Citrix buys GoToMyPc maker, Expertcity-great day for ASPs

Congratulations to Expertcity and Andreas, John, and Klaus. It has been great to work with you from a board level over the last 4 1/2 years. When the transaction closes, I look forward to writing a little more about how you were able to persevere through some tough times, launch new product, stay focused on leveraging the core screen sharing technology, and build a high growth business in a completely new market. Not only were you an early player in remote access, but you also were one of the first ASPs out there.

Expertcity is not the only ASP making headlines today. filed to go public and raise $115mm. As I mention in an earlier posting about Google and IPOs, pre-bubble, it took companies 4-6 years from their first round of funding to IPO/acquisition. During the bubble it took 1-2 years. While I am excited about today’s announcements and other recent deals like VMWare (bought by EMC) and Zonelabs (bought by Checkpoint), it is obvious that we have returned to a pre-bubble mentality and the companies that will be significantly rewarded are the ones that embody the philosophy of building real businesses with real revenue and cash flow. Well, isn’t that just business 101? Yes, and this is great news as it is something we can all understand.

Check Point makes first meaningful acquisition

So Checkpoint is going to buy Zone Labs for $205mm. Here are my thoughts on the deal. Zone is expected to do around $28mm of revenue in 2003 and $42mm in 2004. The revenue multiple is 7x for 2003 and 5x for 2004. That is pretty much in line with existing security multiples of 6-8x revenue. The more significant point is that Checkpoint made its first, meaningful acquisition. So for all of you security companies out there, add Checkpoint as another potential acquirer. Some future deals could include an SSL VPN player or network intrusion prevention provider. It seems that concerns over their revenue growth has finally hit management, and they are trying to find ways to accelerate the top line. However, I am not too sure that acquiring a desktop firewall product and competing against established competition like Microsoft, Symantec and NAI is the way to do it.

Software packaging

Om Malik (ex-senior writer for Red Herring) has been writing about the commoditization of hardware. In a recent article in Business 2.0 titled “The Rise of the Instant Company,” Om talks about how hardware has become commoditized to the point where hardware expense as a cost of goods sold is de minimis. In other words, companies can now cobble together off-the-shelf-hardware with proprietary software to create companies that can quickly and cost-effectively go after large incumbents. This is a great point and what it comes down to is that software companies can now “package” themselves as hardware plays and successfully leverage the hardware channel from a sales perspective. This is quite attractive from a VC perspective because now we get the opportunity to invest in business that can grow rapidly like a hardware play at software like gross margins (depending on price point 65-85%).

Given this backdrop, I believe that we will see 3 types of software companies in the future. The first will be companies selling expensive applications which will rely on extensive professional services to install and customize. This is the market dominated and characterized by large companies like SAP, Siebel, Peoplesoft and their ancillary professional services partners like Accenture, IBM Global Services, and other consulting companies. The second will be companies that will sell their software as a service (ASP model). These are companies like, Liveperson, and Expertcity (LPSN and Expertcity are both fund investments) which took the above market segment and made it really easy for customers to buy and in effect, removing the complexity of managing and installing the software. Finally, there will be software companies that have a componentized product that is easy to install which can and may be packaged into an appliance to leverage the channel sales model. This could mean that companies are selling their own appliance or OEMing their software to hardware vendors who in turn sell an appliance. Companies like Neoteris and Network Appliance fit this model. From a venture perspective, the sofware companies that are most interesting to me are the ones with ASP and appliance offerings. In this posting, I would like to focus on software packaged as an appliance.

While the average selling prices for companies that leverage the channel are much lower than pure, direct enterprise sales, I like the fact that these types of companies can utilize a seed and harvest model. In the seed and harvest model, companies that have lower price points can seed a number of customers with a low, entry price product and go back to them later to harvest accounts to sell multiple instances of the product. While the initial sale may not be $1mm upfront, you may be able to get $1mm in the life of a deal. The benefit for the software company is hopefully a shorter sales cycle (it is easier to get sign off for $50k vs. $500k) and the ability to leverage other people’s feet to sell your product.

