Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, Yeshim Deniz, Pat Romanski, Nitin Donde

Related Topics: @CloudExpo

@CloudExpo: Blog Feed Post

Crowdsourcing Web Traffic Control: SaaS Startup CloudFlare

The two year old Cloudflare is already rumored to be valued in excess of $1B

Like most small website owners, I have a very limited view of what really goes on under the covers at Chaotic Flow. I know my own source code and I have Google Analytics and basic Web logs, but without a fleet of operations and security IT staff, I really have no clue who is coming to my website beyond the browser types, IP addresses and keywords they use. I routinely have to battle comment spam and I’ve definitely fended off a couple of real attempts to hack my site. It’s amazing when you consider just how small a part of the Internet Chaotic Flow represents, yet the bad guys have sufficient time and processing power to spend it on little old me. Pretty scary.

Since email spam and desktop virus protection are proven, large markets, you’d think that by now someone would have cracked the nut of protecting websites. There are security options out there, particularly if you are a large site and can afford them. Most provide a combination of site scanning for detection with locally installed security software and hardware for prevention, but to my knowledge no one really provides attack detection and prevention for the Web with the kind of SaaS simplicity and effectiveness of email and desktop equivalents. Until CloudFlare.

CloudFlare is a creative and rapidly growing SaaS startup that wants to eliminate website spam the way Postini did for email, only more, a lot more. So much more that the two year old Cloudflare is already rumored to be valued in excess of $1B. I recently sat down with Matthew Prince, CEO of CloudFlare, to talk about what makes CloudFlare unique. He had no shortage of answers.

This is the first article in a new “Cloud Disrupters” interview-based series that will highlight recently launched SaaS companies and products that have the potential to be real game changers. In keeping with the long standing Chaotic Flow theme, the purpose of this series is not news and friendly buzz, but an exploration of the Internet strategies and technologies that make these companies unique and disruptive. And, maybe a little unsolicited advice.

CloudFlare’s Secret Sauce

The simple, game-changing element of CloudFlare is its approach to the website protection problem at the network transaction level, rather than the Web application level. CloudFlare asks nothing more than that you redirect all your Web traffic through CloudFlare, and CloudFlare will make sure only the good guys get through to your website. Technically, it’s completely analogous to Postini, except as opposed to swapping out MX records, you change your DNS settings.

cloudflare network

 

Cloudflare attacks the website security problem at the network layer,

making sure only the good guys get through to your website.
However, access to all website traffic
opens up myriad business opportunities beyond security.

This approach has the double whammy of being incredibly simple for customers to adopt, while empowering CloudFlare with the maximum amount of community knowledge, business opportunity and network effects to become a truly valuable service and formidable competitive force on the Internet. More on this later.

Community Leverage Lies at the Heart of The CloudFlare Strategy

Growing out of Project Honeypot, an open community-driven experiment to identify and quash website spam, CloudFlare has been community-centric since day one, and the company has reaped the benefits. Prince has a great story about how CloudFlare’s first pre-funding servers were donated by its community. The real competitive advantage of the CloudFlare community is the pooled knowledge of all that web traffic. In Princes own words below.

“Traditionally security is a very siloed market…and if you try to get Yahoo to share security information they won’t for lots and lots of reasons..it’s very isolated….From the beginning the [CloudFlare] idea was how do you create a community that gets stronger as it gets bigger…as data flows through our network, knowledge about that traffic is captured and we can then provide a better and better and better service for everyone.”

Unlike a lot of Internet companies where network effects are fuzzy at best, the network effect at CloudFlare is unusually tangible. CloudFlare’s freemium customers may not pay in cash, but they do pay in knowledge. Knowledge that according to Prince outweighs their costs, alleviating one of the biggest roadblocks to freemium success.

CloudFlare Adoption Costs, Velocity and Scale

I don’t think I’ve ever seen a better demonstration of the inverse relationship between organic growth velocity and adoption costs than CloudFlare. In the ideal CloudFlare world, 100% of Internet traffic will some day flow through its network. “We’re rebuilding the Web,” says Prince. Are you listening Google? While that vision may be a tad bit aggressive, after only 15 months in production, 450 million users pass through CloudFlare’s network every day and their website adoption rate is in the thousands per day (I am not quoting a specific number as it is increasing faster than I can write).

Had CloudFlare taken a less bold approach than the one-click traffic redirection to their “Web proxy cloud,” then its entire business model would fall apart like a house of cards. Too much complexity would produce lower adoption volume, inexorably leading to higher prices and weak network effects. While CloudFlare has zero salespeople and has done only very limited launch marketing like participating in the TechCrunch 50, it’s adoption rate is still through the roof.

