Illumio, The Stealthy Security Startup For The Anywhere App Universe

Illumio, the startup backed by a who’s who of A-list venture capitalists and charismatic CEOs, tells a story about what we can expect to be a constant stream of companies with one thing in common: They are saving us from malware hell fire and the devil’s phishing.

But like any preacher show, most of these security startups will be here today and gone tomorrow. They’ll fill the tents with believers, investors looking for deliverance to the IPO promised land. They’ll promise protection, encryption, data shields, reports, experts, next-generation this and groundbreaking that.

So is Illumio the real thing? The stealthy security company has $8 million in backing from Andreessen Horowitz and, according to All Things D, Salesforce CEO Marc Benioff and Box CEO Aaron Levie. Steve Herrod, the former chief tech star at VMware, wrote this week that General Catalyst, where he is now a general partner, has invested $34 million in the service that protects the application in the virtual machine. It’s what the tech smarties are calling “application virtualization.”

And that sounds strikingly familiar to the story we hear from Docker, the open-source project that has Red Hat so excited that they are integrating it into OpenShift and making it immediately available on Red Hat Fedora.

With Docker, the application container, which has its own memory, CPU, disk space, etc., only moves the code. The virtual machine does not move, nor does the operating system. Code can be moved around in a container to cloud services and back to the data center.

But Illumio is a security play, whereas Docker offers a way to port to different developer platforms and infrastructures. There are, however, some similarities that reflect the greater market demand for portability.

Herrod writes that there is no one place for apps. They are as much in the data center as they are in the cloud. The security needs to travel to the app, while not disturbing its modern mashed-up form. Furthermore, apps are often a combination of different services, connected by APIs. These are apps that can’t be protected by a fortress. Nothing lives behind a wall anymore as apps are everywhere. Building a fortress doesn’t work. It’s like a wall of Jericho that comes tumbling down when attacked.

At VMworld last month, Marc Andreessen went tête-à-tête with VMware CEO Pat Gelsinger about security and the cloud. Gelsinger said the data center is vital for security and compliance. Andreessen countered that the data center is riddled with security hacks, data corruption, bugs, viruses and the rest. He said the  cloud is arguably far more reliable and will be more reliable in the future.

But the cloud is not just some separate physical entity. It is Amazon Web Services and its customers that use its virtual private cloud to pass data between the data center and the cloud service. It is also OpenStack, which connects enterprise data centers with public cloud services. It’s a giant mesh, porous, without walls.

“How an application is protected should be independent of where that application is running or what infrastructure it is running on,” Herrod writes. That means, as far as I can infer, that, like network virtualization, the security will be independent of the infrastructure, optimized to alert and notify users about any potential anomalies.

But Illumio is not the first to enter this space. It will face healthy competition from a number of startups. Will these be companies like vArmour and Embrane, as noted by SDN Central this week?

We’ll see. The preacher shows have just started. What will actually have a lasting impression will depend on how well it can exist in this new “application anywhere” universe.