The co-founder, chairman and chief executive officer of Check Point, and architect of the first off-the-shelf firewall, meets Paul Fisher.
Most people outside the information security circle know what a firewall is and what it does. They know it stops bad stuff and most businesses have them. The history of the firewall is short, the first technologies emerging with the flowering of the web in the late 1980s.
But it is Gil Shwed and his company's contribution to the development of the firewall that is significant. In 1994, barely 25 years old, he and his partners developed Firewall-1, the first off-the-shelf firewall to deploy stateful inspection, and it changed the market as more businesses became connected and needed an easier way to protect themselves. The success of the product made him a billionaire.
SC's meeting with that billionaire is squeezed into a tight event schedule that he and his senior executives have put together for its UK partners and customers at the newly opened conference facilities at Twickenham Stadium. We meet in a room overlooking the famous pitch. He is dressed in his trademark black t-shirt under a black suit – he looks at the pitch with little interest.
The firewall: was that luck or inspired thinking? Did he really think that the internet would change the world and the world of business?
“We definitely thought that the internet was a significant change in technology and a change in the world. We wanted Check Point to be a leading company in it. One of my partners says that when I tried to convince him to join me I said it was a once in a lifetime opportunity,” he says, looking back to what seems a lifetime ago.
“IT grew in a huge way. The internet clearly enabled that, but the magnitude of security made it more complicated. Today a typical customer uses more than 15 different vendors, tens of projects every year and that's a very high level of complexity and with it comes risk,” he says.
How uncomplicated those early days of the internet now seem – when so little was networked, with little opportunity of attack, when we thought the idea of connecting one computer with another on the other side of the world was still amazing.
Today Shwed's business is facing a world on the threshold of what seems like another paradigm shift – the end of a proprietary world and the opening of a multi-layered, virtualised cloudy landscape of everywhere connectivity. It will bring undreamt levels of convenience for individuals and businesses.
“I'm all for technology innovation and for many things cloud computing is great, but it's not necessarily one technology. I don't think there's one thing that's going to take the world over.”
“Security in the cloud is challenging. Cloud computing and security are, perhaps not conflicting, but a real, real challenge because if you trust a third party to manage your environment you are taking a big risk that's outside your control. The principal thing about security is that you try to control what's going on in your environment and you try to make it simple.”
As the world has changed so has Check Point. It has matured into much more than an Israeli security business – it's a global business. It's big, one of security's heavyweights. In the past Shwed has talked of the success of a distributed management team across its operations – is that more than just a good soundbite?
“We come from a very small country, so we must be global in our thinking and so our management team is distributed around the world. However, our leadership in each country is local – we don't have people from outside that country in management positions.”
At its heart, Check Point is still a product of Israel, in many ways a start-up nation with pioneering values, a nation built literally out of the desert. Shwed says that being Israeli does help. As he puts it: “One hundred years ago there was nothing there, not a single building. Today there's a highly modern country – not just transformed but really creative – very much like a start-up environment. I'm proud of this, but of course it's not the only reason for our success.”
He suggests that Check Point is even more Israeli now than it was ten years ago. Then, he says they didn't have the capabilities or experience of managing global companies so they had to learn. Now there's a confidence in the culture and the way Check Point is managed – and that is down to Israeli values.
“But if I look at the two biggest corporate cultures in the company, American and Israeli, they both bring unique qualities. Israelis can improvise very quickly and can handle things in an informal way, Americans are great at scaling things,” he says.
He has a lot of good things to say about Silicon Valley and that it will remain a powerhouse in terms of funding and incubating tech start-ups. “There's still a huge critical mass of investment there,” he says.
“Let's remember there is more to being a start-up than just innovating – you also need to scale – and there is still no better place to do that than Silicon Valley. It's a tough place to do business but it's very competitive. Everybody's looking for the next big thing, next big challenge or new thing,” he says.
Check Point also stands out by having three women on its executive board. Was this deliberate or did it just happen?
“It's not deliberate, I don't discriminate either way but I think it's part of the globalised nature of Check Point that we are very open and diversified and this shows itself in the kind of people that are successful at Check Point.
“Often people like to be with other people that look like them, to have the same backgrounds – but I'm trying to find people that are not like me. You are more likely to find success if you argue and eventually get polar opposites to agree. That's much more likely to be the right thing rather than just looking at it from the one angle.”
This can lead to conflict – sometimes heated. “We argue, yes, but in an Israeli way. An American might walk in and see two Israelis almost hitting each other. It's not a fight – that's usually a very well educated debate!”
Recently, Check Point surprised the industry by wholly acquiring Nokia's security appliance business, a company it had a close technical relationship with. It brought mixed reactions from analysts, some who thought Check Point would take some time to digest its new purchase. The acquisition was formally concluded in April this year, so now what, what did they gain?
“It brought us two things: first and most importantly, a much more integrated offering to the customers. Second, we got a 15 per cent growth in our size in one day. To get 300 people that already know the business and contributed from day one – that's a big step, especially as many businesses are looking to reduce their workforce right now.”
Does the apparent easing of the recession give him hope that Check Point can continue on a further path of acquisition?
“I do get a better feeling from customers and partners but it's too early to quantify that. The first quarter results were decent and showed some stability, but not turnaround. But security is alive and well and kicking, even in bad economies. The threats are higher, not lower – I've not met a single customer who says ‘you know what? for the next two years I'm going to freeze security'.”
Amid all this talk of growth and acquisitions it's easy to forget that Gil Shwed is still a young man in his thirties, and with a lot of money. Doesn't he feel like handing over the reins, maybe start something else? Maybe even in a whole new area of technology? It must be tempting...
He shrugs out his reply. “Not really,” he says. “We challenge ourselves every few years. It's good to focus. If you want to be successful, you need to focus on very few areas and we like to focus on security. We do extend what we do within security, such as moving from only network to endpoint as well,” he says.
Our meeting took place not long after the RSA Conference in San Francisco, where Art Coviello, VP at EMC, used his keynote to call for an open standard to develop security applications, which he said, had the support of EMC, Oracle, Microsoft and Cisco. Some cynics might suggest that this was nothing less than an attempt by those businesses to control the market. Shwed has his own take.
“There's nothing bad about standards, but you know the old saying in technology: the great thing about standards is that there are so many to choose from,” he laughs. “But seriously, standards for what? Security today encompasses several dozens of major fields and even more sub-fields, so what standards? I'm all for security products to work together.”
And he, of course, points to Opsec, which was a Check Point initiative to get different security products to work together around ten years ago, which now boasts more than 150 partners.
“Now, we're thinking about what the next generation of that should be. The thing is, every company, large or small, wants to innovate and not be limited to a certain framework, so the answer is not simple. It's a good thing to have more standardisation, but at the same time no one standard should dominate the industry,” he says.
“The issue with security is that you can't have just one standard for vulnerabilities, because they change. What you need in security is to protect, in an independent way, against the errors or flaws inherent in Microsoft, Cisco or other people's systems. You can't trust them to also be the gatekeeper.” And with that I think, the point was made.