Congratulations to netForensics! We are excited to have Nomura as a new investor and look forward to them helping us with our international expansion. For those of you who are interested in security, please see an earlier posting on Microsoft and Securing the Perimeter.
I had the opportunity to speak on a panel today at the Corporate Venture Capital Summit. There was an interesting crew of speakers representing corporate-related venture activities for companies such as Hitachi, Intel, Nokia, Panasonic, Siemens, and Kodak. While one moderator cited numbers showing that the amount of corporate venture investing in terms of dollars is down 50% from 2000, in my mind, that does not seem that different from the change in the general VC market. While there are less corporate investors today, there are also less VCs. From the 3 panels today, it was very clear that the nature of corporate investing, if I can lump all the different players in one bucket, has changed. Like today’s VC, they are doing less deals. However, the deals that they are doing need to be more strategic and less opportunistic. This means that someone in a product group needs to somehow get behind the company and act as an internal sponsor. This does not mean that a company looking for funding will get a strategic partnership before a financing.
One of the questions I was asked today was how an early stage company can make a strategic investment successful. Here is what I had to say:
1. Show me the revenue-I would rather have an OEM or reseller deal than a strategic investment. Strategic investments do not mean anything if you are not going to generate revenue for your company and for your partner. In addition, when you sign a reseller or OEM contract it means that the hard work has yet to begin-an early stage company has to throw resources behind a partner to make things happen.
2. Go in with your eyes wide open-what is strategic for you may be tactical for your partner. In addition beware of deal terms that may limit your ability to be flexible. These include rights of first refusal, exclusivity, and other non-standard VC terms.
3. A strategic investment is not an exit strategy-in many cases, it could actually limit your exit opportunities as other competitors to the strategic investor may not want to partner with you.
4. Do your due diligence-how successful has your strategic investor been in setting up relationships for other companies, how much juice does the strategic investor have to make things happen?
5. Manage expectations-constant communication between both sides is key to maintain a healthy relationship.
I could go on and on here but I just wanted to highlight a few of my top of mind thoughts. Suffice it to say that looking at the 30+ companies we have funded, partnering with strategics has been a mixed bag. There have been some that have worked out well and others that have not. However, if done right, I do believe that both sides could substantially benefit from a relationship as long as there are real dollars being generated.
A number of my portfolio companies outsource development to India and other locales. When offshoring it is important to think about what can and cannot be offshored, whether management can handle it, and whether or not you open your own office with your own infrastructure or outsource completely. Given that an increasing number of companies that I come across either currently utilize offshore resources or plan on using offshore resources, I thought it would be beneficial to share some of my thoughts and experience related to this matter. Most of us end up using offshore development to work on non-core technology. For example, if you are going to offshore development for management software you may want to have maintenance of agents developed externally or a port from one operating system to another outsourced. When it comes to core architecture and design you are going to want to keep that in headquarters. Some companies make the mistake of trying to own it all and build their own team and own infrastructure from the start-if not done with the right personnel, this could be a disaster. Generally speaking, you may be able to outsource more than non-core development. In addition, for most companies, I recommend that you initially hire offshore development firms rather than build your own in-house staff to develop product. If it works well, you should have an option to eventually buy your partner out and turn your consultants into employees. If it does not work out, you can always end the relationship without incurring any upfront cost.
When accounting for the total cost, you want to make sure that you have your offshore development managed appropriately. Make sure you have the right project lead offshore, preferably one that your management team has worked with before. In addition, make sure your onshore management team can stay on top of the process as well. This will mean someone in headquarters whose prime responsibility is managing the offshore project. Offshore outsourcing will also require some face-to-face time every quarter. The big difference in doing it yourself versus using offshore consultants comes down to managing risks, speed to market and upfront costs. Doing it yourself will take more time and requires an upfront investment to set up an offshore subsidiary, open an office, hire talent, pay for infrastructure and equipment like computers, phones and T1 lines, and pay for benefits. While the monthly difference for making the upfront capital commitment is about $2k per employee (a big difference when you are talking about $1.8-2k in-house vs. $3-3.5k with partners), most companies cannot properly build their own offshore team. In the cases that I have seen work, my fund’s companies ended up sending over a core team of developers that wanted to move back to India. This gave us instant critical mass and the all important transfer of corporate DNA and culture. In general, I am not in favor of having an early stage company open their own offshore office without a number of existing employees making the move or without significant experience from the team in managing offshore relationships. Over time, as you build experience and successfully develop product with your offshore partner, you can think about moving this personnel in-house. Even if you do not have your own offshore resources, make sure that your offshore partner spends significant time at company headquarters (usually a couple of months) to gel with your team and understand your business, technology, and culture.
