The Control Plane

Hi Internet — it’s been a while and I figured I would tell you about what I have been working on. This will be the first of what I hope will become a few posts about my current investment theme, which at a high level I call the Control Plane.

What is the Control Plane?

I define it as the set of services that give IT execs the ability to manage, monitor, scale and secure their infrastructure. There have been a few generations of Control Plane approaches over the past decade, including “Inside-Inside,” “Inside-Outside,” and most recently “Outside-Inside.”

“Inside-Inside” Control Plane

Inside-Inside Control Plane

In simpler times pre-Internet, infrastructure was self-contained and self-managed — more of a monolithic compute architecture. But as businesses came online, the emphasis was placed on the Control Plane at the perimeter of businesses, which was the easiest and most logical place to put it — think of it as a set of traffic cops at the county line.

I call this approach an “Inside-Inside” methodology, per the graphic to the left.


But the Inside-Inside approach was not architected for the future, and as Enterprise class Internet services started to take hold, the perimeter became porous. Use of Enterprise SaaS platforms like Salesforce.com and Workday surged, along with bespoke applications based on Infrastructure-as-a-Service components like MongoDB and Amazon Web Services

According to a BetterCloud* (BetterCloud is one of my portfolio companies) survey of over 1800 IT professionals, companies use 16 SaaS apps on average today, up 33% from last year. 73% of organizations say nearly all (80%+) of their apps will be SaaS by 2020 Add the Bring-Your-Own-Device and Mobile-First applications to the mix and it’s no wonder that Citrix determined the number of devices managed in the enterprise increased 72% from 2014 to 2015. This gives a sense of how complex the job of Enterprise IT has become.

“Inside-Out” Control Plane

Technology has attempted to keep up — using more and more software agents, servers and appliances to try to address the sprawl of technology.

This is largely the battle being fought today — what I call Control from the Inside-Out and it’s the state of the art that has given rise to some great B2B Enterprise investments we and others have made.

But Enterprise IT infrastructure continues to evolve — and we’re heading to a future where a heavy on-premise investment will become a thing of the past. We see the signs of this already in startups that are Cloud and Mobile First and Only. And as we move toward this new architecture, where the perimeter evaporates completely, the Inside-Out approach will no longer work.

The reason is simple; Inside-Out depends on IT being able to deploy those software agents, servers and appliances on their premises next to the applications they’re intended to control. But when those applications are all in the ether on someone else’s infrastructure — like Amazon, Google or Microsoft — there will be nothing “Inside” left to control. The challenge ahead is that IT will still have the responsibility for all that infrastructure; but will no longer have the authority over it.


In this paradigm, the Control Panel must be Outside-In based on API integration with other Cloud and Mobile infrastructure services, in the same manner as the applications themselves have become.

“Outside-In” Control Plane

Believing in the Outside-In approach, I began investing in Control Plane startups that shared this vision nearly fix years ago, when I led the seed round in BitSight, one of the first cloud-only cyber security companies.

Along with my partners at Flybridge, I’ve been looking for companies that fit this model, and am pleased with the progress to date — currently we have made five investments covering the Outside-In Control Plane, including BitSight, BetterCloud, Apiary (Acquired by Oracle 2017), NS1 and ValiMail.

There will be many other opportunities in this sector over time — as increased speeds, and technologies like micro-services and serverless give rise to an even more dynamic Internet, where management and security will continue to be core requirements.

There is also a non-technical reason why I prefer this model; it allows for companies to get to market with a high velocity sales model — targeting individuals (developers, IT admins, etc) with simple integration and time to value, supports less expensive faster cost of customer acquisition, trials and experiments, the potential for word of mouth and more viral adoption. (see this classic blog post by my partner Chip about one variation, the Developer-Driven Business Model, which remains vibrant)

While I won’t rule out investing in startups that develop on-premise solutions, I admit my perspective is also coloring how I filter new opportunities; something would really need to stand out to get past my bias toward Outside-In as the initial approach.

Comments, questions and complaints very welcomed.