.png)
Q&A with Andrew Rubin: On Being A CNBC Disruptor
Illumio was recently named to the 2017 CNBC Disruptor 50 list, which honors the world's 50 most ambitious and innovative private companies representing breakthrough ideas from all over the world. Out of 800 nominated companies, CNBC recognized Illumio as pioneers of a new market for stopping cyber threats: Adaptive Segmentation.
We sat down with our CEO and Co-Founder, Andrew Rubin, on the heels of the Disruptor 50 announcement to get his take on the significance of being a disruptor in cybersecurity today and the story of how that came to be.
How do you define being a disruptive company?
It’s fair to say that the word "disruptive" is one of these words that can be applied in many different ways, but, at least specific to our industry, and maybe even more specifically, to the infrastructure security part of our industry, you have to be willing to do three things:
First, you have to acknowledge that the problems we're solving today are fundamentally different than the problems we were solving even five or ten years ago. In other words, if you're going to build something that's very different, you have to start by understanding the problems as they exist today, and not work off of the thesis of what a problem looked like a decade ago. It may sound funny, but to build something disruptive, you actually have to acknowledge that the problem set has changed.
The second thing is that you have to be willing to start from a blank page or a blank piece of paper. The reality is that not only have problems changed very dramatically in cyber over the last five or ten years, but the truth is, so have all of the architectural requirements; things like public cloud infrastructure didn't exist or certainly not in a meaningful way, even as recently as five years ago.
And so you have to sort of say, "First, what is the problem set look like today? Secondly, what are the requirements of the world today?" We have an expression that says something along the lines of: You have to solve the world as you find it, not hope that the world bends around your solution.
And I think the third and final piece is you have to be willing to break a lot of glass and ask the customer to break some of their existing operating models in order to get to a different place. I really believe that in order to be disruptive, you have to acknowledge that you're going to ask the customer to break things inside of their own worlds — some of their own operating models, even some of their own assumptions, in order to get them to a different place.
Fortunately, when the problem set is as big as segmentation already is today, and the risks attached to not solving the problem are as high as they appear to be, that helps enormously because it gets everybody into a mindset of: "I'm willing to do things very differently in the future if it gets me to a different place than I've been in the past."
Why is it significant that Illumio has been named to CNBC's Disruptor 50 list?
There are a number things about being on the list that really excite us. But, I think, for us it's really an acknowledgment that adaptive segmentation — and certainly the risks attached to not segmenting – is now becoming very recognizable.
Segmentation is absolutely being recognized as a requirement, not a nicety.
It’s also very important because we do believe we built a disruptive technology. We are not an incremental iteration on what's been around for the last 5, 10, or 20 years. The infrastructure security space is, without a doubt, a very well-known, very mature, very well-organized part of the industry. And the truth of the matter is that there hasn't been a lot of really disruptive innovation inside of this part of the category in a very long time.
Lastly, Illumio is very young, relative to the normal place that an enterprise company enters this list. As a company that is just four years old, that has barely been in market for just a little over half that time, the fact that we've had enough traction, both in terms of our actual metrics and of our customer acquisition in places like Morgan Stanley and Salesforce, to be able to make the argument to the Disruptor committee that what we're doing is real, that what we're doing is important, and that our ability to do it at scale is already proven is really an important endorsement of the execution of the company.
When you put the three things together, it's a very, very powerful statement about where we are, and a statement about the trajectory of where we're going to go.
Why do you think Illumio has had such quick traction in the market with some of the biggest companies in the world?
It's important to start from the place of: What should a large enterprise do under normal circumstances? And this may sound like a little bit of a strange or even contrarian answer, but, I think, one of the things that you have to do is start with what's normal before you look at what's abnormal and why.
If you think about what's normal for a Fortune 100 or even a Fortune 500 company when they're confronted with a problem that is embedded in their core infrastructure, it is to buy a solution from a large incumbent vendor.
It's really important to start there because we all know the old adage about: nobody ever gets fired for buying IBM; or, nobody ever gets fired for using Microsoft software. There's reason why that's true. Part of it is because they're well known, very established brands, and it's hard to pick on somebody when they do business with them. It's hard to say, "I can't believe you took that risk and bought database software from Oracle."
I personally believe that in order for a company like Illumio to be doing business at scale in places like that, you actually have to have two things come together at the perfect moment in time:
The problem has to be so core and strategic to the customer's operations, that no matter what it takes, they have to solve it.
The second thing that has to happen is the incumbents have to be in a position where the customer really does believe that the incumbents – the safe bets – simply can't solve the problem. Which means, if the problem must be solved and the incumbents can't solve it for them, they're going to be driven to look at solutions that they wouldn't normally be willing to look at – including early stage companies like Illumio. The piece that ultimately makes it happen is that the early stage company that isn't the safe bet has to be credible.
How has Illumio built this credibility?
In our case, several things came together at the right time:
Segmentation has become a requirement to operate, not a nicety. The large incumbents don't have a solution that allows these customers to do what they need to do to operate and solve the problem at the same time.
We've put together a team that is credible based on their experience and diversity of backgrounds.
And we've worked incredibly hard, in every way possible, to become credible, despite the fact that we're not a large incumbent. We've proven again and again that the software works and has the ability to scale. And we've used our customers as a feedback loop to continually ensure that the roadmap is the right roadmap.
How have Illumio’s customers disrupted Illumio’s approach to cybersecurity?
I think that the best anecdotal story that we have to that is Illumination. It's one of many examples, but it's the one that's easiest to describe because it's the biggest, it's the most visible. And it’s a very powerful version of what happens when you listen to your customers.
From the very beginning, we knew that we wanted to build a segmentation technology and that the only way to accomplish it at scale would require something disruptive relative to the technology that existed in the past.
>What I assure you we didn't know was that in order to do segmentation properly, you would actually need an MRI-like capability – Illumination in our case – to be able to actually understand your environment as it exists before you segment. And then use that understanding in order to segment in an intelligent and scalable way. In other words, Illumination wasn't necessarily part of our initial customer story.
But in the first two years, before we actually brought the software to market, the most valuable thing that we did was spend time with over a hundred enterprises. And consistently, the one thing that we heard again and again was: "I need a map. I need to understand how my environment looks, behaves, and talks to itself today. Because if I don't, then I can't possibly segment tomorrow.
Our customers and their feedback disrupted our assumptions and, therefore, our product model, almost from the very beginning.
We appreciate that. We understand the value of it. And quite frankly, we keep doing it again and again today. Those conversations and that feedback loop broke and disrupted our entire thought process around how to do this at scale with customers. As a result of that, Illumination was born and eventually became one of the pillars of the product.
