IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Gillies 2
#
Firewalls
#
DevOps
#
SIEM

Finally, the maturity of API configuration is realised

Mon, 11th Aug 2025
By Stephen Gillies, APAC Technology Evangelist, Fastly

A confluence of factors is helping organisations achieve a long-held ambition to run everything behind-the-scenes as code.

A big part of assuring exceptional user experiences for websites and applications today is being able to make changes in response to traffic, performance or threat-related patterns and observations.

The goal is threefold: to be able to troubleshoot effectively, optimise performance proactively, and reduce downtime.

But organisations are often constrained in their ability to effect the changes in their application estates or across their website portfolios as quickly and efficiently as they'd like.

Teams may still be required to script configuration changes themselves, and the deployment of these changes may or may not involve the use of some degree of automation. Where automation does exist, it may not have traditionally been fully trusted to execute or switched on to its fullest extent. Additionally, its existence may not preclude an engineer from still having to log into a console to perform a final action or to do something that is not supported programmatically.

But this is changing - and as the capability of the automation changes, so does its use.

Programmematic approaches to overseeing web-based environments have evolved and matured significantly in recent times. 

With the combined power of an advanced edge cloud platform and third-party automation tools like Terraform, I'd argue we're at the point where an organisation can safely go all-in on 'everything-as-code', without missing out on capability or skipping a beat. 

By this, I mean it's possible - and the technology is reliable enough - for an organisation to contemplate automating all of its configuration activity across security, infrastructure, delivery and visibility functions and domains.

This promises to change the relationship between developers, DevOps teams and their websites and applications - freeing people from configuration work, so they can focus on the more interesting and innovative things that propel the organisation and its web-based interests forward.

The case for being able to effect real-time configuration changes

The ability to make real-time configuration changes in an automated fashion, using code-based actions, is intended to empower developers and DevOps teams to instantly deploy updates across the network, removing traditional delays while delivering fast, reliable user experiences. 

This enables teams to respond to traffic spikes swiftly, roll out new features, and keep security protocols current, meeting the demanding expectations of today's consumers for seamless web performance. In response, they can allow custom logic to run directly and programmatically at the edge to reduce latency and provide localised, dynamic user experiences. 

The advanced edge cloud platform plays a crucial role in this regard. With comprehensive API and tooling integration, advanced edge cloud platforms empower automation, seamless CI/CD pipeline integration, and faster deployment cycles, significantly boosting operational efficiency. Features like instant global scalability and efficient caching ensure resources can dynamically adjust to sudden traffic spikes while optimising origin server loads, enabling businesses to maintain performance during high-demand periods. This comes under what might be classed as an infrastructure- or delivery-as-code capability.

Beyond this, end-to-end visibility into traffic, performance, and threats also equips DevOps teams with the insights to troubleshoot effectively, optimise performance proactively, and reduce downtime. It is worth dealing with these security and visibility aspects in a bit more detail.

Security- or detection-as-code

Detection-as-code is a modern approach to security that treats detection logic, like web application firewall (WAF) rules or SIEM (Security Information and Event Management) alerts, as code. Instead of managing rules manually in a UI, detection engineers utilise tools such as Git, CI/CD pipelines, and automated testing to write, validate, and deploy rules.

The security related benefits of an 'as-code' approach are numerous. They include broader implementation and coverage of security controls; a reduction in the amount of time needed to deploy controls across web-based and web-facing assets and properties; reduction and removal of manual effort; and the ability to quickly test the efficacy of new configurations and controls.

For context, doing all of this would typically require some trade-offs. Even large enterprises today can be selective with the assets they protect. They may be less inclined to protect a marketing website compared to a more critical cloud-hosted, customer-facing application, for example, because the cost of configuring and reconfiguring the web application firewall is deemed disproportionate to the value of doing so.

The reason for this is that when a website or application is deployed into the public cloud, putting a WAF in front of it and configuring and testing it often requires manual effort. Typically, a new WAF instance is created, different controls and policies that are relevant for the parts of the site or application are selected, and a series of tests are run to see if the implemented rules break any functionality - all of which takes time. 

But automation does exist to perform this activity at scale. Embracing it is important because the reduction in effort should allow for greater coverage and tailoring of detection logic to the environment, and to an organisation's specific use cases and applications.

Given the ever-evolving security landscape, there's an argument that organisations should be protecting everything. Security-as-code can reduce the amount of time it takes to put controls in front of everything internet-facing, by reducing the amount of time and effort on a per-site or per-application basis to get security in place.

Visibility and observability using an as-code approach 

Visibility and observability can also benefit from an as-code approach. Real-time analytics provide a detailed view of network performance and user behaviour, enabling intelligent decision-making and fostering customer trust and loyalty. 

The intent is to simplify both visibility into the new site or application creation process, ensuring that configuration rules are applied as and when they are required; and then to be able to monitor these rules post-launch. 

This goes to understanding what logs are saying, and even more importantly, setting up alerts for when things go wrong. When there is a huge, unexpected spike in traffic, knowing who to notify internally, which SIEM to send the logs to, and how to set up the SIEM with different thresholds to trigger certain actions is important to ensure the right response is automatically enacted.

In conclusion, going all-in on 'everything-as-code' is not only feasible but increasingly necessary for organisations whose operational needs are defined by the web. Advanced edge cloud platforms are critical tools for driving innovation, operational excellence, and superior user experiences in this space.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Prezzee names Edwin Ter Wijlen Chief AI Officer for global growth
New Relic named leader in Gartner's 2025 Magic Quadrant for DEM
Exclusive: Granicus' Alex Gelbak on 'making the invisible visible'
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap
Financial firms struggle to fully scale AI amid data silos & security

Top stories

Kate Driver rejoins DLA Piper to boost Auckland funds practice
CNCF launches new certification for cloud native engineers
CNCF brings AI discipline to Kubernetes deployments
McKinsey report shows AI interest but slow scaling
Enterprises to focus AI spend on cost savings & data control