In the early 1990s, while helping rebuild Kuwait after the Gulf War, Manuel Medina sensed that technology was about to take a huge leap forward.
“By the mid-’90s, I was totally hooked on the internet. I just felt that internet was going to change our lives,” Medina told Yahoo Finance. “So I wanted to find a way to be able to play in this field. And I started by doing what I knew, which was the infrastructure.”
Medina, now 65, embarked on a 20-year journey that would lead him from building physical infrastructure for the emerging internet to building digital infrastructure to protect ubiquitous data.
‘It would take 17 hops to Chicago’
Medina, then CEO of Terremark, began building infrastructure for telecommunication companies in the form of “telecom hotels” — facilities where various internet carriers could rent space. By 1999, the growing industry needed more and more bandwidth to make the global internet more efficient.
The carriers asked Terremark to build a massive data center in Miami to serve as an exchange point for data traffic from Latin America. The Network Access Point (NAP) of the Americas, which opened in 2001, quickly became home to more than 80 network service providers and carried about 95% of the traffic between Latin America and North America.
“If you were in Panama on the 9th floor of a building, and you were sending an email to someone on the 10th floor of the same building, it would take 17 hops to Chicago, exchange, and then come back to the 10th floor,” Medina explained. “What we did is solve that. We created this neutral exchange point, and all of the carriers connected to the fiber ring at the NAP. We solved a major latency issue if you were anywhere south of Key West.”
The Cuban-American businessman had realized, before the internet became globally integral, that the web of fiber optic cables being built around Latin America would need a nexus in the U.S.
“The analogy I used to use was: If I had the opportunity to own Miami International Airport, I would,” said Medina, who arrived in Miami from Cuba in 1965. “And people didn’t get it [the internet] because our lives weren’t dependent on it. But for some reason, I saw it, and that’s really what changed me.”
After establishing NAP, Terremark began to facilitate other operations for its clients.
“I said, ‘If you are going to exchange traffic here, then it makes a lot of sense to put your servers, your storage, and your network equipment here,'” Medina said. “‘And if you’re going to have all of this stuff here, then it makes a lot of sense for us to begin providing you with other services.'”
In 2003, Terremark began adding security to its offerings. “Once you get that trust — and that is the most difficult thing — then it’s easier to have that dialogue go up in a different direction than just ‘Let me sell you real estate.’”
‘Whatever it costs, connect me’
Terremark’s business skyrocketed in October 2005, according to Medina, after Hurricane Wilma hit Miami. The most intense tropical cyclone ever recorded in the Atlantic basin, Wilma developed into a Category 5 hurricane with winds of up to 185 miles per hour and knocked out power for 10 days.
“You had people saying, ‘Oh my God! I’m going to go out of business! I have no idea what I have,'” Medina recalled. “We actually had people coming with their servers in the back of their pickup trucks to the NAP with cash saying, ‘Whatever it costs, connect me.’ And people realized that you could no longer live without your data. So one of the most important aspects of this is that no matter what happens, you’re always up and running.'”
With the success of the NAP of the Americas, one of the most massive infrastructures of its kind in the world, Medina knew that providing that critical service would become its own industry.
Throughout the 2000s, Terremark expanded to operate 13 data centers in the U.S., Europe and Latin America. In 2011, Verizon bought Terremark for $1.4 billion and Medina stepped down as CEO. (Verizon, the parent company of Yahoo Finance, sold its data centers business to Equinix in 2016.)
‘We are at the cusp of a security revolution’
In 2012, Medina founded the global private equity firm Medina Capital to invest in ascendant technology companies. In May 2017, in partnership with private equity firm BC Partners, Medina Capital announced the creation of the Cyxtera.
The new company, composed of $2.8 billion in acquisitions, combines 57 data centers and related colocation services from CenturyLink with Medina Capital’s cybersecurity portfolio. Medina sees an evolved version of Terremark: more data centers and colocation services (but without managed hosting), better security tools, augmented expertise and investment in cutting-edge analytics.
“If I had unlimited capital, and you said to me, ‘Go build 57 data centers in all of the major markets in the U.S. and Europe and Asia,’ it would probably take me about five to 10 years to do that,” Medina said. “We’re buying this footprint that’s already existent, already having acquired a number of the software products that we wanted.”
While CenturyLink’s 57 data centers make up the majority of the Miami-based company, Medina said that integrating the cybersecurity acquisitions — Cryptzone, Catbird, Easy Solutions, Brainspace, and the January 2018 addition of offensive-minded security company Immunity (pending regulatory approval) — will be key to pushing the boundaries of securing data in 2018 and beyond.
“We are at the cusp of a security revolution,” Medina said. “The same thing we were seeing [with the cloud] in 2007, ’08, ’09 — that transformation that everyone was so skeptical about. The same thing happened with the internet itself.”
