• The new era of machine learning is eating up software
    Posted by Alex Niehenke on September 11, 2014

    Software companies are acquiring and accumulating ever-increasing sets of data driven by reduced costs and new database paradigms. But as my colleague Cack Wilhelm wrote earlier this week “‘Big data,’ however large, sitting idle in a data store is not adding value to an enterprise … Data must be consumerized easily for business stakeholders in order to uncover insights and drive predictions that are specific to solving each business problem.” Software companies are moving beyond just gathering retrospective analysis and instead are looking to leverage this data to better understand and predict what is to come – often by using machine learning. We call this trend of next generation set software companies “automation by algorithm” and I predict that it is going to eat up software.

    The technology of using machine learning for predictive analytics is not new. However, quick glance at Google Trends shows an increasing interest in predictive analytics. It is both interesting and important to understand why this trend is growing.

    Search Term: Predictive Analytics

    automated

    The rise of big data (both the decreasing cost and non-relational database formats) is likely the largest catalyst. But there are other factors as well, such as the proliferation of the cloud, distributed computing, and better hardware that have made machine learning algorithms faster and easier to run. There is also an organizational shift at large with cutting-edge software companies being the first to adopt. Now, smaller organizations are following the trend as they acquire the talent from larger companies. There’s also been recent innovation in machine learning algorithms, with random forest (early 2000s) and deep learning (2000s) both being discovered in the past decade.

    It is easiest to understand “automation by algorithm” by looking at examples such as our portfolio company Sailthru. It is common practice to optimize frequency of e-mail sends to open rates. This quickly becomes complex as you add dozens of possible variables (content of the email, time of day, subject, recipient demographic, pricing, etc). A data scientist may be able to optimize one instance, but the ongoing complexity means that only a machine-learning algorithm can continually optimize for the best result, incorporating feedback as performance changes. Sailthru has developed such technology (and more) allowing any customer to easily integrate this functionality without requiring in-house knowledge of machine learning. There are many alternatives when seeking an email vendor, but the ability to automate the algorithm and deliver it as an application / service is what distinguishes the company from its peers.

    Rather than broad, horizontal solutions we believe the greatest near-term opportunity exists in specific use-case applications that leverages machine learning. This allows for the strongest selection and optimization of the machine-learning algorithm specific to the use case. Further, we have noticed that companies with the largest data sets have a clear advantage and therefore the most success. The data set can be accumulated, accessed through partners, or purchased– the source is less relevant than the volume (though source is a potential for long-term defensibility). Early adoption of automation by algorithm is evident in data rich areas such as marketing and finance. However, we’ve also seen great use cases in human resources, sales, and industry specific vertical software. Without intending to be exhaustive, a few areas we have found particularly interesting are:

    Predictive Pipeline Analytics

    Back in April, my colleague Stacey Bishop blogged about our growing interest in this area. We saw that several of our portfolio companies had either too many leads or too few. Those with too many are left hopeless trying to figure out which leads to focus on. Those with too little are often challenged with understanding where they should find their next lead. We’re really excited about companies using automation by algorithm to help companies focus on the right leads and identify new leads leveraging existing customer and pipeline data.

    Customer Retention

    Managing hundreds or thousands customers is tough. Monitoring all the events that can lead to a churn event becomes impossible. Automation by algorithm can be used in retention software to predict the behavior of future customers and churn events. We are particularly excited about companies that not only leverage direct sources of data such as payment schedule, engagement, and feature requests, but also external data about that customer. For example, monitoring headcount might let you know that a sudden, significant reduction in forces could indicate financial hardship (and therefore a temporary easement on payment may prevent a churn event).

    Recruiting

    Reviewing thousands of resumes is inefficient and suffers from human bias. Meanwhile candidates are putting all their career data online, publishing their work online, and demonstrating qualifications in dozens of other ways across the Internet. The resulting data footprint holds a potential for strong insights into the recruiting process. We believe that there is a large opportunity for recruiting software to leverage automation by algorithm and change the way managers recruit.

    Credit Risk Monitoring

    Online fraud is exploding. Many first and second generation software solutions are struggling as location has become mobile and online personas have become more complicated to verify. At the same time, more behavioral, social, and other third party data is available than ever before. We are very excited about companies that are leveraging all of this data into their software and using automation by algorithm to help companies combat fraudsters.

    Note: We were very fortunate to have Xiaonan Zhao join us for the summer. Her previous experience in machine learning while at Google and enthusiasm for the area were crucial in the development of thinking. She is currently a second-year at Harvard Business School and contemplating her post-graduation plans. 

  • .
    Posted by Cack Wilhelm on September 9, 2014

    The term ‘big data’ has assumed different definitions as the industry has developed, with no universal consensus around whether it refers to the actual quantity and complexity of the data or the software and tools intended to make sense of the data – or a combination of both.

    That said, most of us can agree that the infrastructure and tools focused on tackling big data challenges have progressed steadily. I worked at Cloudera in 2010 and 2011 and, at the time, in the eyes of our customers big data was Hadoop, and HDFS + MapReduce were the main attractions. Tech-savvy Cloudera customers were just beginning to experiment with 10 and 20 node clusters, nothing like the thousand node clusters you witness today.

    Looking back over the past five years, Hadoop, NoSQL stores, and AWS have enabled very inexpensive data storage and compute, allowing companies to capture and retain more data. This data is as varied as video clips, call records, log files, machine-to-machine output, and social media streams, but taken together it is seen as an organizational asset and a competitive advantage.

