TL; DR: A platform of secure internet services built at the cloud’s edge, StackPath continues to rapidly expand its global network of servers and security services only a year after launching. The well-funded Security-as-a-Service brainchild of SoftLayer Founder Lance Crosby nearly tripled the number of points-of-presence (POPs) in its content delivery network after the early 2017 acquisition of Highwinds and are currently doubling the company’s overall capacity once again before the end of the year. The CDN’s Principal Software Engineer, Nathan Moore, recently shared with us how merging the two impressive systems with an eye for developer experience bodes well for more than 800,000 customers.
By caching or storing online content as close to visitors as possible, content delivery networks, or CDNs, have long been thought of as a mechanism for amplifying speed and shrinking page loads.
With performance so critical to online success, CDNs have seen an increasing amount of traffic and are gaining a stronger foothold as a sentry for identifying and turning back malicious behavior.
StackPath, behind a mission to secure online properties without sacrificing speed or scalability, is capitalizing on the security-first approach to content delivery — at its own risk, according to Principal Software Engineer Nathan Moore.
“One of the perils of defining yourself as a security company is that now, all of a sudden, you’re a target,” he said. “Other potential targets come to us for our ability to protect and shield them from attacks, so we have to be really good at absorbing and handling all kinds of attacks.”
How the Highwinds Acquisition is Leading to StackPath 2.0
Launched in October 2016, StackPath services comprise a CDN, web application firewall, cloud-based DDoS protection, and other tools for fine-tuned security, control, and efficiency.
The company’s network boasts points-of-presence, or POPs, on five continents and was largely built on the architecture Nathan created and oversaw as Principal Architect of MaxCDN, which StackPath acquired shortly after its founding.
Less than a year later, the company announced the February 2017 purchase of Highwinds, another industry-leading CDN, for an undisclosed amount.
“We were very fortunate that we were able to find a company that was very much in line with what we were trying to do,” Nathan said. “They were already operating at a much bigger scale than we were, so, by combining us, we are able to get to this very fast, high-growth stage. We fit together surprisingly well.”
Now, Nathan’s challenge is merging the two companies’ systems and processes to offer users a seamless experience as part of StackPath 2.0. To welcome Highwinds customers, StackPath is introducing some of its unique services, overhauling the user interface, and optimizing various operational procedures.
“It’s simply insufficient to just buy a company and place it out there without absolute integration,” he said. “We have to blend the legacy StackPath audience together with the Highwinds audience to have a truly unified platform.”
New Developer Advocate Works to Ensure Best User Experiences
To support the companies and developers using StackPath services, the company launched two programs that will provide business and technical guides, online communities, local meet-ups, support, and mentorship as teams look to build protection and performance into their programs.
StackPath Propel engages tech startups, founders, CEOs, CTOs, and investors, while StackPath Amp will aid developers with education, communication, and support of open-source projects.
“Everyone has to start somewhere and, at StackPath, we believe that it is important to support the tech community, especially startups and developers,” Founder and CEO Lance Crosby said in the announcement. “We are security and content delivery experts so they don’t have to be.”
Director of Developer Relations Justin Johnson joined the company in September to lead the StackPath Amp initiative, which Nathan said is especially important in the face of merging the Highwinds and StackPath platforms and audiences. All StackPath plans start with a 15-day free trial.
“Developers are critical,” he said. “We want to make sure they have the best possible experience, meaning we don’t want to abandon their legacy APIs and force them to refactor and rebuild things. The average developer has to be able to jump onto our API and have everything in one place.”
Listening to Customers and Developing Bot Detection Capabilities
Moving forward, Nathan said StackPath tries to balance a variety of factors when determining where to focus attention, whether minimizing internal pain points or seeking external opportunities.
“You’re always getting pulled in different directions, and you have to be very nimble when seeing what opportunities and threats exist and how you can respond,” he said.
In addition to the team’s extensive in-house experience and collaborations with other security vendors, StackPath gains many ideas from customers, according to Nathan.
One such product inspired by end-user feedback, he said, includes the bot protection capabilities of the web application firewall. Behavioral and reputational algorithms detect human versus non-human traffic and prevent bots from scanning or attacking common points of vulnerability.
“We have a lot of intelligence in the backend trying to figure this out,” Nathan said.
Origin Shield Consolidates Requests and Allows for Regional Routing
One of StackPath’s early products, Origin Shield, has seen similar customer-inspired evolution, Nathan said. The mid-tier caching layer sits between the company’s SecureCDN and the customer’s origin server to protect customers from request overloads.
“With Origin Shield, the origin cache only gets hit by one request, not from all of our edge servers,” he said.
Instead of going to the origin server, multiple edge requests for uncached content are sent to Origin Shield, which filters and consolidates the requests into just one origin request. Customers can choose which servers or locations to protect with Origin Shield, which relies on load balancers and automatic failovers to route edge servers to the appropriate origin cache location.
The company is in the midst of rolling out regional shielding, which enables users to specify different Origin Shield locations for separate geographic regions. For example, US-based requests can route through the company’s San Jose location, while European traffic works through an Origin Shield location in Amsterdam.
“You’d have one per region instead of one global Origin Shield location,” he said. “We’ve been working on it, adding additional features, and it remains a critical part of the services we offer.”
How StackPath Reduces Financial and Security Risks for Customers
Nathan considers StackPath’s ability to shrink the liabilities customers commonly face when securing and scaling online projects as the company’s greatest value or service.
“If they have something that blows up in size, we guarantee we’re going to serve them, no problem,” he said. “We have multiple layers of defenses against multiple types of attacks that should protect your own infrastructure. We take that risk and have built out the infrastructure to handle all that.”
As the CDN market is expected to grow from about $6 billion in 2016 to more than $23 billion by 2021, StackPath leadership expects to deliver a “significant portion” of global IP traffic, which currently consists of about 96 billion GB per month. Cisco expects traffic to increase nearly threefold over the next five years, reaching 3.3 trillion GB per month by 2021.
“It’s almost daunting to keep up with this growth,” Nathan said. “We’ve exploded in terms of network size, server counts, the number of customers, and the number of things we’re doing. It’s been a wild, wild ride.”