Company: HyTrust | Who: Eric Chiu, President and Co-Founder
SecurityWeek: How did you start out in the computer field and in particular, security?
Eric: I graduated in engineering from UC Berkeley, and took a different path- I went on to investment banking. This led me to a VC and I became an associate at one of the top-tier VCs. This was during the late 1990s. It was the time of Internet and software and I was immediately drawn to the entrepreneurial environment. So I then joined mySimon – a comparison shopping space which was later bought by CNET Networks. HyTrust is now my fourth tech start-up, and second in security. The previous one in security was MailFrontier which developed an anti-spam and anti-virus gateway for email.
SecurityWeek: What brought you to found HyTrust?
Eric: We came up with the idea of Hytrust in late 2007. VMware just went public and at VMworld people were talking about putting virtualization into production. We saw this as a major transformation of the data centers where companies will put their mission-critical apps on top of this new platform. But in order for companies to do that, greater security and compliance for virtual infrastructure would be required. This was the original thesis and we incorporated the company in October 2007.
SecurityWeek: What does HyTrust do?
Eric: Hytrust provides control and visibility for cloud infrastructure environments. This allows companies to mitigate the concentration of risk and potential catastrophic failure that virtualization creates. We enable secure virtualization of all workloads –critical data, development and QA apps, and so forth.
SecurityWeek: What’s your business model?
Eric: We sell a virtual appliance solution. It’s a self-contained software appliance for large enterprises and government agencies. Our product is priced on the size of that virtualized private cloud that we protect.
SecurityWeek: Who are your biggest competitors?
Eric: The biggest competitors today are actually companies that are essentially doing business as usual – using the basic security controls in the platform. They are ignoring security.
We’re seeing that enterprises are rapidly maturing in their growth and use of virtualization, but across the board they are hitting roadblocks when they try to virtualize their business critical data and also when moving to a multi-tenant cloud. These are key points where HyTrust is an ideal solution for them to consider.
SecurityWeek: At what stage is HyTrust now?
Eric: We’re definitely in the growth stage. We have a large number of Fortune 1000 customers – that’s our target market. The verticals are financial services, government, healthcare and retail. Investors include not only large VCs – Trident capital, Granite and Epic Ventures – but also the major players in virtualization in cloud which are Cisco and VMware.
Update: HyTrust recently announced that they raised $18.5 million from investors including In-Q-tel, Intel an Fortinet. Our interview was conducted prior to the announcement and accordingly, does not include the latest round of funding.
SecurityWeek: Where do you think your field is going on from here?
Eric: I think that the number one initiative today of CIOs is virtualization in their private cloud environment because of the strong ROI the enterprises are getting. The next area that companies are moving into are exploring public cloud models as well, and tying that into their private cloud in a hybrid-cloud approach. Consider the case where enterprises can have the workloads move: they can run internally in VMware, move to public cloud, burst in capacity, and move back to private cloud. This is a true model where one can have utility in the best place to have it at that moment together with the freedom of choice. Security is the key part in making that happen.
SecurityWeek: What is your biggest challenge?
Eric: Once you have a successful product then you have to be able to balance between the realities of the day such as a product being used by large customers, the sales efforts to other large customers, existing products and features, together with the broader vision of what you want to go after. That’s a hard thing to do because in a lot of ways you get focused on one side of the equation too much. If you focus too much on the existing product and revenue you miss out on building a strategic vision. On the other hand, if you focus too much on a strategic vision then you might make mistakes on executing on your existing business. That’s a huge challenge that nearly every successful company goes through and will continue to go through.
SecurityWeek: How do you deal with the nayers?
Eric: In some ways, you can say that’s the general population. When you start a company, you essentially need courage to stand by what you believe and your passion and go after it. You need to be able to take constructive criticism, but also not be too concerned about people saying it can’t be done or some other company is going to provide that technology.
For example, for the first four years of HyTrust, probably the biggest objection we received was that VMware was going to develop our capabilities and compete with us. Our rationale was that VMWare – like any other platform company – was not going to focus on platform security until they really needed to, but rather focus on new-generating areas like network virtualization. Fast forward to today, that’s what happened. VMware uses HyTrust as a key partner to deliver enterprise-level security. This is to the extent that VMWare invested in HyTrust and has a strong position to taking HyTrust to its customers.
SecurityWeek: Any tips for other entrepreneurs starting out?
Eric: One, don’t settle on top notch talent. Two, be courageous and go after what you believe in and are passionate about. Three, surround yourself with great partners and a strong team. Partners are everyone around you: spouse, investors and your team. If you have that strong foundation then when issues come up, you can leverage the resources of the group to tackle those challenges. Fourth, think strategically but execute well tactically. You need to think both about long term vision and on how to build a business today and move the ball one day at a time.
SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?
Eric: The startup of all times – going back from when I was a VC until now – is NetFlix. I love the story of how the founder Reed Hastings ran a traditional software tools company, called Pure Software, before he started Netflix. The reason why he started Netflix was because he received a $40 charge for returning late a movie rental from BlockBuster. In the beginning, Netflix was a new way to rent movies and charging people for it. Instead of having films to rent and charging when people didn’t return in time, they charged according to a subscription and having a number of movies out for some time. With this approach they pulled the biggest player, BlockBuster, out of business. NetFlix was used at first as an alternative to a DVD rental business. Later, it had more competition but hit critical mass when it went to CD. Today it is viewed as a media player – production movies, shows and original content. If you think of the evolution of the business and strategic position of the company then that’s an amazing story.