    As Hadoop and NoSQL took root, other data-related trends have emerged or persisted, increasing raw data volumes and reinforcing the need for cheap data storage, including:

    • Widely accessible APIs (Programmable web)
    • Extensive public data (open government)
    • Data federation allowing data to be queried as part of a heterogeneous data ecosystem (without regard to data type, location, or functionality)
    • Data-as-a-Service (including companies such as DataSift or Clearstory Data)
    • Organizations demanding granular data, non-aggregated and non-summarized
    • Machine-generated data (anything from jet engines to Nest thermostats)

    Big Data as a General Purpose Technology

    Companies have ample internal and external data to store and they have a cost-effective way to do so: Hadoop or NoSQL paired with inexpensive commodity hardware made possible by the endurance of Moore’s law and resulting capacity improvements. To borrow an idea from The Second Machine Age, the database layer has become the “general purpose technology” and from here, companies are building complementary innovations to put the data to use, everything from Paxata for data preparation to Looker for data exploration and interaction. The next five years is going to be focused not on storing the data but on how to leverage or monetize all of this data.

    ‘Big data,’ however large, sitting idle in a data store is not adding value to an enterprise until tools exist to deliver analytics that access data in disparate locations, democratize the analysis currently performed by data scientists, and inform. Data must be consumerized easily for business stakeholders in order to uncover insights and drive predictions that are specific to solving each business problem; there is a dearth of data scientists and developers may not be informed of the underlying business questions.

    Most agree that traditional business intelligence (BI) is being overshadowed by tools that are prescriptive and predictive in addition to being descriptive or diagnostic. Ad hoc analysis and advanced visualizations are increasingly utilized alongside (or instead of) reporting and monitoring. I predict that over time simple reporting and monitoring capabilities will come ‘free’ with many software applications as a standard function, just as APIs are now free for most tools.

    Looking ahead to Automation

    With the general purpose database-level technology in place and the complementary data analysis tools maturing, the pivotal next step is closing the loop between data outputs and action. This is not action by humans but action triggered by a machine or computer. Machine learning, predictive analytics, and statistical analysis are a few emergent trends focused on making automation a reality. Just as ‘big data’ became a nebulous term, each of machine learning, statistical analysis, and predictive analytics suggests a different meaning to different constituents: for example, machine learning may relate more to algorithms or deep learning, whereas statistical analysis is associated with random forests and logistic regressions. Regardless of the nuances, each analytic approach aims to automate what was once a human-powered action made in reaction to data served up by computer analysis.

    Today lots of this is black box, as in the mathematical machinations are obscured from the user. In another couple of years, white box, closed-loop analytics powered by machine learning algorithms may well be the new general purpose technology. Context Relevant and Domino Data Labs appear to be well on their way. This trend, in turn, will enable the next crop of complementary innovations to emerge.

     


     

  • Welcome Cack Wilhelm and Rose Yuan; Congrats Ariel Tseitlin & Susan Liu
    Posted by Kate Mitchell on September 3, 2014

    In a business like venture capital, it’s all about people and how they work together as a team. That’s why I am thrilled to announce some new members of our team & two promotions!

    Cack Wilhelm has joined us as Principal, with a focus on cloud infrastructure investments. Cack was with us last summer before finishing her MBA at the University of Chicago Booth School of Business. During her summer here at ScaleVP, Cack focused on the twin themes of business processes being automated by algorithms and big data being analyzed for insight. Cack draws from her recent experience in tech sales at Hadoop company, Cloudera and before that, at Oracle. Her technology, sales and startup background is a perfect addition to our infrastructure team and our portfolio.

    Cack is also a dedicated runner, racing professionally for Nike for two years at the 5,000m distance and competing in track & field and cross-country while an undergraduate at Princeton. She already has visions of us competing in corporate challenges so expect to see more of us on the track!

    Next up, Rose Yuan joins us as Associate. Most recently Rose was an analyst with J.P. Morgan Chase in technology banking where she worked as part of the advisory team on the sale of ScaleVP portfolio company, ExactTarget to Salesforce. Rose will work with us on investments across the portfolio in the SaaS, Cloud and Mobile sectors.

    And while we are excited about the new members of our team, we continue to invest in our existing team and are proud when they succeed, since they represent the future of our business.

    Ariel Tseitlin has been promoted to Partner. He joined us almost a year ago from Netflix where he was Director of Cloud Solutions. Ariel has been a great addition to the team getting involved in all aspects of the business from joining portfolio boards, to working with Andy Vitus on further evolving our IT sector focus, and even recruiting an EIR for Scale. He has sourced a number of interesting new companies so expect us to be announcing a new investment with Ariel as the ScaleVP lead sometime soon.

    I am also proud to announce that we have promoted Susan Liu to Senior Associate. Susan has become a key member of our investment team, working closely with our SaaS team on the sourcing and evaluation of deals. She has worked on a number of ScaleVP investments including Bill.com, Bizible, DemandBase and particularly WalkMe, which she sourced directly at an industry conference.

    Finally, congrats to EIR Bill Burns who recently accepted the new CISO position at Informatica. Ariel introduced us to Bill who had been the Director of Information Security at Netflix. Bill was our most recent EIR, spearheading a research project where he examined the priorities for 100 CISOs, what innovations they’re focused on, and how they are planning to help businesses take smart risks. He hosted weekly brown bag lunches to educate us on the inner workings of information security organizations and keep us all informed on what he was learning from the contacts he has made through his work with the ISSA CISO Forum and RSA. The result from his research was insightful and continues to shape our investment thesis around security. As is always the case, our EIRs remain part of our network. Last week, Bill joined Ariel & Cack in co-hosting a roundtable dinner to talk about security with some of our closest IT relationships. Thanks, Bill, we wish you well!