C’mon CloudFlare, Show Me the Money

Unlike virtually every other B2B SaaS CEO I’ve met, Matthew Prince is not worried about money. He’s worried about scale. In a fashion more common to B2C startups, the reasoning goes that if CloudFlare reaches it’s natural scale, monetization will not be difficult. Strangely enough, I agree. The reason I agree is that by attacking the website security problem at the network layer, CloudFlare is essentially nominating itself as Web Traffic Control for the Internet. While the original premise might have been to filter the baddies out of incoming traffic, the result is that the CloudFlare cloud has access to ALL traffic, good, bad and otherwise, coming AND going. Generically, CloudFlare is a value-added channel that can augment, cleanse, filter or expedite any website interaction and is only limited in what it can accomplish in the tight window of opportunity between request and response.

In the short time since it’s launch, Cloudflare has gone beyond security to offer itself as a CDN that can speed up your content delivery, a content optimization tool to speed page loads, a website analytics dashboard that goes beyond Google Analystics to give deeper insight into your traffic, and an app marketplace with one-click features that can be easily added to your site. “Security is just a feature. CDN is a feature. Apps are a feature.”, according to Prince, “but they don’t fully describe the product.” Prince recognizes that CloudFlare faces a cloud category branding challenge. For now he’s thinking of what they do as network “operations-as-a-service,” something that only the big guys like Google, Amazon, and Facebook can afford to do for themselves and have whole sections of the org chart dedicated to it. Everyone else can only get that scale through a SaaS community such as CloudFlare.

CloudFlare Competitive Threats

Thus far it may sound like I’m on the CloudFlare payroll, but I’m not. I do think CloudFlare is attempting something very disruptive, interesting and ambitious. Which means I also expect the space will heat up fast. Here are some gotcha’s that I think could trip CloudFlare up along the way if they are not cautious.

  • Do No Harm
    Tampering with Internet packets is risky business. There is at least as much opportunity to screw things up as there is to improve them. Conventional website security products strive to eliminate every significant threat. It will get complicated and with more complexity will come more opportunity to break stuff, especially since CloudFlare is also overlaying all those other value added services. Given it’s super low adoption costs and gigantic target market (pretty much every website), I’d suggest that it’s more important to not break stuff than it is to fix stuff. So what if CloudFlare doesn’t do everything, as long as it does enough to make you push the button to enable it for free, and then upgrade to a couple of paid services, then it’s done enough. Alternatively, accidentally bringing down your site or cutting off your ad revenue in the interest of security will not play well with most Web publishers.
  • Get Sticky Fast
    While CloudFlare has a decent lead on the competition, particularly from the Project Honeypot connection, there are some established players with big pockets that might want part of this action. It only takes a second to adopt CloudFlare. By the same token it will only take a second to switch to a competitor. Services that are difficult to duplicate, but more importantly that increase in value the more they are used like site analytics should get priority on the CloudFlare product roadmap.
  • Make the Intagible Tangible
    After you enable CloudFlare, you’ll find that you are hard pressed to tell if it is making a significant improvement, particularly if you are a small site with limited traffic and analytics as a baseline for comparison. Much of what CloudFlare offers happens behind the scenes and on the security side, you’re counting negatives, i.e., I didn’t get attacked again this week. Making what CloudFlare does tangible to customers is an important marketing challenge. The analytics package is essential to this, but I also think more investment in the CloudFlare community, empowering CloudFlare customers to share their success stories and detailed technical knowledge of CloudFlare optimization and troubleshooting would go a long way here.
  •  

  • No FailFlare
    Let’s face it, when Twitter goes down (and it still does occasionally), no one really gets hurt all that much. Maybe a few advertisers and Twitter ecosystem apps. Not like it brings down your website, your business and your cash flow with it. More than anything, CloudFlare has to work. If the startup achieves anything near its ambitions, I give it one, two, maybe three real outages and then it’s all over. CloudFlare is built on the premise of high value at a low cost, but the price you pay is not the true cost, especially if you are paying nothing. It’s the risk. Downtime risk is the hidden adoption cost of CloudFlare and just like the more visible adoption costs, Cloudflare needs to reduce it to zero.

Best of luck to CloudFlare, Matthew and the rest of the team!

Read the original blog entry...

More Stories By Joel York

Joel York is an Internet software executive and popular SaaS / Cloud blogger at Chaotic Flow and Cloud Ave. He is well known for his work in SaaS / cloud business models, sales and marketing strategy, and financial metrics. Professionally, he has managed global sales and marketing organizations serving over 50 countries, including local offices in the United States, United Kingdom, Germany, and India. He holds degrees in physics from Caltech and Cornell and received his MBA from the University of Chicago. Joel York is currently VP Marketing at Meltwater Group and Principal at the Internet startup consulting firm affinitos.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - we've lost control, we've given up cost to a certain extent, and then security, flexibility," explained Steve Conner, VP of Sales at Cloudistics,in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DX World Expo has organized these issues along 10 tracks with more than 150 of the world's top speakers coming to Istanbul to help change the world."
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, discussed the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.