Startup aims to secure application clouds and virtual desktops

Former Citrix CTO Simon Crosby talks about his new company Bromium, whose technology isolates malware and provides continuous endpoint protection

Last week at the GigaOM Structure conference in San Francisco, Simon Crosby, the former CTO of Citrix Systems' data center and cloud division, announced the eyebrow-lifting news of his departure from Citrix, along with Ian Pratt, chairman of and co-founder of XenSource. The two have decided to leave Citrix in order to form a new stealth company called Bromium.

Crosby and Pratt are joined by Gaurav Banga, the former CTO and senior vice president of Phoenix Technologies, who led the creation of two new product lines: HyperSpace, a new platform for instant-on and power efficient computing, and FailSafe, a cloud-based antitheft and device management system for the PC. Banga will serve as the new stealth company's president and CEO, Crosby as CTO, and Pratt will be senior vice president of products.

[ Also on Find out why the latest Linux kernel update is providing open source virtualization users with a platform choice. | Read how Citrix commercializes OpenStack public and private clouds with Project Olympus. | Keep up-to-date on virtualization by signing up for InfoWorld's Virtualization newsletter. ]

The stealth company also announced it had raised its Series A round of funding in the amount of $9.2 million from Andreessen Horowitz, Ignition Partners, and Lightspeed Venture Partners. This round of funding from Andreessen Horowitz reunites Crosby and Pratt with former XenSource CEO, Peter Levine, who also becomes a Bromium board member.

Bromium may still be in stealth mode, but Simon Crosby did reveal a bit more information in what should be his final blog post as a member of the Citrix team. Crosby stated that Bromium is "fusing deep virtualization and security systems DNA to build a powerful set of tools that can offer continuous endpoint protection."

Crosby added one other interesting piece of information when he said that Bromium doesn't intend on competing with any of the virtual infrastructure or security vendors that are currently out there. That information should be pleasing to Citrix.

According to one of Crosby's presentation slides at Structure, Bromium's technology is said to secure application clouds and virtual desktops, as well as rich client devices. It plans on running on multiple processor platforms, including x86 and ARM, and will be optimized for mobile devices.

InfoWorld was able to catch up with Simon Crosby to find out more information about the new stealth company and some of Bromium's future plans.

InfoWorld Virtualization Report: Bromium's three founders are extremely well-versed in the virtualization industry. How did you all come together?

Simon Crosby: Ian and I have known Gaurav since he built the Phoenix Hyperspace BIOS implementation of the Xen hypervisor, which was launched in 2007. It was an extremely innovative system, and much of the thinking that went into it shaped the design of the currently shipping XenClient XT secure client hypervisor.

After he left Phoenix, Gaurav put together an architecture and initial implementation of a system that permits granular control of execution, with the specific goal of permitting policy-based security. He, Ian, and I decided to combine forces to create Bromium, pooling our deep systems focus on virtualization to develop a wholly new way of looking at endpoint security -- one in which the hypervisor can be used to mitigate the effects of even zero-day attacks.

InfoWorld: Bromium has quite an impressive background of board members and VC firms. What was it that attracted them to the company?

Crosby: Securing computing infrastructure (both client and cloud) is the most important challenge in the adoption of cloud computing, and enabling enterprises to adopt a more consumer-led approach to IT. Recently, the spate of new attacks on enterprises of all sizes has left the ecosystem staggered at the thought of escalations in cyber warfare and surveillance. Bromium has developed an extremely innovative and novel way to use virtualization to crack some tough security challenges.

The technology applies to clients and clouds, and it could have a profound effect on infrastructure security generally. But to succeed, it needs very deep systems expertise in security and virtualization. Our founding team has that, and our board brings in addition the business and investment experience we need, so it's a perfect combination.

Many of us have worked together before, and there is a level of trust and understanding between us that allows us to work together on hard problems, in a highly focused way.

InfoWorld: Cloud computing continues to thrive and analysts are predicting that its usage will continue to climb. This was a major topic at Citrix Synergy this year, and it's something you have been talking about for quite some time now. As you leave Citrix to begin a new adventure, what are your thoughts on the cloud's ongoing trend?

Crosby: Cloud computing will continue to have profound effects on both enterprise IT and on the consumer. Most enterprises think that "cloud" is synonymous with the ongoing process of greater automation and self service access to IT, via virtualization. We think of it the other way round: The cloud that is having the most dramatic effect on IT is the one that we adopt as technology consumers -- perhaps we can call it "the cloud in my pocket" -- in which consumer adoption of smartphones and tablets is having a dramatic effect on IT. Cloud computing is leading us into the post-PC era, and that has enormous effects on the client world, as well as server.

InfoWorld: Bromium is still in stealth mode, but the company seems to focus on the security aspect of cloud computing. Why did you decide to make that your focal point?

Crosby: Bromium is focused on the delivery of infrastructure solutions that permit enterprises to safely embrace two major trends in IT: consumerization and cloud computing. The rapid growth of new device types and consumer-driven device, app and network choices, combined with increasing mobility and the need for "anywhere, anytime access" to enterprise data and applications, poses a significant risk to the enterprise.

The rapid adoption of cloud computing leaves enterprise data and applications vulnerable to attack. Bromium's technology will permit the development of a powerful set of solutions to these problems and deliver a more trustworthy computing infrastructure.

InfoWorld: So what are the next steps for Bromium, and what are your plans for this newly announced round of funding?

Crosby: Bromium is tackling some very challenging problems. The first order of business will be to close the door to the world and build real products that we can show to customers. We're hiring in California and Cambridge, U.K., and we are developing our road map. It will be quite a relief to get the fuss over with, so we can get on with building a real system.

I've been asked why we raised so much money. The answer there is easy: Developing hypervisor-based systems is expensive. We need real hardware and have to produce complex software that works well on a broad list of systems from OEMs, and test and QA are very substantial challenges.

This article, "Startup aims to secure application clouds and virtual desktops," was originally published at Follow the latest developments in virtualization at For the latest business technology news, follow on Twitter.