What’s big in venture capital: Security, security, security

Steve Herrod has seen a lot in the enterprise IT space, having spent 12 years at VMware — the last several years as CTO and vice president of R&D — before leaving in 2013 to join venture capital firm General Catalyst Partners. And right now, after seemingly dozens of high-profile cyberattacks in as many months, Herrod has security on his mind. He came on the Structure Show podcast this week to tell how he’s thinking about that space.

Here are a few choice quotes from the interview (including about Docker and the pace of tech innovation), but it’s definitely worth hearing the whole thing. Herrod offers up a lot more thoughts on the cybersecurity. as well as cloud computing, containers and the public appetite for tech IPOs.

[soundcloud url=”https://api.soundcloud.com/tracks/184974081?secret_token=s-DR28d” params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]

Download This Episode

Subscribe in iTunes

The Structure Show RSS Feed

Security as corporate strategy

“For me, it’s the first time that sort of infrastructure issues are coming up at board-of-director meeting for completely non-technology companies,” Herrod said. “Nobody wants to be in the news whatsoever, and the cost of these break-ins is obviously ridiculously high.”

There is no enterprise force field

“I think you should just assume bad things are going to happen, so let’s think about how to mitigate or restrict how bad they can be,” Herrod explained.

“Forget perimeter,” he added. “Let’s think about how do we wrap data, how do we write applications, how do we use identity as the very core, regardless of where we’re accessing things?”

Mobilize 2011: Stacey Higginbotham – Senior Writer, GigaOM; Stephen Herrod – CTO, VMware

Steve Herrod at Structure 2011.

It’s time to give the cloud it’s due on security

“If you meet the ops teams and the groups that are there building these clouds, I think they’re far more secure than what’s going on in the private data centers because they have much more-intensive staffs,” Herrod said. “These guys have gone through every audit — they’re the superset of every audit that their customers have to go through, and they see the most-sophisticated attacks and thus have to do a lot of work behind it.”

2014 was the year of the container; 2015 will be a year of awakening

“Last year was the year of Docker awareness. I think it was the most-publicized open source thing since OpenStack,” Herrod said. “… But I think this is the year you see the hype die down and kind of the realities of what it means to use these containers [and] the fighting that will go on between a bunch of different vendors offering the best approach to containers.”

Keeping up with new tools is a full-time job

“I actually see all the time the developer back channels on what is the most-productive toolset or what is the coolest way to build this new type of startup company,” Herrod said. “That travels super-quickly through conferences, through articles, through social networks, and thus I think you get this herd mentality moving to the next new thing very quickly.”

GoDaddy: ‘We weren’t attacked.’

Hosting giant GoDaddy has completed its investigation of Monday’s outage and deemed it was not the result of a DDoS attack as originally rumored, but rather the result of network failures within GoDaddy’s system. The outage crippled hundreds of thousands of web sites.

How to protect free speech online

As general counsel for Avvo, Josh King has responded to hundreds of lawsuit threats — all for activity that is soundly protected by the First Amendment. Here, King outlines three areas where he believes companies can take a stand to protect free speech on the Internet.