Why Matthew Prince thinks AWS is Cloudflare's biggest security rival

Cloudflare versus Palo Alto Networks may be the matchup to watch in the short-term. But “if you fast-forward 10 years from now, I'm not sure that there are stand-alone security players,” Prince said in an interview with Protocol.

A photo of Matthew Prince in a blazer

"At some level, all security is just data analysis. And whoever has the most data … is able to most quickly spot the trends, most quickly spot threats, most quickly stay ahead of it," Cloudflare CEO Matthew Prince told Protocol.

Photo: Cloudflare

As Cloudflare seeks to become a leading vendor in the fast-growing zero-trust security market, it's increasingly going head-to-head with major industry players such as Palo Alto Networks and Zscaler.

“But really, who we think we're competing with over the long-term is AWS,” Cloudflare co-founder and CEO Matthew Prince told Protocol in a recent interview, given the way that both companies are evolving to offer a wide range of services that businesses need to operate — security services among them. The ability to procure a wide range of cloud-based services from a single vendor will be more and more crucial to customers going forward, he predicted.

Prince also discussed what he sees as Cloudflare's advantages as it looks to expand from its roots in application security and into zero trust, which has become a top priority for many enterprises looking to provide secure application access to their distributed workforce. Cloudflare told Protocol that more than 15% of its paying customer base — or, more than 23,000 customers — have now adopted at least one of its zero-trust services.

This interview has been edited and condensed for clarity.

Cloudflare is known for frequently sharing some of the earliest details about major cyber incidents. How are you able to beat out the many other organizations who are also tracking this sort of thing?

At some level, all security is just data analysis. And whoever has the most data — from the most different sources — is able to most quickly spot the trends, most quickly spot threats, most quickly stay ahead of it. And so I don't think it's a surprise that when we were doing an analysis on Log4j, the earliest indications of the [vulnerability] being exploited were picked up by us. We were ahead of everyone else. Same thing was true when the Atlassian [Confluence] exploit from [early June] went around — we found the earliest instances of when it was exploited. And that's because we've got such a broad base. It's north of 20% of all of the web that sits behind us. That gives us just an unparalleled view.

In terms of your security services, what are the areas where Cloudflare wants to compete? Are there areas you don’t plan to get into?

[For securing customers today] there's a big component around identity, and we don't play in that space. There are a bunch of [companies] that do identity well, and we partner with all of them. There's a role for endpoint security and antivirus, and we don't play in that space either. But we partner with almost everyone in it.

Then between those two things, there's a role for network security. We want to play in every part of that space. That means, we want to be a forward proxy and a reverse proxy. We are actually the largest forward proxy in the world today, based on traffic. We're able to provide a huge amount of security services across that. What we want to be is the “future network” that you wish the internet had been from the beginning, when it was designed.

"At some level, all security is just data analysis."

And that means yes, providing DDoS [mitigation], providing web application firewall — but also traditional firewall services, VPN services, gateway services and access control services. And hooking those in with whomever you choose as your identity provider and whomever you choose as your endpoint security provider.

That is the direction the world is going. I think we fit the model of what Gartner calls SASE [secure access service edge] better than any other company, in terms of providing the complete set of services that they view as a complete SASE platform.

In terms of your biggest competitors in security, who would they be? Zscaler? Palo Alto Networks?

We have products that line up straight against Zscaler, Palo Alto, Imperva, Akamai. What I think is different about us is that we look further in the future, and are more ambitious, and have designed our network to be extensible and programmable.

Palo Alto will always [be] at a disadvantage to either us or Zscaler over the long-term. I think that you really do need to know how to run the network yourself, in order to get the performance and pricing that we're able to [offer]. It's very difficult to build a cloud service on top of somebody else's cloud. I think you need to run it yourself.

We have been competing with Zscaler around the edges for quite some time. I think you can be bullish on them and bullish on us. There's a lot of Cisco VPNs to replace out there, a lot of Cisco firewalls. I think that for both of us, that's the primary focus. But I think what we have really seen in the last six months is that we are getting pulled into more and more deals.

How does your recent launch of a partner program factor into your competitive efforts in zero-trust services?

I think the way we have gone to market traditionally is different than [Zscaler]. We tend to be very practitioner-led. And we tend to land with one solution and then expand that solution over time. They tend to be much more systems integrator- or partner-led, and they tend to land with a much broader initial solution upfront.

I think that the right answer is, you should be able to do both. And so, when we recently announced our channel program, of the top 20 Zscaler partners, half of them are now Cloudflare partners as well. Now you will see us in many more of those deals that come through system integrators and partners, which is a bit of a newer skill for us. What will continue to be the case is [our emphasis on] practitioner-led [deals], which has always been the bread and butter of how we've gone to market. And I think that that's something that neither Palo or Zscaler are able to match.

If things go your way — and you're able to fulfill this vision you have for your security business — how big of a player in cybersecurity do you think Cloudflare could be in the future?

