Is this the new normal? Bay Area startup fundings hit 6-year low in Q1

  |   Allegis News

 

Silicon Valley Business Journal | Cromwell Schubarth | April 5, 2017

 

Venture industry leaders say their world continued to “normalize” in the first quarter of this year as the gap between the haves and have-nots of the startup world widened.

But the kind of normal reported Wednesday by PitchBook Data and the National Venture Capital Association might not seem like a great thing to a lot of founders.

Funding deals in the Bay Area in the first three months of this year dropped to their lowest level since the end of 2010, PitchBook and the NVCA said.

That is a little more than six years ago, when many of today’s “unicorns” like Uber, Airbnb and Palantir Technologies had yet to raise a round at a private valuation of $1 billion or more. In fact, 15 of the 50 Bay Area venture-backed companies valued at the unicorn level today were founded in 2010 or later.

There were 386 deals done in the Silicon Valley and San Francisco regions between January and March, a drop of 28 percent from a year ago. That’s down by about 31 percent from the number of fundings done in the recent peak quarter of Q1 in 2015.

The $6.7 billion invested, however, remains in the $5 billion to $10 billion range it has hovered around since early in 2014. That’s not counting the outlier second quarter of last year when local companies raised more than $12.3 billion, fueled largely by a mega-funding of Uber.

“It’s harder for things to get funded and the bar is higher than it was a little while ago,” Bob Ackerman of Allegis Capital said in an interview. “In parallel to that there is a flight to quality. Larger checks are going into those companies where there is a proven use case and demonstrated traction.”

Bobby Franklin, CEO of the venture association, said VCs have plenty to invest. After raising a 10-year high of $41 billion in new capital last year, there was another $7.9 billion raised in the first quarter.

“The deceleration of investment activity that we experienced at the end of 2016 continued in the first quarter, signifying that we are in fact returning to a more rational level of investment activity more in line with the annual growth rate of the industry over the last ten years,” Franklin said in the report.

“After seeing large pools of capital raised in recent quarters, venture investors will continue to have dry powder to deploy to the entrepreneurial ecosystem, albeit with a more disciplined approach,” he said. “Combined with a positive outlook for a strengthening IPO environment for venture-backed companies, there is much to be optimistic about in 2017.”

There were 47 exits by IPO or M&A in the Bay Area in the first quarter, led by the $3.7 billion IPO eve acquisition of San Francisco-based AppDynamics by Cisco Systems. That’s down two from the fourth quarter of last year and is the lowest number recorded since the banking crisis years of 2008 and 2009.

The PitchBook report, however, sees promising signs of more exits in the future.

“The lack of available late-stage funding coupled with the initial success of the Snap and MuleSoft IPOs could result in more venture-backed companies following suit,” it said.

MuleSoft was the first Bay Area tech IPO in about six months when it went public last month. Its stock has remained up around 40 percent since. Another San Francisco company, Okta, is expected to make its Wall Street debut on Friday as the region’s second IPO for 2017.

Allegis Capital’s Ackerman agrees that more companies are likely to follow them this year.

“You look at the public markets today and you have to think they are pretty fully valued,” he said. “What tends to happen when you have a more mature public market is investors start looking for growth and that tends to favor the IPO market.”

Find Article Here: www.bizjournals.com

Read More

Cybersecurity startups start to see slump in VC spending

  |   Allegis News, The Latest

 

 

 

Third Certainty | Roger Yu | March 20, 2017

 

Venture capital funding in cybersecurity is cooling. And it’s show-me time for startups battling for the dwindling pool of funds.

While the cybersecurity market is maturing, startups are still innovation drivers and venture capitalists are keen on finding the next big unicorns. Large enterprises’ tendency to juggle products from multiple vendors—despite their wishes for seamless, one-vendor-only solutions—leave the market perpetually fragmented. And the fact that cybersecurity threats are evergreen enables venture capitalists who specialize in the sector to operate with little regard for broader macroeconomic conditions.

