Thousands of websites undergo security attacks everyday, and withstanding the onslaught can be practically impossible for those without the resources of companies like Google, and even then there’s no guarantee of complete security. Just imagine how much more difficult it is for a small ecommerce site to protect itself from online attacks when it’s being bombarded hundreds of times per second, and then imagine it happening to thousands of sites all over the world.
Making the Internet safer for the average website is no easy task, but that’s exactly what CloudFlare has been doing for years. We sat down with co-founder Matthew Prince to talk about web security, the cloud, and what CloudFlare does to try and make the web a safer place.
LOCATION: Mountain View, CA
The idea was that anyone with a website could install a really simple piece of software and then contribute that to the data set of how bad guys were operating online, and the system would keep learning from everyone who had installed the software over time. Over the course of the next five years, Project Honeypot grew until there were of tens of thousands of sites across hundreds of countries around the world that had installed it.
At this time, I had taken a sabbatical from Unspam, to go to business school; and I was telling one of my business classmates, Michelle Zatlyn, about the open source project that we created and how it had grown like crazy. She said, “Wow, that’s a really interesting thing you’ve started, and it sounds like it’s a real service, but you could go beyond tracking how bad guys were targeting various sites online and also help protect those websites from attacks.” And that was the moment that CloudFlare was born.
In 2009, we started working on the business; and at first, we thought maybe we’ll build software that people can install, or build a piece of hardware that people can put in their data centers to protect them and then feed data into it. What we realized early on was that that wasn’t the best way to reach the largest number of people. Instead, what we wanted to do was actually build the intelligence systems for security right into the network itself, so that a website that wanted to be protected could just sign up to be behind our network. Once they did that they would be protected from a very wide range of threats.
The real surprise was we had built a network which was so efficient and so good at stopping threats and so good routing legitimate traffic back to a company’s actual origin website that pretty quickly it became clear that we were not only providing a service that helps stop attacks and provide security, but we were also providing a service that was making websites significantly faster. At that point, we realized what CloudFlare wasn’t just a security service–it was like the operations team that every website wishes they had.
What we found is that there’s this huge need in the market for that kind of intelligence around both performance and security and other operations challenges, such as staying reliable, making sure your site is available on things like IPv6, making sure your site is going to be available all around the world and is fast all around the world. All of those things are the needs that CloudFlare addresses, and as a result of satisfying those needs, we’ve had hundreds of thousands of websites sign up to be a part of our network.
I think the biggest challenge has been just scaling to keep up with the demand. We sign up another two thousand customers a day or so, and every one of those customers brings with them more requests and demands for bandwidth across our network. So the challenge has been how to stay ahead of that demand, keep growing, and how do you make it so that you can have the operational efficiency to be able to keep up with that?
Over the 23 months since we launched, we’ve added a new data center every month, and today we have 23 data centers scattered around the world. We want to be able to deploy those data centers efficiently while still having a fast moving and smart team. To give you some sense, CloudFlare, now, sees more traffic through our network than Amazon, Wikipedia, Twitter, Zynga, AOL, Bing, Apple, E-Bay, Instagram, and PayPal combined. It’s just a vast amount of traffic passing through our network. In two years, we’ve gone from essentially no traffic to this size, which has had its own such challenges.
I would say that the fact that there’s no one providing a service that you can sign up for like this sets us apart. It literally takes five minutes for anyone with a website to have the operational resources of a company like Google, and we provide it at a very affordable price. The fact that we’re doing that and the fact that there’s no one else that is doing that is what counts for our meteoric rise. We’ve built a product that solves a real need in the market, and that’s why we’ve been able to grow and had the demand that we’ve had.
We’re happy for anyone who has a website to sign up; we have everything from small individual blogs to Fortune 500 companies. There are even a number national governments that use CloudFlare service, including the US Government. While in most cases people have tried to find a particular target market and then built a sales team to sell to that market, we still don’t have any salespeople because CloudFlare has built a service that’s so efficient and easy for anyone to sign up for.
If you have an existing security solution and you add CloudFlare, we don’t ask you to tear out your old security solution. What we do is we add like a layer of security in front of that, almost like a moat around your castle that is additive to whatever it is. What people have found is that if they have an existing security solution, and then they add CloudFlare, all of a sudden it’s like it has a new lease on life because we filter out a lot of the bad traffic before it even gets to your network. Our goal is nothing short of powering a better Internet and rebuilding the web in such a way that we add an intelligence layer that will ensure that everyone can be safe and everyone can be fast anywhere in the world.
Another thing which is important is that CloudFlare’s designed so that it gets smarter with every new site that signs up for the service. So if one particular site on our network gets attacked, then the information about that attack is immediately shared with all of the other sites on our service. We’ve tried to make it so that CloudFlare is attractive to any size site at any price that someone is willing to pay, because you never know when that one site is going to generate a piece of data on a bad visitor, which then helps us protect other sites. We have a free plan, which a lot of customers use, all the way up to customers who pay us tens of thousands of dollars a month. You get different features depending on what level of service you sign up for, but we’ve tried to make it so that there’s never a technical or financial reason why someone would not sign up for this service.
I think there’s some challenges that people face that are just hard to grapple with on your own. For example, we saw one of our customers had a 65 gigabit per second denial of service attack launched at them, which means that the attacker generated the equivalent data of watching 3400 high definition television streams, and they pointed it all at one of our customer’s website. For any one business to be able to sustain that type of an attack just is impractical.
What we’re able to do, because we have this globally distributed architecture, is essentially distribute that attack across all of those data centers so that no one data center is bearing the brunt of the attack–we mitigate it and stop it before it ever hits our actual customer site. So when we saw that 65 gig attack, which would have knocked almost any business online offline, it didn’t even affect our systems because our systems just absorbed the attack. We were able to stop traffic from it and then never pass any of that traffic back to the customer’s site. So the case of security, there are things which you can do through a cloud service like CloudFlare that just aren’t possible with hardware or software running inside an individual data center.
I think that there’s a lot about the web today that’s broken. The fact that some attacker can knock a site offline would give me a lot of pause if I were an ecommerce company building a site that I was going to rely on. The fact that it isn’t easy to make sure your site is reliable from everywhere in the world, the fact that it’s hard to ensure that the site is extremely fast around the world, is still a real challenge. CloudFlare is positioned in a way to help solve some of those challenges, and so our team comes to work every day feeling like our mission is something more than just running a business. We actually think that we’re rewriting the underlying way that the web works in a way that is much more modern and makes sense going forward.
If you think about it, the web was born 23 years ago, and we’ve learned a lot over those 23 years. What CloudFlare’s doing is taking all that we’ve learned, taking the intelligence that we have, and then making it so that any company online–anyone with a website–can be like an Internet giant, even if they don’t have the resources of an Internet giant. We can take the best practices of companies like Google and Facebook and Yahoo and apply that so that anyone can have those same resources and the same security and speed and reliability that you would have without having to have a whole bunch of money to pay for the service or technical expertise in order to understand exactly how it works. So I think our opportunity is nothing short of building a better Internet, and that’s a pretty exciting problem to be working on.
Looking for the right cloud security software for your business? Be sure to download our free Top 10 Enterprise Cloud Backup Solutions report and compare the top cloud security vendors by pricing and key features. For more information on cloud backup, endpoint security or mobile device management, go to our IT management resource center page, where we have compiled the best product reviews and blog posts on IT software.
To learn more about CloudFlare, visit their website at www.cloudflare.com.