Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Elizabeth White, Nate Vickery, Gopala Krishna Behara

Related Topics: @CloudExpo

@CloudExpo: Blog Feed Post

Crowdsourcing Web Traffic Control: SaaS Startup CloudFlare

The two year old Cloudflare is already rumored to be valued in excess of $1B

Like most small website owners, I have a very limited view of what really goes on under the covers at Chaotic Flow. I know my own source code and I have Google Analytics and basic Web logs, but without a fleet of operations and security IT staff, I really have no clue who is coming to my website beyond the browser types, IP addresses and keywords they use. I routinely have to battle comment spam and I’ve definitely fended off a couple of real attempts to hack my site. It’s amazing when you consider just how small a part of the Internet Chaotic Flow represents, yet the bad guys have sufficient time and processing power to spend it on little old me. Pretty scary.

Since email spam and desktop virus protection are proven, large markets, you’d think that by now someone would have cracked the nut of protecting websites. There are security options out there, particularly if you are a large site and can afford them. Most provide a combination of site scanning for detection with locally installed security software and hardware for prevention, but to my knowledge no one really provides attack detection and prevention for the Web with the kind of SaaS simplicity and effectiveness of email and desktop equivalents. Until CloudFlare.

CloudFlare is a creative and rapidly growing SaaS startup that wants to eliminate website spam the way Postini did for email, only more, a lot more. So much more that the two year old Cloudflare is already rumored to be valued in excess of $1B. I recently sat down with Matthew Prince, CEO of CloudFlare, to talk about what makes CloudFlare unique. He had no shortage of answers.

This is the first article in a new “Cloud Disrupters” interview-based series that will highlight recently launched SaaS companies and products that have the potential to be real game changers. In keeping with the long standing Chaotic Flow theme, the purpose of this series is not news and friendly buzz, but an exploration of the Internet strategies and technologies that make these companies unique and disruptive. And, maybe a little unsolicited advice.

CloudFlare’s Secret Sauce

The simple, game-changing element of CloudFlare is its approach to the website protection problem at the network transaction level, rather than the Web application level. CloudFlare asks nothing more than that you redirect all your Web traffic through CloudFlare, and CloudFlare will make sure only the good guys get through to your website. Technically, it’s completely analogous to Postini, except as opposed to swapping out MX records, you change your DNS settings.

cloudflare network

 

Cloudflare attacks the website security problem at the network layer,

making sure only the good guys get through to your website.
However, access to all website traffic
opens up myriad business opportunities beyond security.

This approach has the double whammy of being incredibly simple for customers to adopt, while empowering CloudFlare with the maximum amount of community knowledge, business opportunity and network effects to become a truly valuable service and formidable competitive force on the Internet. More on this later.

Community Leverage Lies at the Heart of The CloudFlare Strategy

Growing out of Project Honeypot, an open community-driven experiment to identify and quash website spam, CloudFlare has been community-centric since day one, and the company has reaped the benefits. Prince has a great story about how CloudFlare’s first pre-funding servers were donated by its community. The real competitive advantage of the CloudFlare community is the pooled knowledge of all that web traffic. In Princes own words below.

“Traditionally security is a very siloed market…and if you try to get Yahoo to share security information they won’t for lots and lots of reasons..it’s very isolated….From the beginning the [CloudFlare] idea was how do you create a community that gets stronger as it gets bigger…as data flows through our network, knowledge about that traffic is captured and we can then provide a better and better and better service for everyone.”

Unlike a lot of Internet companies where network effects are fuzzy at best, the network effect at CloudFlare is unusually tangible. CloudFlare’s freemium customers may not pay in cash, but they do pay in knowledge. Knowledge that according to Prince outweighs their costs, alleviating one of the biggest roadblocks to freemium success.

CloudFlare Adoption Costs, Velocity and Scale

I don’t think I’ve ever seen a better demonstration of the inverse relationship between organic growth velocity and adoption costs than CloudFlare. In the ideal CloudFlare world, 100% of Internet traffic will some day flow through its network. “We’re rebuilding the Web,” says Prince. Are you listening Google? While that vision may be a tad bit aggressive, after only 15 months in production, 450 million users pass through CloudFlare’s network every day and their website adoption rate is in the thousands per day (I am not quoting a specific number as it is increasing faster than I can write).

Had CloudFlare taken a less bold approach than the one-click traffic redirection to their “Web proxy cloud,” then its entire business model would fall apart like a house of cards. Too much complexity would produce lower adoption volume, inexorably leading to higher prices and weak network effects. While CloudFlare has zero salespeople and has done only very limited launch marketing like participating in the TechCrunch 50, it’s adoption rate is still through the roof.