     

  • It’s the longest running joke in advertising, coined by the late John H. Wanamaker: “Half my advertising is wasted; I just don’t know which half.”
    Posted by Stacey Bishop on August 26, 2014

    It’s the longest running joke in advertising, coined by the late John H. Wanamaker: “Half my advertising is wasted; I just don’t know which half.”

    Enter Bizible. Today, ScaleVP is announcing our latest digital marketing investment in Bizible. Bizible provides CMOs with performance management software to answer the question of where to direct their marketing budgets. ScaleVP has a long history of investing in successful digital marketing companies. Namely, we’ve funded HubSpot, Datasift, Sailthru, and Demandbase. And our exited investments include such names as Omniture, ExactTarget, and Vitrue. We are thrilled to announce Bizible as our most recent investment.

    Why Bizible?

    Earlier this year, we announced that former ExactTarget CMO, Tim Kopp, was joining ScaleVP as an Executive-in-Residence. In that same blog post, we highlighted the key marketing pain points that CMOs, such as Tim, consistently share with us. Arguably, chief among these pain points is the ability to quantify the impact of marketing spend. Specifically, CMOs struggle to tie this spend – and the discrete programs it supports – to net new prospects and customers. They know that their marketing programs are driving results, but without the performance data, they’re unable to discern which programs deserve the credit. Bizible solves this problem.

    Founded by Microsoft/Bing advertising veterans, Bizible sheds light on which online marketing programs are delivering the highest ROI.

    How does it work?

    Bizible connects all of a company’s digital marketing programs to their CRM system, enabling CMOs and demand generation teams to attribute revenue to paid search, social, email, display, and campaigns.

    Bizible surfaces this data through an elegant and easy-to-use interface that intuitively shows where marketing programs are working and where they’re not.  In fact, today the company announced a new product offering targeted to business-to-business CMOs that allows them to quickly:

    • Keep the entire marketing team accountable for driving revenue
    • Ensure alignment between marketing and sales
    • Shift budget to high performing channels based on downstream metrics

    In short, Bizible clarifies what’s working and what’s not. Companies that implement Bizible can identify the source of their leads and demonstrate the value that marketing delivers. Most importantly, there’s no more “wasted” advertising.

     

     

     

  • Survey Results: What is most important to CISOs?
    Posted by Bill Burns on July 22, 2014

    Advances in technology are being embraced by both security teams protecting sensitive corporate data and the sophisticated criminals trying to disrupt business. Addressing security, privacy and compliance concerns are often cited by businesses as top priorities before adopting Cloud or BYOD technologies. As a member of and advisor to Wisegate, I partnered with the IT advisory service to survey over a hundred security leads to learn what’s most important to CISOs, what innovations they’re focused on to address their most pressing problems, and how they’re planning to help businesses take smart risks.

    Key findings:

    1. New battlefields, same war. CISOs remain vigilant on the fundamentals – Malware Outbreaks and Data Breaches. Security teams confront growing risks on many fronts, from new technologies to external threat factors. Driving their security strategies are 6 technology trends and 5 top risks.

    2. Security programs prioritize risks and business alignment, but lack tools to draw the big picture. Their risks are increasing, but only half can efficiently report risk status to their Boards and internal business partners.

    3. As IT hands off infrastructure control, CISOs focus on the data. Shared risk models – a nod to the expanding universe of user devices and the dissolving enterprise perimeter.

    4. Automate all the things. CISOs push automation, orchestration to manage point solution sprawl. Consolidation and automation are top areas of focus to improve security program maturity. Three-quarters of CISOs are building or integrating solutions to address their top risks. APIs are frequently requested features in modern security solutions.

    1. Tech Trends and Risks Driving Security Programs

    Six Top Technology Trends

    Businesses are embracing and realizing the productivity benefits of BYOD, Everything as a Service, and ubiquitous connectivity from their mobile devices. One of the consequences of these shared-risk models is losing visibility and manageability on endpoints, applications, and networks. These advances have impaired traditional security controls based on traffic inspection, blacklist signature-matching, and device management. Businesses have accepted these risks in exchange for their benefits, driving innovation for alternative solutions to secure corporate data. Advances in predictive and behavioral analytics, Cloud Application Security Brokers and SecDevOps methodologies, for example, help security teams remain effective at addressing their top risks — harmful applications and the loss of sensitive corporate data.

    Five Top-Of-Mind Risks

    Five risks capture 51% of CISOs’ top concerns, and are increasing industry-wide. Two risks in particular -  Malware Outbreak and Sensitive Data Breach – account for nearly 1/3 of all CISOs’ attention. They were more important to participants than the next 6 identified risks combined. Beyond the top half, risk priorities quickly become diffuse and follow a power-law curve – indicating that security priorities differ across industries, companies, and program maturities.  See our earlier post for a “word cloud” version of top risks.

    Although Malicious Insider Threats receive a lot of press and are harder to detect, external threat actors pose a greater overall concern. Verizon’s 2014 Data Breach Incident Report indicates that only 8% of reported data breaches involved malicious insiders. Our data suggests that although the “insider threat” is a concern, it’s not in participants’ top-3. Coincidentally, behavior-based controls show promise at detecting anomalies in both endpoint application execution and activity logs — we look forward to more innovations in both of these top-risk areas.

