Lance Crosby Comes Out of Stealth with New Developer-Centric Cloud Security Venture

Add Your Comments

Almost exactly one year after Lance Crosby, SoftLayer founder and 20-year hosting industry veteran took the stage at HostingCon Global in San Diego, he is back with a new company that answers the question on many minds in the hosting industry since he left IBM last February – just what will Crosby do next?

The answer is StackPath – a Security-as-a-Service company that launched on Monday with a significant investment from Abry Partners. According to the company’s announcement, the funding will be used for M&A, and infrastructure and services development.

“The genesis is to create a developer-centric security platform that’s going to be API-driven, and going to allow developers and DevOps to actually integrate security into their applications as they are building it,” Stackpath CEO and chairman Crosby tells the WHIR. “They can make the calls and apply the security policy themselves, and they won’t necessarily have to involve the security team anymore.”

Security that meets needs of cloud

So what does this mean? According to Crosby, StackPath will initially include “some web facing services; content delivery, DDoS protection, VPN services, and a web application firewall.” The developer-centric security platform will get smarter over time, and by the end of the year will include secure compute, storage and DNS, with plans to release new security services every month for the next several years.

The idea for StackPath came to Crosby as he observed serious flaws in cloud security – even at the level of Fortune 500 companies, who spent a fortune on security products they never deployed. Traditional security modded for cloud environments just doesn’t meet the level of scale and automation required.

“After being acquired by IBM I spent the last two years seeing the shortcomings of cloud security,” Crosby says. “We had some security products at SoftLayer but we called them bolt-on; [we] took more traditional firewalls, load balancers and things like that and converted them to cloud but there was nothing that was truly, highly scalable and automated that would work.”

“That’s where the concept came from. I saw companies like Netflix, big banks, and firms that were spinning up literally tens of thousands of virtual machines a day and there were no real security products that would follow that level of automation and scale.”

Developers drive security engine

In last year’s Gartner Magic Quadrant for managed security services, the research firm identified IBM, Dell SecureWorks, Symantec, and Verizon as leaders in the space.

Crosby says StackPath’s global threat intelligence engine across 35 points-of-presence will be available to customers who can integrate the security within their applications via APIs, differentiating it from other security companies.

“We believe we’re going to create a whole new generation of security firms who are going to use this platform to build new widgets on top that we never dreamed about,” Crosby says. “When people ask me what that’s going to be I tell them that I didn’t know in 2005 that Facebook, Tumblr, WhatsApp, and Yelp, and all the other companies that built on top of cloud were ever going to create new verticals and new industries and I think we’re going to see the same thing here.”

StackPath’s technology will not be built from scratch – the company acquired MaxCDN, Fireblade and Cloak to build out its CDN, Web Access Firewall, and VPN, respectively. The company said that its DDoS mitigation technology also includes “an impressive array of IP.”

Crosby tells us that he drew from his past relationships in the cloud space to build a team including COO and president Andrew Higginbotham, who previously led CenturyLink’s Cloud and Managed Services Business, and CFO Kim Sheehy, who prior to joining StackPath served as CFO of CyrusOne. He recruited others from his background at IBM/SoftLayer, Google, and Amazon, as well.

Crosby’s hosting past will also serve StackPath well in its initial stage where it will be targeting internet-centered companies and more traditional hosting companies. Hosting providers will be able to sell the security services offered by StackPath and white-label the platform. Eventually the platform will be available directly to developers.

“We’re flying in the face of the way security has always been implemented and handled and managed and I think a lot of the traditional firms will have a lot of resistance. We’re going to automate a lot of things that people have done historically, but that’s also what drives us,”he says.

Add Your Comments

  • (will not be published)