Still, the ample opportunities afforded by the fragmented, constantly shifting market have bred too many me-too companies and fast followers, driving some venture capitalists to pause and reflect on the next phase. “It’s definitely overfunded, massively so,” Ravi Viswanathan of New Enterprise Associates told a panel at CB Insights’ Future of Fintech Conference last year.

Bob Ackerman, Allegis Capital founder and managing director

 

“You saw a material pause in the fourth quarter,” says Bob Ackerman, founder and managing director of Allegis Capital, which specializes in the sector. “You have too many undifferentiated companies. There’s a level of noise that develops as a result of that. … Cybersecurity is one of those areas where experience and domain knowledge matter a great deal.”

After growing steadily since 2012, venture capital funding in cybersecurity dipped in 2016, alarming entrepreneurs. The cybersecurity market captured roughly $3.1 billion of venture funding in 2016, down from $3.8 billion a year earlier, according to research firm CB Insights. The cybersecurity market will undergo a few years of retrenchment with a host of companies shutting down, VCs say.

More judicious spending

But the market is hardly mature. Money will still be spent, just more selectively. At this phase, fewer deals will be struck. But those deals will be reserved for larger companies, with proven products further along in development.

“The deal size and valuation is coming down a bit,” says Sean Cunningham, managing director of Trident Capital Cybersecurity, which raised $300 million this month for a fund to invest in cybersecurity startups. “I don’t think there’s any shortage of capital for the right type of companies. But the dollars being invested are smaller.”

Appthority is one of the companies that made Trident’s cut. Appthority, which develops mobile threat protection software for corporations, didn’t land its first paying customer until more than a year after it was founded in 2011.

Four years later, its customer renewal rate stands at 98 percent, with about 20 percent of its revenue coming from the government sector. Heartened by solid proof of growth, venture capitalists poured in another $7 million in Series B funding last July, led by Trident Capital Cybersecurity.

Sean Cunningham. Trident Capital Cybersecurity managing director

 

“You’re going to see a lot of startups out there, and good ones will rise to the top,” Cunningham says. “There’s ample supply of capital to fund them. They can get traction.”

Innovation niches

As seen in the early days of the internet, the cybersecurity market is recalibrating for a second wave of innovative technology that’s more comprehensive and cohesive. And that means more seamless products for large clients who are eager to cut down on the number of vendors.

“Companies that can stand on their own two feet, deliver value, and have deep knowledge will do fine,” Ackerman says, citing one of the companies he’s invested in, EnVeil, which uses “homomorphic encryption” to secure data in operation.

As more companies employ automation and “big data” to enhance efficiency and find new markets, data encryption products will continue to be in heavy demand.

The emergence of the industrial internet—the integration of complex machines to network sensors and software—also will breed startups eager to provide cybersecurity solutions to power and water grids, refineries and pipelines.

In May, Trident helped raise $6.6 million in Series A funding for Bayshore Networks, which develops cloud-based software that offers “visibility” into operational technology infrastructure, networks, machines and workers.

Meanwhile, the proliferation of enterprise mobile devices will continue to see vulnerabilities and pose a ripe market for startups like Appthority, Cunningham says.

Early investors haven’t gone away

That VC dollars are chasing more evolved companies doesn’t mean early-stage investing is passé, Ackerman says. “That’s where the new things get started.”

But cybersecurity, unlike more consumer-oriented technology sectors, is a competitive and difficult market, rife with startups struggling to recruit and market products.

That’s partly why Allegis funded DataTribe, a startup studio based in Fulton, Maryland. It was designed to tap into the wealth of cybersecurity-savvy technologists in the region with experience or ties to the federal government and intelligence agencies.

Ackerman also anticipates more mergers and acquisitions activity from large cybersecurity companies that may find it easier to acquire smaller niche players as they seek to add new product lines.

