, and others have done the same thing.
Thus, CDNs have a decade of experience in optimizing global network performance. And every new stack that is developed to run over the CDN stack means response times will not be impacted and web applications will load fast.
Knowing this, how in the world can a Palo Alto Networks, F5, Fortinet, Zscaler, and other like-minded vendors compete with an industry that is so devoted to network performance? F5 made a smart move in acquiring Shape Security, however, they still lack a CDN stack. Netskope, a pure-play security Unicorn realized the advantage of running a security stack on top of a CDN stack so they went out and hired dozens of CDN engineers from Limelight Networks and AWS to build a high-performance global networking stack. Does this mean that if F5 or Riverbed or Zscaler want to build a CDN stack they must go and hire dozens of CDNs? Unfortunately, yes, unless they buy one and rebuilt their stack to run over it.
AWS vs CDN Industry
In 2006, AWS introduced S3 storage to the world and EC2 was in beta. In November 2008, they introduced their CDN product CloudFront (not to be confused with Cloudflare). Within 1-2 years, the entire CDN industry felt the financial impact of S3 and CloudFront. The Origin Storage product, a once highly profitable service where customers would store their video and content on a CDN and pay on a per GB basis, imploded. Ever since then, CDNs have been on the defensive, innovating as much as they could to hold onto existing market share and gain a little. And they have been successful.
In 2019, the competitive picture of AWS vs the CDN industry changed. Now CDNs have a new product (edge computing) at their disposal to compete against AWS. With newly enhanced edge computing capabilities, CDNs are targeting AWS’s bread and butter service, compute. And that’s happening today. Any company that is using AWS infrastructure for gaming, eCommerce, mobile apps, and media is up for grabs. Expect the competition to intensify in 2020 and 2021 as CDNs introduce more edge computing services.
AWS Business Model
What can be said about the AWS business model? There are two camps of thought regarding their position in the market. The first, AWS is an unstoppable cloud computing giant that is consuming the infrastructure world. The second, AWS is a generalist, jack-of-all-trades with 175 services and master of none. With so many services being offered, from robotics to satellite to AI to storage to mobile to compute and so on, it’s impossible for AWS to be the best-of-breed in anything.
In the global SQL database market, AWS is not a product leader, that would be Fauna, Yugabyte, and Cockroach Labs. In DDoS protection and WAF, the product leaders would be Cloudflare, Fastly, Verizon Media (EdgeCast), and others. In CDN services, AWS CloudFront isn’t a product leader. In AI, the startup ecosystem dominates innovation. There are literally several hundred AI startups pushing the boundaries of innovation. And so on and so forth. Thus, the CDN product leaders understand that it’s better to focus on building a few highly innovative and differentiated services than trying to offer everything under the sun.
Jack-of-all-trades vs Best-of-Breed
The real question for 2020, is the generalist, jack-of-all-trades business model with hundreds of services, some unrelated, better than a best-of-breed, highly-focused, innovation-driven CDN business model? We shall see. If you’re an enterprise using cloud infrastructure, regardless of what industry you’re in, the purpose in doing so is to create a competitive advantage. And the best way of creating a competitive advantage is to use the absolute best-of-breed and best-in-class in AI, CDN, security, etc. Who would want to use a medicore AI product?
However, we will give credit where credit is due. The best move Amazon has ever made, and this move was made by Jeff Bezos, not Any Jassy or Werner Vogels was to save The Expanse TV series, the best space sci-fi in decades. We could easily live in a world without AWS but not without The Expanse.