‘You cannot hack what you cannot see’
Data centers have always been central to securing the internet, and the traditional way to protect data was by protecting the perimeter — both physically with fences and access cards and digitally with firewalls and virtual private networks (VPNs). If the network’s perimeter is breached, internal company data becomes vulnerable.
But with the emergence of mobile and the cloud, access to a traditional network is potentially anywhere. Consequently, risks to a network’s perimeter have increased dramatically.
“Security is broken. It’s fundamentally broken,” Medina said, citing various breaches over the last few years. “You cannot keep doing the same thing and expect to get different results. With the cloud [and] virtualization, security is totally different than in a traditional environment. And you cannot do it the same way.”
Cyxtera Chief Information Security Officer Leo Taddeo worked on both offensive and defensive cyber operations as FBI Special Agent in Charge of the Special Operations/Cyber Division of the New York Office. Speaking to Yahoo Finance at a Cyxtera data center in New Jersey, Taddeo explained that breaches often share three themes: the abuse of user credentials, the upping of privileges so attackers could steal more sensitive data and the use of lateral movement to further infiltrate networks.
To deny those tactics, Cyxtera employs a Software Defined Perimeter (SDP) model. The company’s crown jewel is proprietary software that creates “one-to-one network connections between the user and the resources they access” with everything else invisible. The Zero Trust architecture creates a network environment much more segmented and user-specific than traditional perimeter security.
“The most interesting part of our software — what really boggles people’s minds — is that when you are allowed to those resources, you create a one-time encrypted tunnel between you and those resources,” Medina said. “And you don’t see anything else. And you cannot hack what you cannot see.”
Taddeo, who said that he was reluctant to leave the FBI before becoming an adviser to Medina Capital in 2015, said that he considers SDP to be a “game-changer” since it disrupts how threat actors can plan attacks in the first place.
“It’s much harder to change strategy than malware,” Taddeo said.
‘The adversary gets a vote’
Also known as a “black cloud,” SDP originated at the DoD’s Defense Information Systems Agency (DISA). The approach is used internally by Google, which has completely transitioned away from VPNs but has not yet made it to the vast majority of enterprises.
Cyxtera wants to bring the technology to small to medium-size businesses that need services to protect their cloud infrastructure (in addition to large enterprises with specific needs and government agencies).
“There are a bunch of normal companies that don’t want to have to focus on the latest and greatest threats, and yet the latest and greatest threats are definitely focusing on them,” Dave Aitel, CEO of Miami-based Immunity, told Yahoo Finance.
“If you’re not working for Facebook or Google, if you go a little further down the market into the bread-and-butter businesses, the future is not there yet,” Aitel added. “Even middle-size businesses that are not technology businesses have not had the opportunity to get the technology they need to combat modern threats.”
Chris Day, Cyxtera’s GM of Threat Management and Analytics, explained that working with Immunity meant that Cyxtera’s security architecture and technology could be truly tested.
“Until you put somebody with not only the right tools but also the right skill set and mindset to act like an adversary into the system and tell them ‘Go!’ … I don’t think you can ever be sure,” Day said. “And you have to do it periodically.”
The overall goal is not to prevent every single breach. That would be unrealistic since, as Day noted, “the adversary gets a vote.” Instead, the aim is to reduce the number of threats to the network and contain the damage of any breach by treating both the user and the network as potentially hostile.
“I want to be in a position where I assume that I’m going to have compromised systems in my environment,” Day said. “Our goals are to detect that compromise quickly enough so we can mitigate it quickly enough so that the adversary gains little to no benefit from that attack. And ideally, we gain useful intelligence from that.”
Aitel said that Immunity brings tools and expertise to Cyxtera with the aim of “catching a different breed of hackers. Not the standard hackers that everyone else is catching but the next level, because they look like us.”
‘It’s really the first inning’
Day, who worked for Terremark as chief security officer, said that SDP is a “foundational technology” that Cyxtera is improving with aggressive penetration testing by Immunity, machine learning applications from Brainspace and fraud protection tools from Easy Solutions.
“What I’m actually trying to do is impose a cost on adversaries,” Day added. “Then they have to work a lot harder than they do today. Because right now they don’t have to work that hard.”
Medina believes that the combination of colocation services, security tools, expertise and analytics makes 9-month-old Cyxtera “the best commercial application of SDP.” And after playing his part in building the global internet ecosystem, Medina now wants to help defend it.
“It’s really the first inning … where we were with the cloud in ’08, ’07,” Medina said. “We just had a major, major enterprise buy the software in the last quarter to replace their entire VPN. This is where I believe the revolution is happening.”
Follow Michael B. Kelley on Twitter @MichaelBKelley.