While the logical resource to offshore is either non-core technology or customer support, some of my fund’s companies have begun to experiment with offshoring pre-sales and back office finance. During the last 3 years, I have had the opportunity to watch one of the fund’s portfolio companies headcount go from 100% US to 70% India/30% US. In addition, I have been able to watch higher value added functions get outsourced. For example, when it comes down to presales, it does not matter where you are if you understand the product and can articulate the need for it. At $6-8k a person versus $40-50k a person here, you can drive substantially more call volume and qualified leads offshore than you can onshore. It may not make sense if the offshore team is not your own as one of the big problems facing companies in India is employee churn. The more educated and higher quality resources that can speak excellent English are also the ones that are most hirable to other companies.
These are just my two cents and will continue to get refined over the next few years. I am curious to hear your thoughts about offshore outsourcing and whether or not you are offshoring more than customer service and technology or if you have any unique model for this process. In the end, it is very clear to me that venture-backed companies that can properly leverage and manage offshore resources will have an incredible advantage moving forward. As more companies take advantage of offshore development over time, this competitive edge will diminish and simply become a necessary way of doing business.
“This is not about competing with Microsoft. This is about addressing the impediments holding Linux back,” says Chris Stone, Novell’s Vice Chairman in the office of the CEO. What a great quote! I have worked with Chris in the past having invested in his prior company, Tilion. Chris is a smart guy and thinks big. Who in their right mind will tell Microsoft that they are competing directly with them? But let’s face it, Novell’s strategy is to ride the Linux wave by offering a complete enterprise stack which includes server, messaging, access control and eventually desktop. Yes their desktop products acquired from Ximian and SuSE are immature and resemble a server trying to become a desktop OS. However, with time, I do believe that Novell’s ultimate goal is to get on the desktop of corporations. As for IBM’s $50mm investment in the company, who knows, but that could be a stepping stone for a possible acquisition if Novell is able to pull off its amibitious plans. At Tilion, Chris tried to revolutionize the supply chain industry by creating an on-demand view of the supply chain leveraging new technologies like XML. Backing Tilion’s vision in a December 2000 article from Internet.com, Eric Schmidt, now CEO of Google, commented, “Tilion finally allows large enterprises and exchanges to go beyond the simple enablement or automation of B2B transactions. Tilion allows you see into systems which were designed to be closed. This kind of net service will be what justifies the huge investments in B2B infrastructures and technologies such as XML.” We did not get very far with that vision as the supply chain market dissolved along with the rest of the software industry in 2001. It will be interesting to watch Novell during the next couple of years because we all know that it is about execution, and if Chris and Novell pull it off, it will be a big play. Of course the odds are stacked against them.
Like individuals, every company has its own DNA. Every company possesses a unique team with a unique culture, rhythm, and way of doing business. What many of us forgot during the last few years is that it is awfully hard to change one’s DNA. What do I mean by that? Well, a number of companies big and small attempted to recreate their business models by morphing from either a consumer-focused company to an enterprise-focused company or from a hosted software company to a licensed software company. The problem is that one cannot just decide to make a strategic change and expect the whole company to follow suit. For example, selling to consumers and selling to enterprises are 2 completely different models. It requires different sales people, different marketing, and different product management discipline. How can a company that does not have this talent and DNA expect to compete with companies who do? Many companies selling software in the enterprise space have a hard enough time getting customers. Changing from a hosted software model to an enterprise licensing business is not any easier. While you may be selling to the same customer it will require some drastic changes in how you develop, sell, market, install, and ultimately support the product.
I am not saying that this cannot be done but it will require more time and money than you initially think, especially because something called DNA will have to be changed as well. As you know, changing a company’s ingrained culture is not easy to do. This lesson equally applies to large companies as it does to small. Yahoo’s announcement that it was shutting down most of its enteprise business is a recent example of this. Another example includes Ask Jeeves sale of its enterprise business to Kanisa. It is clear that in both cases that having a small enterprise business live within a consumer-focused company with consumer DNA did not work. So before you make any drastic changes to your business model, know your Corporate DNA and take that into account when you evaluate your execution risk.