    2. Prioritizing Security Programs, Measuring Their Impact

    Risk-Based, Business-Aligned Programs

    With so many possible ways for harm to affect a company and its data, how do information security programs prioritize what to focus on, what threats should teams address first, and when should they change their focus? Teams overwhelmingly follow “Risk-Based” approaches, and look forward about 2 years when reviewing their strategic roadmaps. As security products themselves implement more cloud-based controls (either directly or embedded within vendor products), security teams will stay agile amidst ever-evolving threats.

     Q: How do you prioritize your security program?

    Q: How far out do you plan your strategic roadmap?

    But Metrics and Reporting Impact Are Lacking

    Despite being able to identify their top risks, one-half of our participants admitted they didn’t have good ways to measure the status of these risks or how effective their programs were at address them. This is surprising and concerning – imagine trying to fly an airplane at night with your three most important cockpit indicators missing.

    Security and risk management systems are becoming Board-level discussions, government and industry regulations are also requiring better risk monitoring and controls. While many security products do provide dashboards, those tend to be specific to that product’s threats and activities. What’s needed are efficient ways to map all of this event data into holistic, business-level perspectives.

    3. Data-centric Enterprise Security Programs

    CISOs are looking to put security controls as close as possible to enterprise data, versus focusing on specific device types or threats. Information Protection and Control products (“IPC”, including DLP/DRM/masking/encryption technologies) were the #1 desired control to apply on computers, at the infrastructure layer, within applications, and on Mobile endpoints.

    Data-centric security will become increasingly important as emerging “Cloud Always” companies implement modern enterprise stacks, established enterprises refresh their technologies with “Cloud First” initiatives, and even “Cloud Cautious” companies realize the benefits of SaaS and IaaS. By focusing on capabilities and adherence to data-centric security controls instead of specific device types, security teams can support a wider range of BYOD endpoints and applications. Storing and processing corporate data within SaaS and PaaS providers becomes less risky if the enterprise manages the encryption keys. There are many operational considerations to address, such as enterprise search and key distribution, but this is a promising area to address a wide range of risks.

    4. Automating, Integrating Controls to Stay Secure

    Security teams are consolidating and automating their controls

    1. Over half (59%) marked as a top-choice proactive threat/misuse detection or automated orchestration to streamline their incident response processes.
    2. Three-quarters needed to build a custom solution or integration to address their top risk.
    3. Almost one-third (31%) are prioritizing security controls for DevOps environments. I also spoke about this in CSO Magazine.
    4. Aside from two participants planning to turn down their AntiVirus systems, security teams keep adding additional controls to their programs as new threats emerge.

    And finally, several participants remarked that they’re concerned about managing an ever-expanding set of security point solutions. Even if security teams could easily find qualified staff to run new controls, they get better efficiencies driving security initiatives via automation and APIs. This is consistent with our investment in Chef and the notion that good security posture is based on solid operational controls and consistent configuration management.

    Q: For which risks did you need to build something in-house because there were no acceptable commercially available alternatives?

    Methodology

    We met with nearly two-dozen CISOs across more than 15 industries, asking about trends, externalities, and what they’re focusing on to protect their enterprise risks. We then partnered with Wisegate who surveyed their members to get a broader, in-the-trenches perspective on security practices and strategies. This increased our total, usable sample size to just over 100.

    There was strong consistency between both data sets and we saw some “spreading” amongst priorities, implying that both program maturity and product choice is alive and well within the Information Security market. We also collected attributes about InfoSec programs and heard glimpses of what makes security programs successful. I will be presenting more details on these findings at the Gartner Catalyst Conference in San Diego August 11, 2014.

    We hope these findings are helpful to both enterprise security teams and security startups contemplating new approaches. We’d like to thank our CISO survey participants for their time and insights, and Wisegate for their expertise. Future InfoSec opportunities are large, defenders are eager to gain new capabilities, and the market is ready for new innovations to disrupt the status quo.

  • .
    Posted by Alex Niehenke on July 2, 2014

     In our last entry we discussed the benefit for early-product, SaaS companies to initially target the SMB market with the goal to move upmarket and capture larger accounts over time. While this presents a smoother entry into market, it creates a new set of challenges including: when to move upmarket? And when the timing is right, how does one move upmarket? As investors and board members we work with our companies closely through this growth. It is a broad subject that could be covered in many chapters of a book. Instead, here, we have asked some of our portfolio executives to share lessons from their own experiences.

    How Do You Know When To Move Upmarket?

    • My belief is this process works best when it happens organically. It will happen when enterprise customers are not having their needs effectively met by other providers and may often ask you to partner with them on building the functionality. Making those first few enterprise customers successful at whatever cost is essential for building your brand and word of mouth. –Tim Kopp (@tbkopp), former CMO, ExactTarget & WebTrends
    • Don’t get lured into going upmarket. Get pulled. Make sure you first have a strong base of smaller clients. They are references and sources of learning that will be part of the foundation that you build on. If sales start coming in, soak up as much knowledge as possible in terms of what the success factors have been, and allocate more resources towards the effort, wherever you need them most. Be disciplined about not signing a client that’s much bigger than what you are capable of delivering. –David Blanke (@davidmblanke), COO, Sailthru
    • Don’t hire an enterprise sales team until you have proven the ability to sell and service the demand. Don’t staff up on the promise of great meetings and an overly optimistic pipeline. While it’s a bit of a chicken and egg situation, it’s better to wait until the signs of success are proven with deals that close and successfully go into production. If you do it right, you will see a steady increase in the size of the customer and deal size before you ramp up spending in sales and marketing. Zack Urlocker (@zurlocker), former COO, Zendesk
    • Go deep in verticals and establish a great brand name which will begin to generate a lot of inbound interest and excitement from larger prospective customers who hear positive buzz about your products. –Nate DaPore (@peoplematterceo), CEO & Founder, PeopleMatter

     

    What Are Some Tips, Tricks, and Lessons From Having Moved Upmarket?

