Today, EMC closed on the acquisition of a small Ottawa-based company called Cloudlink.
Cloudlink does something simple – and does it well. They deliver a product called SecureVM that encypts (and attests to, and otherwise controls and manages) compute instances in clouds:
- They do it for Windows and Linux OS images.
- They do it in a way that is lightweight, and leverages native encryption capabilities like BitLocker.
- They do it for Azure.
- They do it for vCloud Air.
- They do it for the Federation Enterprise Hybrid clouds.
In our view, certain underlying services are critical “as-a-service” cloud offerings options in the service catalog:
- Some are critical for “platform 2” workloads (apps that depend on infrastructure resilience – aka “pets”). These are services like backup and DR – independent for cloud type/location. You can see the “tip of the iceberg” our thinking around this with the Federation Enterprise Hybrid Cloud, vCloud Air, Recoverpoint for VMs, CloudArray, the acquisition of Spanner/Maginatics and more.
- Some are critical for “platform 3” workloads (apps that have resilience built into the app fabric, and commonly have polyglot persistence/data fabrics – aka “cattle”). These are services like geo distributed object stores, varying HDFS strata, data fabric choices, and rich microservice catalogs. You can see the “tip of the iceberg” our thinking around this with Cloud Foundry, the Cloudscaling acquisition, VMware Integrated Openstack and VMware’s recent news around Google/Docker partnerships, ECS/ECS Software Object/HDFS, Isilon HDFS, DSSD HDFS, the Open Data Platform initiative and more.
- Some are critical for both classes of workloads. These are services like encryption that is independent from cloud type/location – and offers choices on where keys are held (at customer, or in cloud). The Cloudlink acquisition is about filling this important piece.
People would be fascinated (at least I think so - it fascinates me!) by the machinery behind EMC’s M&A – and this is one small, but perfect, example. I want to give you that “peek behind the curtain” and also more insight into CloudLink.
Here’s the story behind the story – read on!
Step 1: The “beginning”.
The first thing to understand is that these stories “pop to the surface” (whether they are big or small) with the public disclosure of the acquisition. That’s just one chapter in the story. Sure, it’s a very important “new chapter” – but the story starts much much earlier.
EMC Ventures is a quiet, but material venture capital entity – not the nearly size of the VC monsters (think Kliener Perkins) – but we are surprisingly material considering how “invisible” this is. The degree of “invisibility” is intentional. We commonly (and I’m sure this is true of varying degrees of all large-cap hi-tech firms – Intel does this model a lot also) invest early and quietly in a large number of startups. I can vouch for this process (and the volume + quality) – this is happening ALL THE TIME.
This is rooted in a fundamental EMC philosophy: while we MUST innovate organically (and do to the tune of ~12% of our revenues), we cannot out-innovate all the startups, all the PhDs, all the people in garages – so that’s another ~$2B per annum. Furthermore – the nature of business is that in-organic innovation is the primary mechanism for “step-wise” or “unexpected” innovation – and organic innovation is the primary mechanism for “incremental” (but just as awesome) innovation.
FWIW – I think the “embrace all forms of innovation” is an important thing for senior leaders in any high tech company to internalize. It just is a fact – like gravity.
Now, there are multiple ways to do in-organic innovation – this VC approach isn’t the only way. Another well known example is the serial MPLS spin-out/spin-in Cisco mechanism that resulted in Catalyst (via Crescendo), Andiamo (MDS), Nuovo Systems (UCS), and Insieme (ACI/N9K).
Conversely, when you see companies that don’t get the intrinsic need and rhythm of in-organic innovation, their acquisitions aren’t thought through or are reactive, their spin-out/ins don’t end right. You can think of your own examples – they are easy to think of.
To give you another idea – the DSSD story “surfaced” last year in May at acquisition – but the story started 3 years earlier in 2011, when we were noodling about what NAND could REALLY do when coupled with new data fabric models… and saw a great idea and a great team, so got in. The “thinking windows” are that long.
Step 2: Innovation.