We all know that there have been a number of issues with Microsoft’s security. We have all been bothered by the daily ‘Windows Update Available’ alert. Steve Ballmer has stated that making their products more secure is their highest priority. In fact, MSFT’s CFO mentioned that security-related issues had a negative impact on its most recent quarter delaying some very large licensing deals. So what is Microsoft doing to fix this? In MSFT’s recently announced ‘Securing the Perimeter’ initiative, the company will place greater emphasis on firewalls and other network security technologies to prevent hackers from reaching vulnerable PCs. What does this mean? Well, first of all MSFT is emphasizing the importance of Defense in Depth. Defense in depth implies that enterprises must have security in every layer of a company’s infrastructure from the edge to the center where all of the data resides. MSFT is also acknowledging that patching systems and installing windows updates as a sole method of security does not work because these methods are all reactive. In fact, most people do not even install updates and patches right away still leaving many computers and servers highly vulnerable. Selling antivirus technology (via their acquisition of Romania’s GeCAD Software) will not make their OS less vulnerable. All of these technologies are all getting better but for the most part will still not catch the newest blended threat, worm, or virus. Antivirus software relies on signature updates of attacks that have already happened and with patch management most of the patches are never installed. So Microsoft is telling us that they need an early warning signal technology to allow its customers to stop an attack at the edge before it hits vulnerable PCs and Servers.
I applaud Microsoft for getting it. Windows is an old, bulky piece of software rife with holes. While security on Windows is a high priority, MSFT has finally acknowledged that a customer needs a defense in depth strategy to enhance security and that they need to push this into enterprises. By the time a worm, virus, DOS attack, etc. reaches the desktop it is too late. If we want real security we have to put proactive defense on the edge and not just in the center. The edge means that MSFT needs to take security out to the network and yes, this is where companies like Cisco dominate. We all know that routers are dumb, and that it is time to put more intelligence in them. Yes, this has not happened yet. Right now, MSFT seems to be looking at firewalls as their perimeter defense. Even if they add Intrusion Detection (lots of false positives, data overload, most technology relies on signatures) via partnership or acquisition, it will still not be enough. In order to fully round out their strategy, MSFT should look at security management software companies like netForensics (full disclosure-i am on currently on the Board of Directors) to provide real time analysis of a company’s total infrastructure from the routers and edge firewalls to the NT and IIS servers residing in the internal data center.
How does security management software help? Most corporations spend millions of dollars buying security products yet they still do not feel secure. It is the equivalent of having a building equipped with numerous cameras (security hardware) without anyone monitoring (security management software) the activity in real time. Therefore, how will anyone really know if they were attacked, by whom, when, and where? Take this concept to an enterprise and you get the same picture-lots, and I mean lots of dollars spent on security (firewalls, intrusion detection systems, antivirus, etc.) to protect a company, but if there is no software to proactively filter all of the reams of data (gigabits upon gigabits of it) from a myriad of heterogenous devices to correlate what happened and when in real time, then a company will never really know it was under attack. Well done security management software does not rely on past events to issue warnings. For example, netForensics was able to catch SQL Slammer while it was happening. It was able to view anomalous network activity gathered from various devices like firewalls and intrusion detection systems and in real time correlate and send an alert to the user who could then shut off the port for Slammer. Of course, if one could shut that data stream off automatically as soon as it detected an issue (prevention), that would be even better. While netForensics can do this to a certain extent, many customers are afraid of having machines completely take over security control without a human filter. There is lots of buzz around prevention these days but most Chief Security Officers I speak with are not yet ready to let machines do all of the work. What happens if an automated security system causes a trader to miss a $100 million trade?
My recommendation is that MSFT should look at partnering with security management software companies so its customers can take control of their security. Adding more firewalls, intrusion detection systems, and antivirus technology alone does not make an enterprise more secure. Without a highly intelligent software layer sitting on top of and providing real-time monitoring of all of these devices and the systems and servers in an infrastructure, a company will be as secure as a building with lots of cameras and no one there to monitor it. One other reason for partnering with companies like netForensics is that MSFT has already taken a step into the management software arena with the Microsoft Operations Manager (MOM), an area they were traditionally happy to let vendors like NetIQ handle on its own.
It is easy to blame China for our domestic problems. The argument from Bush and the US Goverment is that because China is keeping the Yuan artificially low against the dollar, the US is losing jobs and running a huge trade deficit. The US Government is asking the Chinese to float its currency against the dollar to help solve this fundamental problem. However, the big issue is that our economy is extremely vulnerable to China, and there is much more at stake than losing jobs to China. By keeping the Yuan low, the Chinese are keeping our interest rates low as they are huge buyers of US Government bonds (as of May 2003, China held $121.7 billion in US Treasuries ranking it 3rd in foreign ownership behind Japan and Britain). From your economics 101 days, you will remember that interest rates and bond pricing work in inverse order. Heavy purchasing of Treasuries increases the price and conversely lowers the interest rate. If China ever decides to sell these bonds it could start a massive chain reaction which would be detrimental to our economy. One of the big reasons for this is that our country is a huge net borrower, corporate-wise, individually and fiscally. All is well and good when we are borrowing at low interest rates heavily financed by foreigners. This certainly drives near term growth. Just look at how the refinancing boom has spurred incredible consumer demand over the last year. However, given the amount of borrowing that we do as a country, we are extremely vulnerable to interest rate risk.
