Matthew Prince, '00, Talks about CloudFlare in Forbes
“The only thing I have in common with Justin Timberlake is that we’ve both been ‘SWAT-ed,’ ” says CloudFlare CEO Matthew Prince. In 2012 an armed rescue team stormed his company’s downtown San Francisco office ready to defuse a hostage situation called in by a prankster. It was the first of many visits from the SWAT team and Maggie the bomb-sniffing dog. Prince is used to unwanted attention. Federal agents occasionally show up at his offices with court orders rather than guns, demanding to know who’s been sending Web traffic over CloudFlare’s servers.
All the attention is a result of what CloudFlare has built: a cheap, dependable service for bouncing malicious traffic away from its customers’ websites and apps. Instead of the traditional approach of selling firewall or intrusion-prevention hardware, which customers have to install locally, CloudFlare offers cheap (and often free) protection in the cloud. Its routers and servers are in 28 data centers around the world and reroute its customers’ visitors to the closest CloudFlare server. Traffic deemed a threat is turned away. The heavyweight in the business is Akamai, a 16-year-old content-delivery network with $1.6 billion in yearly revenue and huge customers like Facebook and Microsoft that depend on it to make their websites load faster. Like Akamai, CloudFlare speeds up websites, but from the beginning it emphasized protection against “ malicious botnets.”
CloudFlare, founded five years ago by Prince, his Harvard Business School classmate Michelle Zatlyn and engineer Lee Holloway, initially went after customers that were too small for Akamai to care about, but it has steadily worked its way up to big customers such as Nasdaq, Yelp, Zendesk, OkCupid and the federal government. CloudFlare’s rise parallels that of distributed denial of service (DDoS) attacks, which have grown in size tenfold since 2009. DDoS attackers barrage a site with data requests until it shuts down or can be hacked. The perpetrators can be pranksters, competitors playing dirty, political opposition or extortionists. The FBI is reportedly investigating DDoS-for-ransom attacks on Meetup, Evernote, Vimeo, Move and Basecamp, among others.