From a VC perspective, I like to see companies which can leverage other people’s sales forces to grow. Yes, your company will give up some points in margin and also lose some control over customer relationships, but will hopefully make up for it in terms of more volume. For early stage companies, it is already quite difficult and expensive to sell into Fortune 1000 accounts. Many of the companies under the first model (pure enterprise license sales) need expensive direct sales forces which sell high-priced products which have long sales cycles. If the price point of your product is not high enough, then there is little likelihood of you ever building a real, profitable software company from direct sales alone. In addition, if you want to get the excitement and interest of service providers like IBM Global Services and Accenture, you better be able to drive $10s of millions of dollars of service revenue.

Just to be clear, I am not saying that software companies do not need direct sales forces as it is incredibly important in a company’s early phase of development to own the customer relationship and gain valuable feedback about its product. In fact, no matter what kind of software company you aim to be, you need to have customers to get channel partners, know what it is like to sell to an end customer, and successfully manage an end customer in order to train your channel and OEM partners. Therefore, most companies will require some form of direct sales force to begin with, but over time, I like to see the mix of revenue moving towards greater than 50% into the channel and OEM model. What this means, at least for me, is that selling $1mm software licenses with 3-6 month installation processes is not interesting and has gone the way of the dinosaur from an attractiveness perspective in terms of funding. The fact that hardware has become commoditized has really opened up new ways of selling software and building companies, ways that can be quite attractive for both entrepreneurs and venture capitalists.

Securing Cyberspace-the Government vs. the private sector

There were 2 conferences yesterday addressing cybersecurity. One was the National Cyber Security Summit in Santa Clara and the other was a smaller event in DC. While I was not in attendance, I did speak with a couple of people who participated in the events. The takeaway is that 85% of the critical infrastructure in the US is owned and controlled by the private sector. The other 15% is the government. While security has gotten better over the last few years, there are still some major holes in the system. There is a classic standoff right now as the government wants the private sector to take control of securing their networks and data while the private sector says why bother when the government’s infrastructure is not even secure. For example, if cyber terrorists took down critical DNS systems, whether or not the private sector secures its infrastructure is moot as the Internet will have massive troubles. Some in the private sector also alluded to the fact that Chief Security Officers do not have enough control as most are only VPs who report to CIOs who sometimes report to CFOs. If CSOs have no real control over budget, then how can they really effectuate change? The government, on the other hand, is threatening to take action and impose mandates for securing private infrastructure. The government wanted to give the private sector the chance to organize itself and develop its own best practices before it is forced to do so through legislative mandate. To hammer the point home, one official apparently said that the next terrorist attack could be on the information systems of a large financial services institution causing serious economic damage. Despite the warnings, it does not sound like the 2 sides made much progress yesterday. At the end of the day, companies in the private sector are driven by dollars. If these companies feel secure enough already, they are not going to rush out to spend more money for the sake of national cybersecurity. Therefore, my feeling is that Ridge and his team will not get what they want until the private sector feels pain on their bottom line in the form of stiff economic sanctions. That being said, the government has to live up to its end of the bargain and drive security in its 15% of the infrastructure as well, because as Ridge says, all it takes is one hole to compromise national security.

Hand-held device security

Hackers like to go where they can cause the most pain. As 3G rolls out in the US, you can bet that hackers will go there as well. There was a great article last Friday in the New York Times about viruses and other security issues on cellphone and hand-held devices in Japan(free site but registration required). It is clear that we should look at how Japan is dealing with this issue as their wireless infrastructure is much more advanced than ours at this point. At the same time, it seems that not many people in the US are dealing with the issue now. Having suffered attacks in the past, NTT DoCoMo has gotten proactive and not only put security software on its servers but also on its handsets. We should learn from this and prepare our infrastructure accordingly. Spam is not the major problem on these devices; think viruses that can jam the 911 emergency response system or denial of service attacks that can bring a wireless network down. What happens when we live in an even more embedded world where chips in cars, appliances, etc. begin talking to a wireless network and becomes infected with a virus?

Many of the companies that I have seen that focus on wireless security are looking at the client or handheld device level. This is the approach that companies like Network Associates and Symantec are taking with handhelds. While I applaud the effort to protect our devices, I do not believe that putting antivirus software on every handheld device is the right solution:

1. Installing antivirus software on every device is not an easy to manage task;
2. While it is much easier to constantly update virus definitions on connected devices, this will increasingly eat up precious memory and computing cycles on your device.