    • Use a land and expand model of inside sales for hunting to get a ground swell and then take it back to corporate and standardize with field sales. Large centralized deployments are hard to win so don’t waste valuable selling time going direct. Hire entrepreneurial salespeople with business development DNA. Finally, don’t hijack the product roadmap for one large customer’s unique requirements. It must work for the masses initially. –Dave Berman (@daveberman), President, RingCentral
    • Spend time with your five largest customers to understand why they are happy and paying. Basically, make sure you understand the pain points that compelled them to act, who they evaluated competitively, and what is not working about your product. -Rene Lacerte (@rlacerte), CEO & Founder, Bill.com
    • Begin working on building your brand, thought leadership, partner ecosystem, agency relationships and deep vertical expertise that enterprise accounts require. Perception is reality. –Tim Kopp (@tbkopp), former CMO, ExactTarget & WebTrends
    • Enterprise customers definitely put stress on an organization. Their expectations on are much higher than mid-market or SMB customers. But they are also much more willing and able to pay for premium support, training and implementation services. You should be able to introduce and staff some of these premium services with commitment from enterprise customers to pay for them. For example, many enterprise customers may be willing to pay for the attention of a talented Technical Account Manager. –Zack Urlocker (@zurlocker), former COO, Zendesk
    • Sign-up great SMB companies that are going to grow and you will be able to grow and scale with them. -Billy Bosworth (@billy_bosworth), CEO, Datastax
    • To achieve success, tight cross-departmental coordination is necessary. Otherwise, one piece gets ahead of another, where sales is selling a product that marketing is not messaging or new clients are coming on board that can’t properly be handled by your client services team. –David Blanke (@davidmblanke), COO, Sailthru

    One executive summarized the upmarket timing simply with “you will know.” In board rooms we often get asked whether it is time to start pushing upmarket. It is a much more organic path where you get pulled by staying close to your customers, having an open line of communication internally and externally, and strategically investing in your product and organization as the upmarket demand increases. The methodical approach also allows you to pace the disruption of an incumbent, making it harder for them to swiftly react.

  • A look at the social and technological trends that are most impacting information security programs
    Posted by Ariel Tseitlin on June 25, 2014

    During this past quarter our current EIR and security expert Bill Burns has been researching and building an investment thesis around the enterprise Information Security space.

    We set out to determine which social and technological trends most affect information security programs, and how security organizations protect their corporate and customer information as companies evolve and adapt to these trends. We also wanted to see what changes in the threat landscape are impacting InfoSec teams and what perceived market gaps exist – e.g. problems without good solutions. It’s not uncommon for security to lag behind technology innovations, and different organizations have different risk appetites, budgetary constraints, and regulatory mandates.  All of these factors affect how teams manage security and risk within a particular organization, and create opportunities for innovative startups.

    I’m excited to share some of Bill’s early results and give back to the security community that has helped us so graciously with their time and insights.

    Giving CISOs a chance to nudge the security marketplace

    To understand what market forces are at play within the security space, we reached out to nearly two-dozen CISOs across 15 industries. We wanted to know how their security programs are maturing and being disrupted, how effective CISOs are at dealing with substantial changes to their attack surface and sets of controls, and we wanted to know what “keeps them up and night” and how they’re meeting that challenge. What we heard in these interviews was refreshingly candid and insightful. They shared what controls are working, where they see concern and opportunities ahead, and what they’re strategically focused on going forward.

    What Keeps CISOs Up At Night?

    Regarding these top-of-mind risks, the consensus was that teams want to approach security more as a “science” as less as an “art”. Security organizations were looking to:

    • automate, standardize and manage their most important assets in their organization
    • find systematic ways to respond to changes in the ecosystem, integrate their solutions together and have the tools make sense of the data they already are getting
    • build baselines of what’s “normal” to, hopefully, discover earlier when things are “abnormal” and require more thorough analysis

    We also asked CISOs to identify external forces most likely to affect their security program strategy in the near future. It’s not surprising that Mobile Computing, and Cloud technologies (both SaaS and IaaS) were top security forcing functions, since they’re also top-of-mind for CIOs and organizations to improve employee productivity. Increases in Regulatory/Compliance pressure also ranked highly.

    Securing Agile / DevOps methodologies also was top-of-mind for CISOs, which is encouraging. Our investment in Chef has shown that enterprises are adopting automation rapidly, and it’s great to see security teams embracing this trend to deploy security controls more consistently and continuously. We anticipated going into the research, and the participating CISOs confirmed, that automation and API-level access will become table stakes for security products going forward, to support a new level of interoperability and customization.