C’mon CloudFlare, Show Me the Money

Unlike virtually every other B2B SaaS CEO I’ve met, Matthew Prince is not worried about money. He’s worried about scale. In a fashion more common to B2C startups, the reasoning goes that if CloudFlare reaches it’s natural scale, monetization will not be difficult. Strangely enough, I agree. The reason I agree is that by attacking the website security problem at the network layer, CloudFlare is essentially nominating itself as Web Traffic Control for the Internet. While the original premise might have been to filter the baddies out of incoming traffic, the result is that the CloudFlare cloud has access to ALL traffic, good, bad and otherwise, coming AND going. Generically, CloudFlare is a value-added channel that can augment, cleanse, filter or expedite any website interaction and is only limited in what it can accomplish in the tight window of opportunity between request and response.

In the short time since it’s launch, Cloudflare has gone beyond security to offer itself as a CDN that can speed up your content delivery, a content optimization tool to speed page loads, a website analytics dashboard that goes beyond Google Analystics to give deeper insight into your traffic, and an app marketplace with one-click features that can be easily added to your site. “Security is just a feature. CDN is a feature. Apps are a feature.”, according to Prince, “but they don’t fully describe the product.” Prince recognizes that CloudFlare faces a cloud category branding challenge. For now he’s thinking of what they do as network “operations-as-a-service,” something that only the big guys like Google, Amazon, and Facebook can afford to do for themselves and have whole sections of the org chart dedicated to it. Everyone else can only get that scale through a SaaS community such as CloudFlare.

CloudFlare Competitive Threats

Thus far it may sound like I’m on the CloudFlare payroll, but I’m not. I do think CloudFlare is attempting something very disruptive, interesting and ambitious. Which means I also expect the space will heat up fast. Here are some gotcha’s that I think could trip CloudFlare up along the way if they are not cautious.

  • Do No Harm
    Tampering with Internet packets is risky business. There is at least as much opportunity to screw things up as there is to improve them. Conventional website security products strive to eliminate every significant threat. It will get complicated and with more complexity will come more opportunity to break stuff, especially since CloudFlare is also overlaying all those other value added services. Given it’s super low adoption costs and gigantic target market (pretty much every website), I’d suggest that it’s more important to not break stuff than it is to fix stuff. So what if CloudFlare doesn’t do everything, as long as it does enough to make you push the button to enable it for free, and then upgrade to a couple of paid services, then it’s done enough. Alternatively, accidentally bringing down your site or cutting off your ad revenue in the interest of security will not play well with most Web publishers.
  • Get Sticky Fast
    While CloudFlare has a decent lead on the competition, particularly from the Project Honeypot connection, there are some established players with big pockets that might want part of this action. It only takes a second to adopt CloudFlare. By the same token it will only take a second to switch to a competitor. Services that are difficult to duplicate, but more importantly that increase in value the more they are used like site analytics should get priority on the CloudFlare product roadmap.
  • Make the Intagible Tangible
    After you enable CloudFlare, you’ll find that you are hard pressed to tell if it is making a significant improvement, particularly if you are a small site with limited traffic and analytics as a baseline for comparison. Much of what CloudFlare offers happens behind the scenes and on the security side, you’re counting negatives, i.e., I didn’t get attacked again this week. Making what CloudFlare does tangible to customers is an important marketing challenge. The analytics package is essential to this, but I also think more investment in the CloudFlare community, empowering CloudFlare customers to share their success stories and detailed technical knowledge of CloudFlare optimization and troubleshooting would go a long way here.
  •  

  • No FailFlare
    Let’s face it, when Twitter goes down (and it still does occasionally), no one really gets hurt all that much. Maybe a few advertisers and Twitter ecosystem apps. Not like it brings down your website, your business and your cash flow with it. More than anything, CloudFlare has to work. If the startup achieves anything near its ambitions, I give it one, two, maybe three real outages and then it’s all over. CloudFlare is built on the premise of high value at a low cost, but the price you pay is not the true cost, especially if you are paying nothing. It’s the risk. Downtime risk is the hidden adoption cost of CloudFlare and just like the more visible adoption costs, Cloudflare needs to reduce it to zero.

Best of luck to CloudFlare, Matthew and the rest of the team!

Read the original blog entry...

More Stories By Joel York

Joel York is an Internet software executive and popular SaaS / Cloud blogger at Chaotic Flow and Cloud Ave. He is well known for his work in SaaS / cloud business models, sales and marketing strategy, and financial metrics. Professionally, he has managed global sales and marketing organizations serving over 50 countries, including local offices in the United States, United Kingdom, Germany, and India. He holds degrees in physics from Caltech and Cornell and received his MBA from the University of Chicago. Joel York is currently VP Marketing at Meltwater Group and Principal at the Internet startup consulting firm affinitos.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve f...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launching ...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...