Why Matthew Prince thinks AWS is Cloudflare's biggest security rival

Cloudflare versus Palo Alto Networks may be the matchup to watch in the short-term. But “if you fast-forward 10 years from now, I'm not sure that there are stand-alone security players,” Prince said in an interview with Protocol.

A photo of Matthew Prince in a blazer

"At some level, all security is just data analysis. And whoever has the most data … is able to most quickly spot the trends, most quickly spot threats, most quickly stay ahead of it," Cloudflare CEO Matthew Prince told Protocol.

Photo: Cloudflare

As Cloudflare seeks to become a leading vendor in the fast-growing zero-trust security market, it's increasingly going head-to-head with major industry players such as Palo Alto Networks and Zscaler.

“But really, who we think we're competing with over the long-term is AWS,” Cloudflare co-founder and CEO Matthew Prince told Protocol in a recent interview, given the way that both companies are evolving to offer a wide range of services that businesses need to operate — security services among them. The ability to procure a wide range of cloud-based services from a single vendor will be more and more crucial to customers going forward, he predicted.

Prince also discussed what he sees as Cloudflare's advantages as it looks to expand from its roots in application security and into zero trust, which has become a top priority for many enterprises looking to provide secure application access to their distributed workforce. Cloudflare told Protocol that more than 15% of its paying customer base — or, more than 23,000 customers — have now adopted at least one of its zero-trust services.

This interview has been edited and condensed for clarity.

Cloudflare is known for frequently sharing some of the earliest details about major cyber incidents. How are you able to beat out the many other organizations who are also tracking this sort of thing?

At some level, all security is just data analysis. And whoever has the most data — from the most different sources — is able to most quickly spot the trends, most quickly spot threats, most quickly stay ahead of it. And so I don't think it's a surprise that when we were doing an analysis on Log4j, the earliest indications of the [vulnerability] being exploited were picked up by us. We were ahead of everyone else. Same thing was true when the Atlassian [Confluence] exploit from [early June] went around — we found the earliest instances of when it was exploited. And that's because we've got such a broad base. It's north of 20% of all of the web that sits behind us. That gives us just an unparalleled view.

In terms of your security services, what are the areas where Cloudflare wants to compete? Are there areas you don’t plan to get into?

[For securing customers today] there's a big component around identity, and we don't play in that space. There are a bunch of [companies] that do identity well, and we partner with all of them. There's a role for endpoint security and antivirus, and we don't play in that space either. But we partner with almost everyone in it.

Then between those two things, there's a role for network security. We want to play in every part of that space. That means, we want to be a forward proxy and a reverse proxy. We are actually the largest forward proxy in the world today, based on traffic. We're able to provide a huge amount of security services across that. What we want to be is the “future network” that you wish the internet had been from the beginning, when it was designed.

"At some level, all security is just data analysis."

And that means yes, providing DDoS [mitigation], providing web application firewall — but also traditional firewall services, VPN services, gateway services and access control services. And hooking those in with whomever you choose as your identity provider and whomever you choose as your endpoint security provider.

That is the direction the world is going. I think we fit the model of what Gartner calls SASE [secure access service edge] better than any other company, in terms of providing the complete set of services that they view as a complete SASE platform.

In terms of your biggest competitors in security, who would they be? Zscaler? Palo Alto Networks?

We have products that line up straight against Zscaler, Palo Alto, Imperva, Akamai. What I think is different about us is that we look further in the future, and are more ambitious, and have designed our network to be extensible and programmable.

Palo Alto will always [be] at a disadvantage to either us or Zscaler over the long-term. I think that you really do need to know how to run the network yourself, in order to get the performance and pricing that we're able to [offer]. It's very difficult to build a cloud service on top of somebody else's cloud. I think you need to run it yourself.

We have been competing with Zscaler around the edges for quite some time. I think you can be bullish on them and bullish on us. There's a lot of Cisco VPNs to replace out there, a lot of Cisco firewalls. I think that for both of us, that's the primary focus. But I think what we have really seen in the last six months is that we are getting pulled into more and more deals.

How does your recent launch of a partner program factor into your competitive efforts in zero-trust services?

I think the way we have gone to market traditionally is different than [Zscaler]. We tend to be very practitioner-led. And we tend to land with one solution and then expand that solution over time. They tend to be much more systems integrator- or partner-led, and they tend to land with a much broader initial solution upfront.

I think that the right answer is, you should be able to do both. And so, when we recently announced our channel program, of the top 20 Zscaler partners, half of them are now Cloudflare partners as well. Now you will see us in many more of those deals that come through system integrators and partners, which is a bit of a newer skill for us. What will continue to be the case is [our emphasis on] practitioner-led [deals], which has always been the bread and butter of how we've gone to market. And I think that that's something that neither Palo or Zscaler are able to match.

If things go your way — and you're able to fulfill this vision you have for your security business — how big of a player in cybersecurity do you think Cloudflare could be in the future?

If you fast-forward 10 years from now, I'm not sure that there are stand-alone security players. And so I actually think that the Zscalers and Palo Altos are more likely to get absorbed into [the platforms of] the larger cloud providers. Or they’ll replicate that functionality themselves. That's not going to happen in the short-term.