What is needed is smart security on the edge. This will require software that can sit on the network/server layer and in real-time inspect every message being sent from one device to another. It is not easy to sit inline and inspect every message without creating latency. In addition, the software will have to be able to prevent unknown attacks through behavioral analysis and not rely solely on signatures to prevent nefarious activity. This will lessen the need to constantly update every handheld, chew up precious memory and power, and give users an easy way to use their connected devices without headaches.

The Economy and IT Spending

It looks like the economy in Q3 grew even faster than we initially thought, 8.2% annual rate versus 7.2%. It was not too long ago that the Department of Commerce released numbers showing 7.2% annualized GDP growth for Q3. If you take a closer look, “equipment and software” spending was at a 15.4% annualized rate. I obviously have concerns about the revised 8.2% GDP growth and certainly do not believe that is sustainable due to one-time factors like tax cuts and mortgage refinancings. While it is nice to see a 15.4% annualized growth rate in “equipment and spending” for Q3, let’s not assume that this is the beginning of a huge ramp-up in IT Spending. To bolster my thinking, I like to look at a number of data points. For one, Goldman Sachs recently issued its October IT Spending Survey. Its latest survey calls for an increase of 2% spending for 2003 versus a December 2002 survey which forecasted a decline of 1.1% for 2003 spending. So it is nice to see that the trend reversed in terms of IT spending, and that it looks like there is a small rebound happening. That being said, the October 2003 survey forecasts spending growth of only 1.3% for 2004, down from an August 2003 spending survey forecast of 2.3% growth for 2004. That is a negative trend and does not promise earth-shattering returns to IT Spending in the bubble years. As Goldman Sachs mentions, hopefully there is just a lag in terms of how the economy performs and where each company is in its budgeting process. If this is the case, we shoud keep an eye out for data from future surveys.

Another data point that I look at is how the fund’s 30+ portfolio companies are performing. We have a number of companies in the Enterprise IT space selling security, storage, network management, wireless, and other related software. Some companies are performing extraordinarily well and others are close to budget. The fact that most of my companies are close to budget is a far cry from 2001 and 2002, years plagued by numerous reforecasts of revenue and expense projections. In general, sales pipelines are building momentum giving better visibility for the next two quarters. While I cannot say that all of the fund’s portfolio companies are growing like wildfire, in general the sentiment across the board is positive. As you can see, I am more in the Goldman camp of IT growth than what the GDP numbers reflect. The conclusion I draw is that even with 2% expected growth in IT Spending next year, as always, there will continue to be pockets of huge opportunity like security, business intelligence, and systems management allowing companies to protect their mission critical assets, report in real-time (or near real-time), and better manage the IT assets they already possess and do more with less. Call me a moderate optimist, if you will.

Capital Efficient Business Models

Yesterday I participated on a panel at the Mid Atlantic Venture Conference on the current venture capital market and how to raise capital. While this was a plain-vanilla panel about venture investing, there was one theme that was echoed by a number of my fellow panelists from Rho Ventures, New Venture Partners, Edison Ventures, and Cross Atlantic-today’s world requires software companies to have a capital-efficient business model. What is a capital-efficient business model and why does it make sense? From my perspective, a capital-efficicent model is one that allows a company to use as little cash as possible to generate significant growth and become self-sustaining and profitable. Growth at all costs without profitability does not get you there and neither does profitability with no growth. Finding the right balance is important. Given this backdrop, the real question is how does today’s VC generate a 10x return? Yes, that is easier said than done, but let me walk you through why it is imperative for VC investors today. During the bubble years, a $500mm to $1b exit for a software company was not uncommon. A bad deal for a VC was a $100mm sale. However, many of the software companies during the bubble years required $50mm or more to create meaningful exit value, and in many cases the companies were still not profitable. Today and into the future, I believe we will return to a sense of normalcy where a great exit for a venture investor will mean $100-200mm of value. If it takes $50mm or more to get there you are talking about a 2-4x multiple for a GREAT deal. That is not terribly exciting. A capital efficient software model should only require $20-25mm to get to profitability. With those numbers a VC could earn 4-10x their investment, even at today’s reduced values. Given my perspective on what ultimate exit values will be, it will serve the entrepreneur and venture investor well to do as much as they can with as little capital. This is doable-looking at history, Peoplesoft only raised $10mm of venture funding, Documentum raised $13.5, and Veritas raised $6mm. This does not mean skimping on growth, but it requires companies to:

1. Focus on getting product into the hands of its customers earlier rather than later-do not build the perfect product (see an earlier post);
2. Grow carefully-do not ramp personnel too far in advance of revenue;
3. Leverage offshore resources where appropriate;
4. Leverage reseller and OEM relationships (direct sales is way too expensive).