Often (but not always from us) with support in the form of a seed or A round investment – the startup then goes on to do it’s thing, which is to innovate and iterate.
In Cloudlink’s case (like many startups) the foundational idea (of making security and encryption a “infrastructure service”) navigated a non-linear path. Many (most?) startups involve numerous twists, turns and reboots.
Cloudlink started under a different name (“Afore”), and focused on making a storage VSA (“SecureVSA”) that presented an encrypted datastore for VMs.
This is actually were our paths crossed first at some customers, and a great EMC SE (Brian Lewis, you rock!) brought them to our attention.
Over their life, they expanded into securing NAS (“SecureFile”) – an area where EMC partners a ton with others (like Vormetric for large scale NAS)
NOTE: It’s worth calling out that even with the CloudLink acquisition – EMC will continue to partner deeply with Vormetric, and others like Hytrust for Vblock authentication and hardening and also with parts of vCloud Air) and will continue to partner in that open way.
Their next twist and turn was to focus on cloud security management – leveraging native image encryption, and then also linking it with the public cloud models (starting with Azure, and expanding out to others like vCloud Air).
As always – a demo is worth 1000 words. Here’s a little demo of what SecureVM does:
This is where CloudLink found a new gear. As I noted, it’s not uncommon for startups to have these twists/turns. In fact, adapting quickly to what works and what doesn’t (and not being wedded to given go-to-market) is one of the things that makes them such a powerful mechanism for innovation (and SO hard to do within big companies – which have to think of installed bases, global support, revenues, and more)
It’s also where their name needed to change – better reflecting what they do - “linking Clouds” from a security standpoint, hence “Cloudlink”.
Step 3: The “voice of the customer”.
One of the main drivers in EMC’s M&A strategy is the “voice of the customer”. People often asked “how did EMC know to acquire VMware?” Answer – lots of strategic reasons + an even more powerful reason: every single customer was telling us how awesome they were (and that was just during the VMware Workstation/GSX days) :-)
There’s a panel (one of the most fun and interesting internal meetings that I get to sit in) that meets every 2 weeks to evaluate Step 1 opportunities (“should we make an early investment here?”), and also Step 4 (“should we make a move?”) options we could take (more on step 4 later). It’s fascinating to see how this works.
Several years after Brian Lewis’ first introduction, CloudLink was showing up in small scale, but still a surprising amount of cases, and became part of our “EMC Select” program – a vehicle where we partner with many tech that we see frequently as “adjacent”. More importantly, as more and more customers were deploying Hybrid Cloud models encryption was a showing up as a requirement.
Of course, we do rich storage-level encryption across almost the whole EMC portfolio (in both storage arrays and SDS models). The few exceptions where we currently don’t do this natively (ECS Object and HDFS doesn’t encrypt yet – but will soon have rich bucket-based encryption, and ScaleIO does only a lightweight encryption that is basic obfuscation – but will do more in the future as well) are getting filled.
For a while we kept pushing off any “other way to do this” – and aiming to answer all customer requirements with workload independent storage-level encryption.
But the voice of the customer was that that “array/storage stack based encryption” was good (in many cases a requirement!), but not sufficient.
Above and beyond low-level encryption, they wanted encryption to be:
- “Cloud independent”: in other words, “stick with the compute instance” as it ran on premise, in vCloud Air, in Azure – and so on.
- “An infrastructure policy”: in other words, like backup, active-active behavior, and DR are a selectable policy in the Federation Enterprise Hybrid Cloud, that you can select for a given workload or set of workloads that you have an encryption policy.
- “Enforced and attestable”: in other words, they want to stop VMs from being able to execute if the policy isn’t enforced, and also want to be able to report on policy – in otherwords, central management.
When you listen to the voice of the customer – you cannot ignore this sort of feedback.
CloudLink started to be built into the Federation Enterprise Hybrid Cloud in one customer case after another. And when this starts to happen enough – the “voice of the customer” is clear, and it’s time for Step 4: “the move”.
