Interview: Brian NeSmith, CEO of Blue Coat Systems

The Blue Coat Systems CEO gazed into the dotcom abyss and survived. He thinks he has the measure of the downturn. Paul Fisher reports.

Touching down at San Francisco was a little more traumatic than it needed to be. The Virgin Atlantic 747 suddenly veered off from its approach for landing with a dramatic lurch right.

Climbing a few hundred feet, the pilot felt composed enough to tell us that air traffic control had, at the last minute, given our slot to another plane. Nothing to worry about, he said.

Once on the ground, the incident passes from the mind in the scramble through immigration and beyond, but there is still that nagging thought – what if?

Were we just lucky this time?

And it's luck and the big “what if?” that separate the Silicon Valley successful from the also-rans.

Some, like 46-year-old Blue Coat Systems CEO Brian NeSmith can claim to have pushed their luck, looked the big “what if” in the face and won.

Having gone to the brink in the dotcom crash, NeSmith finds the current downturn less daunting than it might be for those without his experience.

The recent history of Blue Coat Systems may explain why. Blue Coat started out as Seattle-based web-caching business, CacheFlow, in the late 1990s.

After moving to Sunnyvale in the Valley in 1997, the business enjoyed spectacular growth, followed by one of the most successful IPOs in Valley history.

To go with all this was the normal dotcom indulgence – excessive staff parties, free lunches, staff jamborees to Hawaii. Then came the crash. Revenue collapsed. The business was in danger of becoming another dotcom casualty.

NeSmith decided to focus on a single product – a proxy server with security built in. Those who didn't agree with his strategy found themselves outside the business, as did, sadly, 250 employees axed in a purge in 2002. CacheFlow became Blue Coat.

There has been steady growth since and the business recently completed a US$268m acquisition of optimisation firm Packeteer, whose Cupertino building is occupied temporarily by Blue Coat people, including Brian NeSmith.

To look at, NeSmith doesn't strike as a hard-as-nails CEO. Quietly spoken and casually dressed, he might be mistaken for any Blue Coat employee looking for their cubicle space. But in addition to the steel to face difficult times, he also has something rarer among CEOs – candour.

So far every executive I have spoken to has told me that, yes, the recession will affect internet crime levels and this will be a good thing for the industry.

“I don't think that's true,” he says. I'm surprised by this: “You're the first person that's told me that. Others have said precisely the opposite.”

“Security is a little bit less sensitive to volatility of the underlying demand because of economic reasons, but just because things go into a depression isn't going to raise the incidence of cyber crime and trigger greater need for our product. Even if that's true, it's pretty weak,” he says.

As for the opposite views: “Good for them. Okay. I'm not sure. I might be wrong – but I'm not betting on that.”

He is also open about Blue Coat's prospects in a recession. He believes it is not immune but, like any CEO worth his salt, believes his product has the “value proposition” to get through. “But if things get difficult enough, I'm sure it will affect us,” he says.

“I don't think I have any special insights. I read and hear and listen to probably the same things your readers do. So I read the Wall Street Journal, and the Economist, and the Financial Times and there are some clear challenges,” he says, listing the oft-repeated reasons for the global slowdown – energy prices, housing bubble and presidential election year in the US.

He must also read Forbes.com, which in May ran an article headed “Blue Coat looks threadbare”, outlining a 20 per cent fall in share price after results fell below analysts' expectations – despite significant year-on-year gains. But that's Wall Street for you. It's unlikely NeSmith lost too much sleep over that.

“A lot of the people who offer prognostications don't have any real insight either,” he says, his final words on the blizzard of opinion raging through the world's business press.

With that, we move from the topic of recession. After all, life carries on, and this isn't yet the end of the world as we know it. There are new challenges and new ways of working and NeSmith wants to be at the forefront of it all.

“We want to become the standard in how organisations allow their employees to go to the internet. We want to keep up with the challenges that customers are seeing: Web 2.0 and the new kind of threats that are coming. Personalisation of content means that traditional content-filtering solutions are really going to break down.”

He says that the idea that we can control what people are doing by simply looking at URLs is losing its relevance. In the age of MySpace and Facebook widgets, where the URL will often hide the embedded content within those pages, there is no way of knowing whether it is good or bad.

“What's going to be required is a platform that can in real-time dynamically assess web pages and characterise them to dictate policy. The personalisation of the web is going to be a big challenge to companies,” NeSmith says.

So is the genie out of the bottle? Just how big and out-of-control is the new web environment going to get? (Web 3.0, 4.0, call it what you will.) Last year Facebook, this year Twitter – and 2009?

“Yeah, you name it,” he says, “there'll be thousands, if not millions of these things.” But again NeSmith doesn't parrot the industry's party line that “this is bad and dangerous and needs to be controlled”.