Each bullet point above deserves its own lengthy discussion, and I hope to address some of these in future postings. The impact this will have on the industry will mean that venture capitalists will need less capital for each company resulting in smaller funds and a better ability to generate multiples of invested cash for its investors. For today’s entrepreneurs, it will mean that they rethink their go-to-market strategy and remember to balance growth with getting to profitability sooner.

Chuck Prince, CEO of Citigroup

I was at the TIE Tri-State annual event in New York yesterday and participated on a venture capital panel helping young companies refine their pitches and business strategies. There were some interesting software and BPO (Business Process Outsourcing)companies that presented. On the BPO side, it was quite fascinating to hear about the types of services that companies were willing to outsource-for example, in the finance sector, basic credit analysis and research, analytics, and even some financial modeling. In today’s NY Times (free site but need to register), there is an article about teleradiology-X-ray and M.R.I. analysis being outsourced to India.

For those of you that do not know, TIE (The Indus Entrepreneurs) is a wonderful group and stands for the Indus Entrepreneurs signifying the ethnic South Asian or Indus roots of the founders. TiE stands for Talent, Ideas and Enterprise. From speaking with some of the members, it was clear that there was alot more buzz and energy this year versus last year, especially due to the pickup in the economy. Speaking of economy, TIE was able to bring Chuck Prince, CEO of Citigroup, as a keynote speaker. Chuck did a great job as he was quite funny (he had the room in laughter a number of times) and also had some interesting things to say about the economy and entrepreneurship. Here are some relevant notes I took from his keynote discussion:

*Chuck outlined his bio in more detail and fleshed out how he came to be CEO of Citigroup. Basically, he ended up as General Counsel of Commercial Credit Corporation which was about to run out of money in 1986 when Sandy Weill swooped in and bought a large stake in the company and took it public. What Chuck learned about people over the years is that the great ones have intensity, passion, and a desire to win. He said that luck helps and even played a role in his career progression.

*Chuck has no doubt that the economy will perform well for the next 18 months. However, he strongly believes that the economy is susceptible to the election cycle. No existing President wants a recession in year 3 of a 4 year term as they are gearing up for a re-election. Of course, his big concern is what happens in January of 2005 when the President is faced with how to handle the budget deficit. If the economy does not pick up in a self-generating way, we could be faced with policy that could slow the liquidity-driven growth we are now experiencing.

*Longer-term, Chuck believes the world economies will segment into 3 distinct buckets of growth:

1. Dynamic growth characterized by young populations in India and China;
2. No growth characterized by homogeneous economies such as in Western Europe that are not open to immigration with aging populations, low growth rates, and a sagging economy;
3. Balanced growth economies like the US which is open to immigration and hetegenerous from a population perspective.

Unless Western Europe rethinks its immigration policies, it will not be able to sufficiently replace its aging population with young workers to drive growth. This could result in huge problems down the road.

*On offshore outsourcing, Chuck believes that is something that is just going to happen. Who would have guessed years ago that Toyota could make better cars in Japan and ship them to the US to put the auto industry at a competitive disadvantage? It happened. The same thing will happen in the service sector. Chuck believes it is inexorable. Therefore, companies should focus on services/products that need to be done locally, those that require a physical presence. Everything else that can be done offshore will be done offshore. Please see an earlier post if you want to read more about my thoughts on using offshore resources.

*If Chuck could give a young CEO advice (business related other than focus on family and ethics), he would tell that person that execution capability is the most important trait that a CEO can possess. One needs to move the ball and get things done. He has seen thousands of people who were smart, loyal, and dedicated but could not execute or get things done on a timely basis-they were all UNSUCCESSFUL. His advice is to write your issues down and check them off. Move the ball. I couldn’t agree more with Chuck on making sure you execute.

*As an aside, he also encouraged us to read Robert Rubin’s new book titled “In an Uncertain World.” He said that Bob is a fascinating man, and that he enjoys working with him at Citigroup.