Cloud Trailblazers: 10 for 2013

Matthew Prince

Matthew Prince was seven years old when his mother started sneaking him into computer science classes. It was the beginning of a passion that continues today — Prince is CEO of web performance and security outfit CloudFlare — but the path from then to now was a lot more circuitous than one might suspect.

“I went to college and was a pretty good programmer, but I became bored in computer science classes pretty quickly,” Prince says. “So I graduated in 1996 and had offers at a few little companies I didn’t think would go anywhere: one was called Yahoo(s yhoo) and another was Netscape.”

Bunny slopes and honey pots

Turning down these giants of the time, Prince — a Park City, Utah native who regularly attends Sundance and also worked as a ski instructor — went to study law at the University of Chicago instead. Oddly enough, that’s where his interest in security took off:

“It was back in 1997. We had a student magazine that I had helped found and it had a mail server, and 1997 was right when email spam started to arise as a real problem, though it was still a relatively minor number of messages compared to what you have today.

“It was a growing challenge. I had a cocktail party with some friends and we’d had all these friends who’d dropped out of law school who’d made hundreds of millions as the tech bubble was taking off. We were working on ideas … we’d start a company that would write nasty legal letters to spammers asking them to stop, and we came up with the name Unspam.”

Unspam created Project Honey Pot, an initiative that gives website administrators some special code to embed in their website. When spammers come to scrape email addresses off the site to use for their nefarious purposes, they also end up scraping email addresses that, once they start receiving spam, trigger identification of the IP addresses used to harvest them. The results go to law enforcement agencies, who work with the project to nail the perpetrators.


Project Honey Pot is a distributed, open-source system that continues today, and Unspam also continues to provide technology and consulting services to governments around the world. But these ventures of Prince’s also gave rise to the big one: CloudFlare. Prince recognized that the distributed nature of the web would need a new method of protection and built it. That, and his personal drive and integrity, are the reasons why he’s on this list.

Building security into the distributed web

NEA was an early investor. General partner Scott Sandell tells a story about the negotiations leading up to the investment in CloudFlare — facing fierce competition from other VCs, Sandell was the first to get Prince to sign. But then Prince “went dark” for a few days. He came back saying he’d already made arrangements to meet with other VCs and wanted to honor them. But, as Sandell is pleased to say, he came back without trying to up the price:

“I find out afterwards that Matthew had turned down offers that were as much as two times higher than what we offered — we put down a term sheet and all these other people started bidding it up. Matthew stuck to his word. He said because we went first, he wasn’t going to penalize us for that. You don’t meet a lot of people who behave that way and I will tell you that’s the way he behaves all day, every day.”

It’s easy to perceive CloudFlare as a web security firm — when it’s hit the headlines, it’s been in connection with mitigating DDoS attacks — but the firm is really a mix of content delivery network (CDN), distributed DNS service and security provider. Prince refers to it as a web-operations-as-a-service outfit:

“We’re shifting from a world where things are appliances to a world where things are services, and there’s no way to install most web security appliances if you’re running on AWS(s amzn) infrastructure — in the future, Amazon will be the one providing security.

“CloudFlare does security, but the perception people have … they don’t buy security, acceleration or performance. What they’re buying is that they want their website to run like”

Because DDoS attacks are getting so powerful as to overwhelm pretty much any self-hosted site, Prince claims, we will end up with a handful of providers that will “essentially become the edge of the network, providing services for all the web” — Amazon(s amzn) will be in there, as will Google(s goog), Akamai(s akam) and, he maintains, CloudFlare. In other words, if Prince gets his way, the notable work he’s already done will be but a precursor to CloudFlare becoming one of the future web’s great enablers and defenders. Stay tuned.

In the meantime, Prince can also be found teaching a law school course on technology and the law at the John Marshall Law School in Chicago. “It sounds like work but is actually a lot of fun,” he says.

—David Meyer