CloudFlare, best known for its cloud cyber-security service, is growing at a mind-boggling pace.
Over the last three years, CloudFlare has grown 450% annually, and is currently adding about 5,000 new clients a day, Matthew Prince, its programmer/lawyer-turned-founder, tells us
It is now handling the equivalent of roughly 5% of the entire web’s traffic through its servers and, just as we predicted in 2012, CloudFlare is indeed a monster company in the making.
Prince is on a mission to ‘build a better Internet.’ To do so, CloudFlare’s technology serves as what many call the “digital bouncer” for its 2 million-plus client websites. That means it fights off malicious hacker attacks.
But CloudFlare is bigger than just a cyber-security firm. It also improves a website’s performance by offering classic networking services like routing and switching (helping computers connect over the Internet), load balancing (making sure computer servers don’t get overloaded), and performance acceleration (helping websites run faster) among other things. It is essentially creating a cloud service that parallels the features of many of Cisco’s hardware products.
Prince wrote his college thesis on “Why the Internet was a fad” (which he now calls “embarrassing”) but his experience working on the Internet from its early days made him realise the “incredibly disruptive” potential of it. Now he wants to help the Internet live up to its promise – a place he calls, “where anyone, anywhere can publish information and get access to that information.”
We had a chance to catch up with Prince and ask more about his company’s explosive growth. The below interview has been edited for clarity.
Business Insider: Why is your company growing so fast?
Matthew Prince: The honest answer is we don’t entirely know. We have done almost no marketing, we have a nascent sales team, but we have a large client base from Fortune 50 financial services to national governments across the world. Just this week, we added Reddit, the 17th largest site in the U.S. If we added up all the page views of our customers’ sites, then we would have over 400 billion page views a month.
BI: What’s drawing people to your service?
MP: We made resources that were previously only used by big companies like Google available to everyone online. The initial interest in CloudFlare is for security, but that’s only for about 25% of our customers. Another 25% want to get more out of their infrastructure, and the rest of our users sign up because they want access to our analytics and other ancillary services.
BI: For those who don’t fully understand your service, what’s a good comparison?
MP: If you asked, “What company are you disrupting?” and if you made me just pick one, I think it would be Cisco. If you look at the entire Cisco line — routing and switching, load balancing, security, DDoS mitigation, performance acceleration, all of these functionalities — that’s what CloudFlare is doing. But instead of selling you a box to do that, we’re providing you a service, which is extremely easy to provision and deploy. It’s the same as Amazon Web Services taking, for example, what HP used to sell you as a box and deploying it as a cloud service.
BI: I’m still confused. So your service basically builds a cloud firewall in front of your clients’ websites and protects it from attacks?
MP: That’s actually only for security, which is a meaningful part of the business. But you first have to understand how the current Internet business is changing. There are three core tiers to any Internet infrastructure. The base at the bottom is the store and compute level. In the past, HP, Dell, EMC, IBM and thousands of different companies would sell you a box and you would store your data there. Now, we’ve got AWS and god willing someone else, but we’re not going to have thousands of different vendors anymore. It’s going to be a relatively limited number of vendors dealing with enormous amounts of data.
The next level above that is application. Once upon a time, there were really three companies that controlled most of the software application revenue in this space: SAP, Oracle, and Microsoft. Great fortunes were made for these companies. They had these bundles of applications that were used to perform a whole bunch of different functions. The enterprise would buy the Oracle suite and then use its database, CRM system, and accounting features in a single package. And it took forever to employ all of these applications, but you kind of got locked in to whatever bundle you bought.
What’s happening now is that these bundles are getting unbundled to smaller parts. So you got Salesforce, which is doing CRM, Box for collaboration, NetSuite for financial reporting, and a million others.
So instead of a really small universe of companies that control the applications, now it’s getting blown up to thousands and thousands of companies specializing in particular niche of all things.
Q: And what does that have to do with CloudFlare?
MP: On top of all of this, which I call the ‘edge,’ a whole bunch of [specialised computer] boxes used to exist. So think about what Cisco or Juniper makes, that has a firewall in it. There’s a whole bunch of companies that are making those boxes that sit on the top ‘edge.’ That’s what we’re building – but in the cloud.
We’re taking all of this functionality, and a big part of it is firewall and security, but it’s also performance and load balancing and switching and routing, doing all of that. You can take CloudFlare’s service and stick it in front of Salesforce or Workday or Box’s servers. CloudFlare can sit in front of it and do all the functionalities that you used to have with the hardware companies. We’ve built data centres all around the world that sit between users of websites and the actual services, so instead of you having to actually buy a box for this, you could just deploy our service.
BI: Tell me more about the security part. How effective is CloudFlare against hackers?
: About 1 out of every 20 web-requests pass through CloudFlare. So you probably have used our network hundreds of times in the last 24 hours, without even knowing it.
If you’re an attacker, we’re an incredibly frustrating thing because we help stop those attacks from ever hitting our clients’ infrastructure. We actually see hackers who advertise services to launch DDoS attacks on behalf of others say they will charge 20 to 30 times more or not even do it if it’s against CloudFlare.
BI: What attack or client do you remember the most?
: We work a lot with an organisation called the Committee to Protect Journalists. This is an organisation that protects journalists from being kidnapped or something, or helps those at risk when publishing controversial stories.
So the director came in to our office with three African bloggers. One was from Ethiopia, the other was from Angola, but they wouldn’t tell us the third one’s name or where he came from because death squads were hunting him down in his home country. All three of them came up to me and hugged me, saying, “We couldn’t be doing what we’re doing without you, because the government’s trying to silence us. They’re trying to shut us down and launch attacks, hack our servers. CloudFlare stands in front of it and is able to make sure we stay online.”
That’s a pretty powerful thing.
BI: What are some the trends you see in the cyber attack space?
MP: There’s definitely an uptick in the number of attacks targeting the DNS infrastructure. DNS is what takes Amazon.com or Businessinsider.com and turns it into an IP address. If you can shut that down, then it can shut down the effective ability for anyone to get to a website. And I think we’re very good at dealing with it.
There’s also a lot of creativity on how hackers use other people’s resources to help launch an attack. We’re seeing old Internet protocols, like NTP, which stands for Network Time Protocol, exploited to launch these very high-scale attacks. The attacks we see have gotten over 400 gigs/second, and those are some of the biggest attacks that we’ve seen.
BI: In 2012, rumour was some VCs were offering to invest in CloudFlare at a $US1 billion+ valuation but you accepted a $US50 million investment at a lower valuation. What can you tell us about that?
MP: We’ve actually never maximized our valuation. Our last valuation, if it wasn’t the lowest valuation, it was close to it. But we really wanted to have Brad Burnham from Union Square Ventures, because he’s just a really deep thinker on the future of the Internet and how things work. Just maximizing valuation has never really been the primary driver for us than making sure we could find the right people. It’s better to be long-term greedy than short-term greedy.
BI: What’s next? An IPO?
MP: We’re cash flow positive now. So we get to choose our own destiny and figure out what it is that we want to do next.
But if you want to see what our roadmap product line is, just kind of look at the entire Cisco catalogue. And say how could this become a service? And if we don’t have it already, then that is probably something that we are working on. We still admire Cisco, and we think they are making great hardware. But we just want to become the service version of that. We think that’s a really attractive business.
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.