Banking on the Cloud - An interview with Bracket CEO Tom Gillis

Tom Gillis is CEO of Bracket Computing, a start-up that he co-founded with the bold vision of enabling G2000-class customers to securely move enterprise workloads to multiple hyperscale clouds.

Bracket has secured $130 million in funding from top tier VC firms such as Goldman Sachs, Andreessen Horowitz and Sutter Hill Ventures—along with strategic corporate investors GE and Qualcomm. Prior to Bracket, Tom was VP/GM of the Security Business Unit at Cisco. Tom came to Cisco through the $830 million Ironport Systems acquisition, where he was a founding team member and VP of Marketing.

Over 15 years at startups and large companies, Tom has experienced the full tech roller coaster, ranging from a successful multi-billion dollar IPO with IBEAM Broadcasting, where he was the VP/GM of Media, to being part of the founding team at Ironport Systems in the ashes of the dot com collapse. Tom also serves on the board of Menlo Security and as a venture advisor to Allegis Capital.

We've spoken to him about the benefits of companies - particularly in the financial sector- moving onto the cloud, and IT security trends for 2016.

What would you say is the current state of the cloud in the financial world? In 2015, would you say that companies began to take the cloud more seriously?

Yes. Definitely. Our customers, including senior executives at large Wall Street banks such as Goldman Sachs, have talked about the importance of the banks to move from an analog world where things are done on paper and pitch books to a digital world where things are electronic, dynamic and interactive. Being able to use flexible pools of capacity like you get from the public cloud is absolutely a core part of this strategy. It’s a top priority and a C-level focus area. These financial institutions move with great care and caution, but my expectation is in 2016 we’ll see very security conscious enterprises taking advantage of the public cloud for fairly large-scale deployments.

Would you say that US companies are moving more aggressively to the cloud than their European counterparts?

No, I think that banks compete on a global scale and all of them are realising that being able to harness the elasticity, efficiency, and flexibility of public cloud is core to their ability to remain competitive. We see London-based banks in roughly the same state as the US-based banks—they’ve already decided they need to take advantage of what massively scalable public clouds have to offer and now they’re figuring out how.

What is it exactly that Bracket does? What makes Bracket stand out from the crowd?

Bracket provides enterprise-grade security controls that are strong enough to allow Wall Street institutions to feel comfortable putting productions workloads and sensitive data on the public cloud—that’s a very high bar.

But, what is it that makes Bracket stand out? We don’t approach this problem by building a little widget that makes things more secure. We approach the problem by thinking very broadly about the blueprint for the data center of the future. What has been fantastic is that our customers, who again, are large financial institutions, have IT leaders who share our vision. They think about a world where infrastructure—security controls, encryption, and data management—is separate from capacity. And once you separate those two things (they never used to be separated they always came in one box) you gain the ability to view capacity as pools of resources from which you can pick and choose what is best for your particular application or business need. Bracket uniquely enables that very bold and very technically challenging ambition.

How did you decide to found Bracket?

Bracket is my third startup. Cisco Systems acquired the second one where I ran a division of Cisco developing firewalls, which were essentially datacenter components that come in a box. At Cisco, as I talked to our customers I realised that the notion of physical appliances and infrastructure was holding them back from getting the flexibility and agility they needed to power their business. And I realised that in order to fundamentally change that we had to rethink how the data center is put together. We had to come up with a way to separate infrastructure from capacity. My cofounder Jason came up with a very novel approach to virtualisation that allowed us to do this. This became the foundation behind what is now Bracket.

What would you say are the key benefits for a company in moving to the cloud?

The number one benefit is flexibility. Business changes. That’s the whole benefit of the cloud—gaining an ability to respond quickly to new conditions. A perfect example of this is the stress test governments have created that require a bank to run a doomsday scenario on top of the risk analysis that they already do. It’s computationally very intensive. They might only need to run this once a week or once a month depending on the environment, but when they need to run it, they have to have it on a very quick turnaround. It can be very expensive and cumbersome to deliver that without massively scalable cloud environments. But with the cloud it’s a matter of clicking a few buttons and getting a much stronger understanding of your risk position. This is why the cloud is truly transformative to the business.

What is holding back more companies from moving to the cloud?

Interestingly, I believe that while there are many technological challenges to moving to the cloud, they’re being solved. Therefore, the number one thing that holds companies back is people. Change creates winners and losers. Those who can create advantage embrace change, but those that fear it will resist. In order to counter that effect and to try to overcome the inertia of organisations that resist change, we’re seeing leading Wall Street banks setting executive level objectives around getting to the cloud.

Why is a company’s data more secure in cloud rather than on physical servers?

For decades the way we thought about security was built on physical constructs. It goes something like this: I have a server and I have spindles in a storage system that sit in a rack. That rack is in a cage. The cage has a lock and it’s in a building that has a guard at the front and a retina scanner. With all that, the assumption is, it’s secure. But what we’ve seen over and over again is that those physical controls are being breached. Think Target, Sony, Home Depot, and JPMC.

What we need are logical controls that are far more relevant and effective than physical controls. At Bracket, we’ve focused on using advanced encryption. Encryption is a logical control that’s independent of physical controls, which means it doesn’t require you to physically control the asset. Having these logical controls built into the infrastructure is a requirement in order to go onto the public cloud because you don’t physically control the infrastructure. But it’s actually a far superior security model than relying on the physical constructs of boxes to protect your data.

What sort of IT security trends do you see developing in 2016?

For Wall Street, 2016 is clearly the year of the cloud. We see large scale adoption of self service for developers. We see large scale adoption of containers and micro-services. And we see large- scale adoption of production workloads on both private and public infrastructure in a hybrid model.