Steve Herrod has seen a lot in the enterprise IT space, having spent 12 years at VMware — the last several years as CTO and vice president of R&D — before leaving in 2013 to join venture capital firm General Catalyst Partners. And right now, after seemingly dozens of high-profile cyberattacks in as many months, Herrod has security on his mind. He came on the Structure Show podcast this week to tell how he’s thinking about that space.
Here are a few choice quotes from the interview (including about Docker and the pace of tech innovation), but it’s definitely worth hearing the whole thing. Herrod offers up a lot more thoughts on the cybersecurity. as well as cloud computing, containers and the public appetite for tech IPOs.
[soundcloud url=”https://api.soundcloud.com/tracks/184974081?secret_token=s-DR28d” params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]
Security as corporate strategy
“For me, it’s the first time that sort of infrastructure issues are coming up at board-of-director meeting for completely non-technology companies,” Herrod said. “Nobody wants to be in the news whatsoever, and the cost of these break-ins is obviously ridiculously high.”
There is no enterprise force field
“I think you should just assume bad things are going to happen, so let’s think about how to mitigate or restrict how bad they can be,” Herrod explained.
“Forget perimeter,” he added. “Let’s think about how do we wrap data, how do we write applications, how do we use identity as the very core, regardless of where we’re accessing things?”
It’s time to give the cloud it’s due on security
“If you meet the ops teams and the groups that are there building these clouds, I think they’re far more secure than what’s going on in the private data centers because they have much more-intensive staffs,” Herrod said. “These guys have gone through every audit — they’re the superset of every audit that their customers have to go through, and they see the most-sophisticated attacks and thus have to do a lot of work behind it.”
2014 was the year of the container; 2015 will be a year of awakening
“Last year was the year of Docker awareness. I think it was the most-publicized open source thing since OpenStack,” Herrod said. “… But I think this is the year you see the hype die down and kind of the realities of what it means to use these containers [and] the fighting that will go on between a bunch of different vendors offering the best approach to containers.”
Keeping up with new tools is a full-time job
“I actually see all the time the developer back channels on what is the most-productive toolset or what is the coolest way to build this new type of startup company,” Herrod said. “That travels super-quickly through conferences, through articles, through social networks, and thus I think you get this herd mentality moving to the next new thing very quickly.”