    The use of BYOD and “Shadow IT” also scored as top concerns for many participants. These two technologies are managed by end-users, which causes concern for those typically assigned to protect the data being processed and managed. Data breach reports such as Verizon’s seminal Data Breach Investigation Report and post-mortems from high-profile incidents frequently implicate poor security controls on endpoints and attackers socially engineering persons to infiltrate companies and exfiltrate their data.

    • The concern from CISOs over BYOD was around usability vs. protection. Applying traditional enterprise security controls on a consumer device frequently affects the “consumer” experience that makes BYOD so popular in the first place. The CISOs we polled weren’t completely satisfied with the choice of products in this space, so we continue to see opportunity here as companies seek a balance between the need for visibility and protection versus the benefits of supporting innovative devices. In a later post, we’ll cover the divergence between “endpoint security” vs. “network security” – there was no clear winner-take-all approach articulated by participants. If your company is working on a better BYOD mousetrap, we’d like to hear from you!
    • And finally, Shadow IT is still seen as a challenge for Information Security teams to manage. Security teams are still concerned how best to effectively strike the right balance between monitoring for risky behaviors, blocking “unsanctioned” applications, and maintaining regulatory compliance…while adopting the efficiencies inherent with SaaS cloud applications. The good news is that there are many choices in this space, the problem is choosing which product has the specific feature set you need. Eventually some consolidation is likely in this space since many of the CISOs we spoke to wanted key features from multiple vendors.

    We also measured trends that have the least effect on security priorities, and those were more industry-specific. What matters least to a highly-regulated government contractor (that can afford to lock down or prohibit BYOD) is different from a fast food restaurant chain that doesn’t write custom applications. Choice is alive and well within the information security market!

    What’s next?

    We’ve just scratched the surface on the insights we’ve gleaned from our initial survey. We’ve partnered with Wisegate, a next generation IT advisory company, to create a streamlined version of this security questionnaire and open it up to a broader audience.  For more information on Wisegate and a to see a list of their community-based public reports, please visit here.

    Bill shared some of early insights last month at the Rocky Mountain Information Security Conference. We’ll be sharing more of these research results this quarter as this research project wraps up, including the security market segments that we find most interesting. Stay tuned!

  • How do you know when you’re about to get to startup heaven, scaling up fast and reliably?
    Posted by Sharon Wienbar on June 18, 2014

    A version of this article previously ran in Entrepreneur.

    How do you know when you’re about to get to startup heaven, scaling up fast and reliably? A company’s growth curve can head in a variety of directions, not just the lucky, up-to-the-right hockey stick of explosive growth.

    At ScaleVP, it is our business to figure out exactly when a company can use our money to grow to the heavens, or when it’s best to keep the burn low. The checklist below is based on insights we’ve drawn from our due diligence over more than a decade of helping to scale a number of successful startup companies.

    1. Product

    Do people want to buy what you have to sell? In Silicon Valley speak, that translates into having achieved “product-market fit.” At this point, you’ve tweaked your product (service, solution) and have a standard version, and maybe a few options that are appropriate for the bulk of your market. Signs that you haven’t yet achieved this state include products that are customized for each customer, need a lot of customer support, have negative margins, get poor customer reviews or do not get used after purchase/installation.

    Do not confuse having a “minimally-viable product” (MVP) with being ready to scale. Eric Ries of LeanStartup fame coined that phrase. An MVP is used to test-market your product before it is built so you know what to build without wasting precious resources on building the wrong features. You need real products to scale, not a mock-up.

    2. Price, packaging and positioning

    These three P’s are related to your product, and describe the bundle of attributes that you are taking to market. You better have these nailed down before scaling, too.

    • Price: This includes not just the number you stick on the pricelist or tag, but the pricing methodology. Pay upfront or subscription? Charged how often? Freemium, premium or free trial? Volume discounts? Lots of add-ons, or all-inclusive? This blog post, from my colleague Stacey Bishop, offers tips for current software pricing strategies.
    • Packaging: It’s easy to understand when it’s physical goods, but many products have packaging, which describes what’s included with the product. Does your software come with storage, support services, integration, installation or implementation? What’s in the premium versions versus the basic product? If you’re selling a physical product, is delivery included?
    • Positioning: This is how you describe your offering. It’s not your tag line, and you may never utter these words exactly, but it’s a single statement that places your offering in its market context and clearly reflects why your product deserves consideration. A popular template reads: “For [target market], the [brand] is the [point of differentiation] among all [frame of reference] because [reason to believe].” This will evolve as your product and market mature, but you need to have a clear picture of who your target customer is and why she or he will select you. Your positioning statement is the foundation of all the messaging you will use to scale: marketing copy, sales scripts and presentations, investor pitches and press releases.

    3. Sales channel

    You have to figure out a cost-effective way to get your product to customers. Much of the money spent by startups goes towards sales and marketing (see the second chart here). Your people are relatively expensive, the programs cost real money, and oh, by the way, both people and programs interface with your prospects, so if they’re not right, you risk doing more harm than good. Scared now? Good! Do not spend a lot here before you have figured out what works.

    Your “sales channel” is the path to a successful, cost-effective sale. It includes the methodology (telesales, direct sales, retail/distribution, value-added resellers, e-commerce, etc.) and the associated processes (telesales scripts, salespeople’s backgrounds, reseller training materials, etc.) that lead your customer to say “yes.” You don’t need every component to be polished and optimized to begin scaling, but you should have a clear idea what works, what doesn’t, and most importantly, what you would do more of if you had additional money.