If you fast-forward 10 years from now, I'm not sure that there are stand-alone security players. And so I actually think that the Zscalers and Palo Altos are more likely to get absorbed into [the platforms of] the larger cloud providers. Or they’ll replicate that functionality themselves. That's not going to happen in the short-term.

"[I]f you have enough data, and you're running it all through systems that you control, you can solve a lot of these problems very effectively."

The last company I started was in the anti-spam space. And I remember pretty clearly when Bill Gates said [in the future] "there will be no anti-spam companies.” Everyone in the space laughed at him. But he was just dead-right. What he saw, that others didn't see, was that if you have enough data, and you're running it all through systems that you control, you can solve a lot of these problems very effectively. For traditional spam, Gmail and Microsoft and others have largely solved the problem. If you try today to run your own mail server, it's really difficult. But because everything is consolidated behind a relatively small set of email providers, they have largely tackled the spam problem.

I think in 10 years, you will see more and more of what is traditionally thought of as the cybersecurity space get absorbed by cloud providers. So when we think about who we are competing with, [yes] we always compete with Zscaler and Palo Alto. But really, who we think we're competing with over the long-term is AWS. I think the companies that are able to take cybersecurity and do it well — and build out a true cloud platform themselves — will dwarf anything that we're seeing in the cybersecurity space today.

The traditional knock on cybersecurity companies is that they have a very short shelf life. I think the way that you avoid that is by truly solving the problem — and then recognizing that over time, as that problem gets solved, cybersecurity just becomes table stakes.

Why just name AWS as a major competitor? Not Microsoft, too?

I think we will compete with those companies, but we'll also cooperate with them as well. Microsoft has been a terrific partner to us and uses our network for a number of things. For instance, their VPN product, which is built into Microsoft Edge, is powered by Cloudflare's network. I actually think with Microsoft, we are much more cooperative. I think Amazon is the company that I would say we're much more competitive with.


Making TV social is hard. Will Plex get it right?

Plex’s new “Discover Together” feature adds a social feed to the popular streaming app.

The company is adding a social feed that lets people share and discuss their viewing activity, ratings and watch lists.

Image: Plex

Media center app maker Plex is giving its users a new way to talk to each other: The company is adding a social feed in its app that lets people share and discuss their viewing activity, ratings and watch lists with friends.

The new feature makes Plex just the latest company looking to add a social networking layer on top of its streaming platform. Doing so requires walking a fine line between appealing to people’s willingness to share and valuing their privacy, all while actually improving the core service. It’s something other services in both music and TV have struggled with before, but Plex has a few built-in advantages over some of its competitors.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

How cybercrime is going small time

Blockbuster hacks are no longer the norm – causing problems for companies trying to track down small-scale crime

Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide. That’s unsurprising: cyber events typically cost businesses around $200,000, according to cybersecurity firm the Cyentia Institute. One in 10 of those victims suffer losses of more than $20 million, with some reaching $100 million or more.

That’s big money – but there’s plenty of loot out there for cybercriminals willing to aim lower. In 2021, the Internet Crime Complaint Center (IC3) received 847,376 complaints – reports by cybercrime victims – totaling losses of $6.9 billion. Averaged out, each victim lost $8,143.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.


Move over, Silicon Valley. Engineers are quitting for climate tech.

In search of more excitement, purpose and impact, engineers and top talent from big tech companies like Apple and Google are quitting their jobs to join climate tech startups.

There’s a new kid in town luring away smart people looking for purpose and willing to take a chance on something new.

Photo: mtreasure/iStock/Getty Images Plus

When Jonathan Strauss attended the University of Pennsylvania, all the most ambitious kids in his classes wanted to be investment bankers.

Then came the Googles and Facebooks of the world, with their exciting promise of changing the world and making a meaningful impact — nap rooms and free gyms included. Wall Street suddenly found itself overshadowed by Silicon Valley as the place to be for top talent.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol covering climate. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.


BeReal wants close connections. Can it stay that way forever?

BeReal is zeroing in on close friends just as Facebook and Instagram have decided to bury them. Can it hold on to its success by keeping that vision?

Although BeReal fills a valuable niche now, it will likely need to iterate on its vision for long-term success.

GIF: Christopher T. Fong/Protocol

When Protocol wrote about BeReal in March, the photo-sharing app was just starting to enter the American mainstream. Now, the app is so popular that it's getting memed across the internet.

Here’s what it would look like if Bella Swan took a BeReal when Edward smells her in “Twilight.” Here’s a girl desperately trying to take her BeReal in the front row of a Harry Styles concert. People are even finding love on this app.

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.


How I decided to leave Alphabet and build a geothermal energy startup

Kathy Hannun had the support of Alphabet’s X innovation lab, but decided to strike out on her own when it became clear that her idea wasn’t a moon shot.

"[I]t seemed like this great opportunity where the financial interests of homeowners were very well aligned with the most environmentally friendly solution," says Hannun.

Photo: Dandelion Energy

Click banner image for more How I decided series

The tech industry has a love for moon shot ideas that are unproven but could be transformative if they work.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

Latest Stories