"[I]f you have enough data, and you're running it all through systems that you control, you can solve a lot of these problems very effectively."

The last company I started was in the anti-spam space. And I remember pretty clearly when Bill Gates said [in the future] "there will be no anti-spam companies.” Everyone in the space laughed at him. But he was just dead-right. What he saw, that others didn't see, was that if you have enough data, and you're running it all through systems that you control, you can solve a lot of these problems very effectively. For traditional spam, Gmail and Microsoft and others have largely solved the problem. If you try today to run your own mail server, it's really difficult. But because everything is consolidated behind a relatively small set of email providers, they have largely tackled the spam problem.

I think in 10 years, you will see more and more of what is traditionally thought of as the cybersecurity space get absorbed by cloud providers. So when we think about who we are competing with, [yes] we always compete with Zscaler and Palo Alto. But really, who we think we're competing with over the long-term is AWS. I think the companies that are able to take cybersecurity and do it well — and build out a true cloud platform themselves — will dwarf anything that we're seeing in the cybersecurity space today.

The traditional knock on cybersecurity companies is that they have a very short shelf life. I think the way that you avoid that is by truly solving the problem — and then recognizing that over time, as that problem gets solved, cybersecurity just becomes table stakes.

Why just name AWS as a major competitor? Not Microsoft, too?

I think we will compete with those companies, but we'll also cooperate with them as well. Microsoft has been a terrific partner to us and uses our network for a number of things. For instance, their VPN product, which is built into Microsoft Edge, is powered by Cloudflare's network. I actually think with Microsoft, we are much more cooperative. I think Amazon is the company that I would say we're much more competitive with.


What the fate of 9 small tokens means for the crypto industry

The SEC says nine tokens in the Coinbase insider trading case are securities, but they are similar to many other tokens that are already trading on exchanges.

While a number of pieces of crypto legislation have been introduced in Congress, the SEC’s moves in court could become precedent until any legislation is passed or broader executive actions are made.

Illustration: Christopher T. Fong/Protocol

When the SEC accused a former Coinbase employee of insider trading last month, it specifically named nine cryptocurrencies as securities, potentially opening the door to regulation for the rest of the industry.

If a judge agrees with the SEC’s argument, many other similar tokens could be deemed securities — and the companies that trade them could be forced to be regulated as securities exchanges. When Ripple was sued by the SEC last year, for example, Coinbase chose to suspend trading the token rather than risk drawing scrutiny from federal regulators. In this case, however, Coinbase says the nine tokens – seven of which trade on Coinbase — aren’t securities.

Keep Reading Show less
Tomio Geron

Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. Before that, he worked as a staff writer at Forbes, covering social media and venture capital, and also edited the Midas List of top tech investors. He has also worked at newspapers covering crime, courts, health and other topics. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.

Sponsored Content

They created Digital People. Now, they’ve made celebrities available as Digital Twins

Protocol talks to Soul Machines’ CEO about the power of AI in the metaverse

Keep Reading Show less
David Silverberg
David Silverberg is a Toronto-based freelance journalist, editor and writing coach. He writes for The Washington Post, BBC News, Business Insider, The Toronto Star, New Scientist, Fodor's, and several alumni magazines. He also writes for brands such as 23andme, Shopify and Bold Commerce. He has served as editor of B2B News Network, Canada's only B2B news magazine, and Digital Journal, a leading pioneer in citizen journalism. Find more about him at www.davidsilverberg.ca

Werner Vogels: Enterprises are more daring than you might think

The longtime chief technology officer talked with Protocol about the AWS customers that first flocked to serverless, how AI and ML are making life easier for developers and his “primitives, not frameworks” stance.

"We knew that if cloud would really be effective, development would change radically."

Photo: Amazon

When AWS unveiled Lambda in 2014, Werner Vogels thought the serverless compute service would be the domain of young, more tech-savvy businesses.

But it was enterprises that flocked to serverless first, Amazon’s longtime chief technology officer told Protocol in an interview last week.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.


Dark money is trying to kill the Inflation Reduction Act from the left

A new campaign is using social media to target voters in progressive districts to ask their representatives to vote against the Inflation Reduction Act. But it appears to be linked to GOP operatives.

United for Clean Power's campaign is a symptom of how quickly and easily social media allows interest groups to reach a targeted audience.

Photo: Anna Moneymaker/Getty Images

The social media feeds of progressive voters have been bombarded by a series of ads this past week telling them to urge their Democratic representatives to vote against the Inflation Reduction Act.

The ads aren’t from the Sunrise Movement or other progressive climate stalwarts, though. Instead, they’re being pushed by United for Clean Power, a murky dark money operation that appears to have connections with Republican operatives.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).


A game that lets you battle Arya Stark and LeBron James? OK!

Don’t know what to do this weekend? We’ve got you covered.

Image: Toho; Warner Bros. Games; Bloomberg

This week we’re jumping into an overnight, free-to-play brawler; one of the best Japanese dubs we’ve heard in a while; and a look inside a fringe subculture of anarchists.

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Latest Stories