Today at the GigaOM Structure event in San Francisco Citrix Data Center and Virtualization CTO Simon Crosby announced that he and Xen founder Ian Pratt are stepping down and starting a new company called Bromium. The company also announced that it closed a series A to the tune of $9.2 million from Andreessen Horowitz, Ignition Partners and Lightspeed Venture Partners.
We caught up with Crosby by phone today to ask a few questions about the Bromium’s plans.
Bromium is in stealth mode, but in a blog post Crosby revealed that Bromium is “fusing deep virtualization and security systems DNA to build a powerful set of tools that can offer continuous endpoint protection.” Crosby wrote that Bromium won’t compete with any existing virtual infrastructure or security vendor.
Though the name may sound more like a high-end competitor to AXE Body Spray than a technology company, Crosby told GigaOM’s Derrick Harris to think about another technology with which Bromium rhymes. Chromium is the obvious answer, suggesting that this may have something to do with Google browser, or perhaps Chromium/ChromeOS.
Note: this is a rough and somewhat edited transcript due to a poor connection quality of our phone call.
ReadWriteWeb: Why did you decide to start a new company instead of pursuing these projects at Citrix?
Simon Crosby: This is very much in the domain of systems security, so it’s not part of the core DNA of Citrix. It’s a different domain from Citrix, though it’s still related to virtualization. We talked to Citrix about it and we all agreed that we needed to have a passionate team focused on that particular business problem.
It sounds like you think that trust and perception are actually bigger problems than the actual security of the public cloud, is that correct?
Trust is a multifaceted and subjective measure. I think people’s mistrust in the public cloud is largely misplaced. This comes largely from a perception of cloud providers being somehow untrustworthy, but the reality is that cloud providers will often build something that’s more secure than the enterprise would build themselves. Cloud providers have people dedicated to security.
Some people think of the cloud as insecure because they’ve been attack through the cloud. For example, the RSA breach or Operation Aurora, where Chinese hackers exploited Internet Explorer 6.
Moreover, you will not be more secure in the private cloud than the public cloud because I can walk in through the front door on any of your employees PCs.
What do you see as the biggest cloud/virtualization security problem that is not currently being addressed by other vendors? It sounds like you think the client is the biggest problem.
The point of the client is to ensure that all running code is protected at all times. That’s the problem Bromium is trying to solve.
Will the products Bromium offers work with virtualizations products other than Xen, such as those offered by VMware or Microsoft?
Bromium is not based at all on the hypervisor technology that is in use at all. The core intellectual property is hypervisor independent.
I know it’s too early to say much, but given your background in open source, can we expect Bromium to open-source some of its code?
I think that in the cloud business open source is the most valuable tool in the toolbox. That’s been a core element of everything I’ve learned in the past six years or so. So yes, we’re absolutely committed to that. Some components may be proprietary, some may be open source, much as we’ve done at Citrix.