I get a more visionary approach: “I think it's an empowering kind of infrastructure. Why should I be forced to consume, look, listen, hear the general stuff, when all I care about are specific areas?” he says, adding that such bold empowerment does indeed create challenges for companies managing that kind of infrastructure.

“How do we deal with the challenges in the branch? And for the mobile user? We're seeing companies getting more distributed yet they're centralising their applications and their content. These two trends are going in opposite directions. You're seeing that the distance between users and their applications, and their content, is getting worse, not better. The nature of those applications is becoming richer, not simpler, and performance is getting worse, not better,” he says.

And how do you deal with those issues of performance and distributed security? According to NeSmith, the answer is that, on top of network infrastructures, businesses are going to have to create application-delivery infrastructures that uses intelligent techniques like storage, protocol optimisation and re-use of information in smart ways – to make users that are remote seem local, and give them the same security and control they would have if they were central.

“Application-delivery infrastructure is the big investment area for us. A simpler way of saying it is that we want to put one of our boxes in every branch,” he says.

I ask about the importance of caching in an age of multi-apps on the web, apps within apps, browsers becoming application holders and so on. The broadband infrastructures are struggling to keep up with the application-heavy web. Will that give Blue Coat competitive edge? For an example of why the answer is yes, NeSmith turns to ladies' lingerie.

“When Victoria's Secret first put its catalogue online, it was an Event that melted down the internet, as millions of people logged into that content.

Well, our customers did very well because, rather than every person inside the organisation pulling down the content uniquely, the first person to log in started pulling it down and everybody else just tailed off of that.

And, so, they pulled one stream down, and then it split out and dealt with everybody else, separately. That's where things like object-caching help you out. We've had a lot of success with that sort of event. When you have one object accessed by a lot of people all the time, caching is a very powerful concept.”

Hell, yes – but if it's so good, why isn't all the competition doing it? Because, says NeSmith, there's more to caching than simply storing previously-accessed data. It's the way that you do it. Like so much in computing, he says, advantage lies in the algorithms that Blue Coat uses.

“There are some other people who talk about it but, yeah, I think we're the market leader, from the standpoint of internet access and the use of caching, and security, and acceleration functionality. It's not just caching. I think we bring a lot of unique capabilities there,” he says.

But what are his customers looking for – on top of this caching and protection? What are their frustrations, are they cynical about the threats they face?

“I don't see a lot of cynicism with people. They view protection as a cost of doing business and a challenge. I'd say that the bulk of what I've heard from IT managers is they want to get out of the ad-hoc nature of responding to things.

They say: ‘Give me a toolkit that lets me deal with the threats I've got now, then, if a different kind of threat comes up, something that can allow me to manage that.' And a lot of it is the very mundane IT things. You know, please make it cheaper, please make it easier to manage, easier to
install,” he says.

NeSmith sees a bright future for software as a service and for MSSPs, saying the mainstream vendors are going to get serious about it but, cryptically, that it might be a case of “software with a service that goes along with it”.

“If I get that functionality as a service, as opposed to a product, then I'm going to depend on that company to do that, and that relieves me of some load and some responsibility, and I can scale up or down more easily than when it's my own product.

“But it's going to be a mix. I think you're just going to find software products that get better leverage by, also having service, as well as software service that marries with a software product and builds a better overall solution,” he adds.

Outside of what is after all really marketing rather than technological innovation, NeSmith is sanguine about the ability of the Valley to provide the next great leap forward. He says a lot of investment in the Valley at the moment is bypassing IT and going into energy. There are hundreds of start-ups focused on how to make batteries or solar more efficient, bio-fuels, and generators.

“The Valley evolves. In networking, the rate of innovation has slowed, mainly because we've cracked a lot of problems, and now we're just talking about how to scale bigger and bigger. The innovation is around all of the social network applications,” he says.

I venture that even great innovations struggle to make money, but NeSmith says it's all a question of probability and statistics. VCs can afford to gamble.


“The normal Valley model was that you fund 20 start-ups and 20 per cent of them fail completely – the money is all gone, you fire everybody and you're done. One or two are wildly successful and the others all walk in the land of the living dead, meaning they don't die but they don't really go anywhere,” he says.

No-one would accuse Google of walking among the living dead. The search colossus has launched its own very cool browser and continues its startling growth, but NeSmith is underwhelmed.

“Google is not as innovative as everyone plays it out to be. It has done two things really well, so far. It has figured out how to do search and it has figured out how to deliver ads along with search. It has got a lot of little things that are kind of cool or interesting but, you know, Google Apps hasn't really taken off,” he says.

It is clear that Blue Coat under NeSmith has no desire to be Google or to play the “innovation” or PR game for Valley brownie points. It looks steady enough to ride the recession. It has a battle-hardened CEO at the helm, one who can look with some satisfaction at where he is now. And with some very definite plans about where he'll be in the future.

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition

brianinterviewsecurity