    ScaleVP often sees a pattern with companies on the verge of scaling: They move from the entrepreneur him/herself making initial sales to adding a couple of sales people, then a manager with another small handful of sales people. That point where you have built a small, competent team that executes flawlessly is exactly when you know you have the recipe for success and are ready to scale.

    4. People

    Sales isn’t the only department that needs to prepare for scaling. As the entrepreneur and leader, you need to be ready to scale. This usually means you have hired some top talent to support you in key functions, and the team as a whole has the capacity and clear direction to take on the challenges of extra business. Your company needs to be able to service existing customers consistently and simultaneously attract new customers, and keep all of them happy.

    Engineering needs enough leadership to keep driving innovation, while the business team is closing more deals. And if you’re making a real-world product, factories, shipping departments, customer service lines and finance departments all have to keep growing efficiently as the business expands. With modern software-as-a-service solutions, many of these functions can be automated inexpensively.

    If part of your organization is fragile or broken, you can be in startup hell — frazzled, inefficient and stalled. You either won’t attract needed startup capital, or if you get it, you won’t spend it effectively. So ask yourself, “Are we all ready to scale?” using the checklist above. If you are, we could be seeing you soon.

  • Focusing on reducing churn now will strengthen revenue growth quarter over quarter
    Posted by Zack Urlocker on May 20, 2014

    A version of this article previously ran in GigaOm.

    In my career, I’ve worked with a number of SaaS startups to help them refine the efficiency of their operations. One of the things that is often neglected is customer churn. Early focus on churn helps build discipline that becomes even more important as a company grows to $100M or more in revenues and can be a huge factor in driving growth.

    In the bad old days of on-premise Enterprise software, a startup was considered to have traction when it got its first dozen paying customers. These were typically large six figure deals, and required a lot of heavy lifting to get the customers into production. Not surprisingly, every employee knew who the early lighthouse customers were and what they needed. While the old school field sales model was not particularly efficient, it had the virtue of driving an organization towards making early customers successful.

    The irony of high-volume SaaS sales is that when you have hundreds or thousands of customers, things can become rather anonymous. The more customers you have, the harder it is to keep a pulse on what people are really doing with your product. As a result, it’s harder to make sure customers are using your product correctly. And if customers aren’t successful in using your product, they churn.

    Having churn is like rowing a leaky boat. After a while, you spend more time bailing water than rowing and you’re not going to make much forward progress. By contrast, organizations that focus on reducing churn will find that their revenue growth gets that much stronger every quarter.

    Break it Down

    To accurately measure what’s going on, you should begin by breaking out churn (customer cancelation) from contraction (a downgrade in spending). Some customers may downgrade in accordance with seasonal business, such as is common in the retail sector. You should measure downgrade and churn separate from uprades and expansion; otherwise your net growth numbers will mask problems that are bubbling below the surface. If your SaaS product has different editions (e.g. Basic, Pro, Enterprise) you should watch for downgrades that suggest customers are not seeing the value in the higher-end features.

    It’s also worth paying attention to churn and contraction by customer segment. In most SaaS businesses, churn is highest in low-end customers. Some of those smaller customers will inevitably be acquired or go out of business. Over time, if you move upmarket to larger SMB or Enterprise customers, low-end churn becomes less significant. Customers who spend a lot of money usually have greater commitment and resources for working through any speed bumps during implementation. They’re also far less likely to switch to another vendor with newer features.

    Understand the Reasons

    The most important thing is to understand why customers are downgrading or churning. While it’s easy to speculate, the best approach is simply to ask your customers through a combination of surveys, emails and ideally phone calls or face-to-face meetings. Remember, your purpose in doing this is to understand the customer’s experience, not to second guess them.

    While sometimes founders get defensive with customers, recognize the value of the feedback you’re getting, even if its negative. And make sure that this information is shared within the company to help come up with ways to improve your offering and provide a better experience.

    Classify your findings to determine whether it was a customer issue, a sales issue, a product issue or some external factor. Did the customer not understand what they were buying?  Did they lack the skills to implement your product?  Was it missing key features?  Did users find it too hard to use?  Were there quality or reliability issues?

    Your first line of defense in reducing churn is to make sure your product lives up to its marketing claims and that it quickly delivers value to the customers. The more people a customer uses your product, the less likely they are to churn.

    Depending on your product, it may be worth adding some introspection to help you determine usage patterns that suggest a customer is at risk of churning.  Some, like less frequent log-ins, are obvious.  If you’ve got thousands of customers, it may be worth doing some analysis to come up with less-obvious predictive signals.

    Human Touch Goes a Long Way

    At Zendesk and MySQL, we implemented several customer programs to reduce churn and benefited from below-industry churn rates. One of the key principles was that I wanted to avoid being the kind of company that only calls up customers when seeking a renewal. Instead, we built a Customer Account Management (CAM) team that worked with customers over the entire lifecycle.

    We defined a twelve-month program with regular check-ins, emails and phone calls to make sure customers were successful in using the product. The Customer Account Manager’s role was to be proactive with customers, identify any issues that were getting in their way and build a relationship of value and trust.  Through this relationship, we earned the right to additional expansion and upgrade opportunities within the customer and through referrals.

    The Customer Account Managers also kept their eyes peeled for issues that might suggest the account was at risk of churn, such as if a new manager was hired, or if certain features weren’t being used. They kept accounts up to date with information about best-practices for customizing their setup, implementing new features or learning about training that might be helpful to them, and so on. When necessary, the Customer Account Manager could call on resources in Support, Engineering or elsewhere to solve a customer’s issues. The account managers were also a great first line of communications on those rare occasions when there was downtime.