What’s next? CloudLink will be loosely integrated with the next major EHC release, and then tightly integrated in the version afterwards. Our plan is to make Encryption a “feature” – so not try to extract material “license fees”, and make things really, really simple… How simple? Like this simple – it’s just included. For what % of the VMs? Whatever.
Note: it’s interesting (people shouldn’t read into this too much based on the CloudLink story!) but there’s a little pile of things that have this same “show up frequently” behavior as people deploy the Federation Enterprise Hybrid cloud stack:
- Configuration/image automation and management – while the vRealize Suite does a ton of automation at this layer, there is invariably a lot of interest in deep Puppet/Chef/Ansible integration – and we have loads of customer deployments going on with Puppet in particular.
- Overhaul in IT Service Management – the coincidence with a customer doing an IaaS transformation and IT process transformation is well north of 60% in my experience. There’s a high degree of coincidence between ServiceNow and Enterprise Hybrid Cloud deployments. Usually this is connected to a realization that their old tools (Remedy et all) and ITSM processes are just not going to cut it.
- PaaS – nearly 80%+ coincidence in my experience with a desire for a Hybrid PaaS along with hybrid IaaS. Cloud Foundry really seems to be taking the world by storm. I hear very little anymore about the alternate PaaS stacks, but that could be very well my sample bias.
- … and most recently, early pickup in CI/CD tools and process transformation. Its interesting to always learn more about a new ecosystem. It’s analagous to the the configuration/image automation space where vRealize does a lot, yet customers want rich integration with the ecosystem (my first bullet in this list). When it comes to CI/CD Cloud Foundry has Cloudbees (Jenkins) integration which is awesome, but often not enough – and partners like XebiaLabs have really interesting stuff.
Step 4: “The move”.
Eventually you get to the point where it’s time to do something. It can be triggered by factors in the startup, it can be triggered by the voice of the customer, it can be triggered by movement from the industry (and early stage investment gives great insight to what’s going on across huge swaths of the industry). Often – it’s a combination of these factors.
With CloudLink the timing was clear. So – we made the move, and they are now part of the larger EMC family – bringing their own IP, human capital, and culture.
Welcome to the CloudLink team!
The last thing I’ll note here is something else that is a strange “EMC Strength”. As a serial acquirer (and this has good and bad – but I think the good outweighs the bad by a long shot), you HAVE to get good at the acquisition process. We aren’t perfect (by any means!) but we are pretty good at this.
I went up to meet with the team on the 8th to lay out the plan and strategy and the huge role they can play now in a bigger game. I was joined by parts of the M&A team and it was funny (and awesome) to walk through it. The small things REALLY matter. Q: “will we move offices?”; A: “nope, your offices seem great, but hey, you can now hang out at any of the EMC offices, including our downtown Ottawa office” (one dude loved that because it meant he didn’t need to keep commuting). Q: “what about IT stuff” (the dreaded “are we going to be assimilated like the Borg into the corporate collective?”") ; A: “you will get VDI instances right away, and over time, we’ll give you the choice of our standards, or keep using what you have”.
The HR team was all over things like payroll, benefits – and little things like “cashflow bonus” to blend over their payroll period into ours.
Likewise after the DSSD acquisition, one interesting thing was that because of our “hands off” nature (critical in the early days) – it had second-order positive impact on other bay area investments and acquisitions because people know that EMC investment won’t twist them from their dreams and pursuits.
Over time – inevitably as things move into massive scale (think Isilon, Data Domain) you then move into another phase where a tighter integration makes sense, but the biggest mistake is to jump the gun and do this before it’s right for the customer, right for the pace of innovation, and right for the people at the heart of the matter.
So there you have it – the story behind the story.
Beyond a great addition to the Enterprise Hybrid Cloud for our customers (Simple: “Encryption as a service – it’s built in, and it’s included”) - It’s a peak into the interesting dynamics of how we do in-organic innovation.
Something to consider for my EMC brothers and sisters, our partners and our customers!
And – one more time – welcome CloudLink team! You’re joining something chaotic, crazy – and fun and awesome!
As always – comments and input always welcome!