When I dropped in last month on David Ulevitch, the CEO of OpenDNS, he was cheerily bounding around the rapidly expanding home base of his Internet security empire in San Francisco’s SoMa district. He’d taken over the other side of the building where OpenDNS is headquartered.
Now Cisco, an investor in OpenDNS since last year, is acquiring the fast-growing company for $635 million in cash and stock. The reasons are simple and obvious to anyone who’s been paying attention to the Internet lately: Networks are porous. Firewalls are irrelevant. Work happens everywhere. And new devices are getting added to the network all the time.
Ulevitch has been beating this drum for a while—in fact, he quietly taunted Cisco three years ago, before that company literally bought into his vision. What’s different is that the world is waking up to the reality that the old ways of securing Internet-connected computing devices are broken.
Routing Past Danger
Consider the Sony hack, recently chronicled by Peter Elkind of Fortune: Traditional network security measures meant nothing when system administrators’ accounts were compromised and employees stashed Twitter passwords in spreadsheets.
OpenDNS offers security services through a basic layer of the Internet, the domain-name service, or DNS. DNS servers translate the location of machines on the Internet, rendered as strings of numbers known as IP addresses, into the domain names that we’re familiar with (like readwrite.com).
It sounds like a simple function, but because it’s a crucial part of every interaction between machines on the Internet, there’s a wide range of security OpenDNS can offer based on examining, blocking, or rerouting these requests.
Crucially, this doesn’t require the installation of special hardware or software. You just route your DNS requests through OpenDNS’s servers rather than—as is typical—your Internet service provider’s machines.
This has put OpenDNS in a position where it can deal with entirely new kinds of attacks.
When the Syrian Electronic Army allegedly hijacked the DNS records of the New York Times, OpenDNS ignored the bogus directions and sent people to the New York Times website. That’s not the kind of threat you can handle with a firewall.
Google (which offers a competing DNS service) is embracing a model where it no longer has an intranet—a privileged network only accessible “inside” the company. Because, if you think about it, how do you define “inside” anymore?
Add to that a host of new devices with new interfaces. Can you imagine logging onto a VPN with an Apple Watch? It’s not going to happen—at least not in anything like the tedious way you do it on a laptop. Rather than relying solely on stealable usernames and passwords, the network will watch our behavior. That kind of predictive security is something OpenDNS is expert at.
A company today is a group of people using devices to log into services so they can access and generate data. That’s it. That’s all that matters. Protect those, and you’re secure. Don’t protect those, and, well, you’re Sony.
If there’s any wistfulness here, it’s that OpenDNS didn’t keep forging an independent path. Ulevitch, in a blog post, said that the company was growing quickly—it now has 300 employees—and had added 2,000 paying customers so far this year. Cisco’s salesforce and global reach will surely help OpenDNS knock on more doors. But the real test of this deal will come in a few years, when we’ll see if Cisco has taken OpenDNS’s model of cloud-based security and applied it across its business.
Photo by Scott Beale/Laughing Squid