Bill Gross, Pimco’s bond guru, paints a scenario in which a devaluation of the Yuan could trigger some nasty consequences:
“A more likely course would posit reduced Asian and U.S. purchases of Treasuries, a diversification into Eurobonds, a stronger Yen and Yuan over the next few years, more expensive U.S. imports after a lag, a sapping of consumer spending power, gradually rising intermediate and long-term rates, a declining housing market and yes a near body blow to America’s financed-based economy for all the reasons outlined in previous pages.”
So before we get too excited about domestic growth and the great performance in the stock market this year, let’s remember that our economy is not as invincible as we may think. We are potentially vulnerable to the Yuan and other Asian currencies which are indeed overvalued and need to be corrected. When this happens and how this happens will obviously determine the effects on our own economy.
Why is this important for those in technology? Even though technology stocks have performed incredibly well this year and even though Google is talking about going public next year (see an earlier posting), I just do not want us to get too excited about a return to the earlier bubble period. Some of us may have forgotten already as you can see from this NY Times piece yesterday about investors’ appetite for risky stocks. What is important is that we do not use the market as our sole proxy for the strength of our economy as it can be deceiving. Companies still have to generate meaningful earnings and cash flow. This macroeconomic backdrop certainly has implications about what types of companies I believe will have a better chance of performing during the next few years. I hope to address this topic in a future posting.
Yes, this is old news and much anticipated.
Just one word of caution for us venture capitalists and entrepreneurs-let’s not equate this to a return to the mid-to-late 90s IPO boom. According to many investment bankers I have met with, today’s companies, unlike yesterday’s, need to have $10-20mm of revenue a quarter, be profitable now and not in 8 quarters, come from an established and not an emerging sector, and have a valuation based on real earnings and growth and not one on revenue. One additional note-many companies from the bubble era were able to go public 1-2 years from their first round of venture capital. If you assume a 2004 IPO for Google and Salesforce.com, both would have taken 5 years from their first round of venture capital. One can argue that Google could have gone public much earlier, but the point here is that patience is key. If you look at the historical data, subtracting out the bubble period, it traditionally took 4-6 years of development from the first round of venture financing for a company to go public.
Trust me, this is great news for venture capitalists and entrepreneurs, but let’s remember that when and if Google and Saleforce.com go public next year that the world has changed and real earnings and cash flow matter this time.
In an earlier post, I talk about 2004 as a year where Linux begins to make inroads on the desktop. Here is a recent article from Infoworld suggesting the same. In the article Nat Friedman, cofounder of Ximian which was recently sold to Novell, makes some interesting points.
1. It is not a David vs. Goliath battle where Linux fells Microsoft with one swift blow;
2. Desktops for Linux shouldn’t try to look like Windows.
To dive deeper into point #2, Friedman says, “What you’re doing is lying to the user. What you want to say from the outset is, ‘this is a different desktop experience, but it’s going to be easy.” On the one hand he seems to be saying this because the user experience on Linux should be better, more reliable, and more secure. On the other hand, I disagree because from a business perspective corporations usually pursue the path of least resistance. If a Linux desktop acts and feels like Windows it means that corporations will not have to train their employees on a new OS. This saves a company potentially lots of hours and $$$ and lowers the Total Cost of Ownership of the product.
Yesterday, I was in a meeting with an early stage company reviewing the product development plan with the management team. While the plan was well thought out and defined by process, there was one major problem-it would take too damn long to get a product in GA (generally available to sell!). There were 2 problems-an overemphasis on process and a burning desire to build the ‘perfect product’ at the expense of getting to market. Let me address each problem in turn.
While having the right development process is absolutely critical, I do have concerns about early stage companies being too focused on process. An early stage company’s lifeline is to outinnovate its larger competitors. In any market worth caring about an early stage company will also find other start-up competitors as well. If a company is overfocused on process at the expense of getting to market, I guarantee that it will be climbing uphill against companies that place more emphasis on speed to market. Trust me, I have seen this movie before. At the same time, I am not advocating that you build product with no process either. Balance is key!
What I saw yesterday was also a desire to build the ‘perfect product.’ This is another crucial mistake that companies can make because you can end up overdeveloping and adding features that nobody needs. Once again, an early stage company must balance between getting the right product out with speed to market. An overemphasis on the ‘perfect product’ will only land you on a treadmill chasing your competitors’ constant barrage of new offerings. Having a ‘good product’ many times will suffice and give you the ability to have your sales people sell, bring features and functionality ahead of your competition, and get real world feedback to further improve your offering. Like an old, wise entrepreneur once told me, “The perfect is the enemy of the good.”