    Occasionally, fast growing customers would outgrow their initial setup. Maybe they went from a dozen users to several hundred without putting in place the proper controls or reporting. Or in some cases the person who set things up never read the documentation and did a lousy job. Regardless, we would work proactively to help customers through these situations. While this meant undertaking some modest amount of services for free, the alternative was far worse: an unhappy customer who would inevitably blame our software. In general, by being proactive, we could turn these situations around and win the ongoing loyalty of what would otherwise have become a problem customer.

    Towards Negative Churn

    In a rapidly growing business, you may experience “negative churn” meaning that your upgrades and expansion more than make up for contraction and churn. But even in this kind of scenario, it’s vital to pay attention to churn. Failing to do so leaves you blind to trends of customer dissatisfaction that may indicate fundamental problems with your product or your business model. Negative churn can easily mask an eroding customer base that leaves your business vulnerable. In a fast moving boat, even small leaks are worth patching.

    While some modest amount of churn is inevitable, you should strive to get your churn rate as low as possible and then continue to monitor any changes. If your churn rate is more than 10% annually, you have work to do.

  • Because getting the website right is imperative
    Posted by Rory O'Driscoll on May 15, 2014

    Our investment in Pantheon was announced today. Why Pantheon? It’s simple. The website is the single most important marketing asset for any company but for most companies the process of building, launching and running a business website is a mess. In enterprise software, a broken but important business process represents an opportunity for software to make things better and build a valuable company in the process.

    Why does this matter and why is it hard?

    For most businesses the website is the brand. The first instinct of a customer today is to check out a company online. For every one customer that comes to a first impression by walking into a physical building, ten or maybe one hundred others have already come to their conclusion, by going online. Marketing cannot get the website wrong.

    If building a website was something that could get done once, “nail it and move on”, this would be a fairly tractable problem but it isn’t. The pace of technology change means that website building is like painting the Golden Gate Bridge. Get it done, take five minutes to admire the view and then start again. In the last five years alone, social media, mobile platforms and content marketing have made every older website obsolete.

    The final part of the problem is that building a corporate website is a fractured process. Marketing owns the problem but the process usually involves an outside design firm, often a separate development shop, a hosting company, and an in-house group of people, all of whom have opinions and only some of whom have ability. For any CMO, “redoing the website” is a must do and a high-risk part of the job.

    A quick history of web content management

    This is a twenty-year-old problem. In the 1990’s the two big winners in this market were Vignette and Interwoven selling expensive proprietary “on premise” software products. In the past decade these offerings and these companies have stalled as inexpensive, open source and cloud based software is where the world is going.

    SaaS based products have swept the table in the digital marketing arena and we have been lucky enough to work with many of the winners including Omniture, Exact Target, Vitrue and Hubspot. These companies used the SaaS delivery model to “bundle up technology” and make it digestible to marketing departments as a service-based, business-focused offering, removed from the underlying technology. At the same time, open source has become the dominant business model for infrastructure products.

    Web Content Management fell squarely in the middle. Squint one way and web content software is a product used by developers to build great websites, and like all web developer products it needs to be available open source. Squint the other way and the process of building, launching and running a website is a core business function for the market department and needs to be managed accordingly.

    Drupal or WordPress + Pantheon

    The verdict is in on web content software and open source has won. WordPress and Drupal are the two most commonly chosen web content management systems, with 50%+ market share. These sites are then hosted either in-house, or more often on a third party hosting site that offers a simple “hosted Drupal” offering.

    This meets the developer need but not the needs of marketing. Getting a website up and running is a business process, not just a developer task. What marketing wants is a SaaS offering that will manage the build process across designers and developers, handle the code check in and check out, enforce “look and feel” across multiple sites, (most corporations have hundreds of websites, not just a single corporate site), and then manage uptime and changes once the site is launched, all from a single system. Marketing cares much less about what open source product is selected.

    Enter Pantheon and the Website Platform

    Pantheon does not build its own web content software but instead allows the developer to run either Drupal or WordPress on the Pantheon Website Platform. The company has leveraged new infrastructure technologies (an entire separate post could be written on how Pantheon leverages containers Varnish and its own file system) to be able to offer marketing departments and design agencies a product that is at rough cost parity with managed hosted services, but which offers an entire suite of SaaS tools for the management of websites. Customers come through a marketing funnel, driven by developer adoption and then can convert to paid status as the site is rolled out. Because there are always budget dollars for hosting, adoption happens quickly. The customers come for the hosting, but stay for the software.

    Team, Traction and Upside

    It goes without saying that we like the team. The founders, Zack, David, Josh and Matt have a strong technical background and also ran a website design agency. They know what it takes to get a website up and running and they have surrounded themselves with smart go to market executives. The traction is also there. Our focus at ScaleVP is – as the name would suggest – on companies where the product market fit is clear, the go to market path has started to emerge, and what is then required is scaling the business. Pantheon fits this to a tee.

    Stepping back, what excites us the most is the chance to be part of what we see as the Digital Marketing SaaS company that will manage the marketing asset that is at the center of the entire digital marketing universe, the website. We have been part of building great companies in web analytics, (Omniture), customer marketing (ExactTarget), marketing automation (Hubspot) and social media marketing (Vitrue). The website is the glue around which all these products rotate but to date there has not been a meaningful SaaS offering to help manage websites. We think Pantheon will be that company.

     

     

     

scalevp