As venture capitalists squeeze their wallets, startups lucky enough to land Series A funding also will have to justify more vigorously their pursuit of Series B funding, Cunningham says. “And unicorns are in trouble,” he says, referring to startups valued at over $1 billion.

The Trump factor

Meanwhile, venture capitalists are hopeful that the federal government, with President Trump at the helm and promising a rollback in regulations, will cut steps in federal procurement and stay engaged in securing networks.

“We think the administration understands the value of national cybersecurity,” Cunningham says. “We’re not counting on incremental increases in spending. But we’re excited about the awareness level.”

Article found here: Thirdcertainty.com

Read More

Security and Privacy is Sometimes Suspect, but Growth of the Cloud Marches On

  |   Allegis News, The Latest

 

 

By Robert R. Ackerman Jr. | January 12, 2017

 

 

We increasingly hear that the most-discussed computing paradigm, cloud computing – especially the public cloud — is resuming its sharp rate of growth after a lull and poised to accelerate further. This is refreshing news in a world ever-more obsessed with security, underscoring that cloud purveyors are making progress in getting security right.

 

The attractions of cloud computing are obvious to those immersed in the enterprise computing arena. CIOs note that the cloud allows them to shift costs from capital budgets to operating budgets. Often, they can purchase only the resources they actually need. Cloud computing eases the process of adding or subtracting computing power on demand. And it better accommodates a mobile workforce and cutting-edge technology, such as user interface design.

But cloud computing must take additional steps to maximize privacy and security.

The belief is widespread that storing personal data, in particular, in the cloud might undermine its privacy. After all, companies that embrace the cloud lose direct control of their technology, abolishing a traditional security priority. This begs a question. Given the increasing perception of misuse of people’s digital information, is the price of cloud adoption – and the concomitant loss of proprietary security and privacy control — ultimately too high?

Happily, the answer is no. In some ways, the security offered by leading cloud vendors is superior to security at the typical corporate level. Still, cloud purveyors know they must do better still. One key step toward this end is the aggressive development of so-called homomorphic encryption, which some computer security experts have described as “the holy grail” of computer security. Customers must be vigilant, however, and invest the time to properly mitigate all security and privacy risks before and throughout cloud adoption. This is imperative not only to maximize security but to make CIOs and CISOs comfortable as they transition applications and data to the cloud.

Even though the cloud has been part of the IT arena for about 15 years, there are still lots of questions about how it works and how secure it really is. So corporate IT executives must make a point of garnering the information they need about physical security, the handling of security incidents, logs of security attacks, compliance, and backup and recovery, among other things.

How secure is the cloud? Potentially sensitive data is at risk from insider attacks, but competent cloud vendors are in a position to close that hole. And despite the explosion of high-profile cyber attacks costing major companies billions of dollars and loss of customer loyalty, a number of them didn’t directly penetrate the cloud or the data center. Rather, they compromised end points, such as end user laptops, payment terminals and myriad Internet of Things (IoT) devices. An improperly used device or inadequate protection is all it takes to open the door to a hacker.

Meanwhile, in the productivity-obsessed business world, companies continue to spend aggressively to move into cloud computing. According to Gartner, the growth rate of corporate spending on the cloud began rebounding last year – up 16 percent to more  than $200 billion globally —  after slowing in 2015 and has moved beyond application testing to cloud-based applications and platforms.

Another report by McKinsey & Co. projects that the biggest gains in cloud computing going forward will come from historically change-resistant large enterprises. Based on a survey of 800 CIOs and IT executives worldwide, 77 percent of companies in 2015 used traditional IT infrastructure as the chief environment for at least one workload. In 2018, that will drop to 43 percent, the survey says. Concurrently, companies using the public cloud will grow from 25 percent in 2015 to 37 percent in 2018.

Separately, the major cloud purveyors – Amazon Web Services, Google and Microsoft — have all been opening multiple data centers in Europe, not only to expand their market but also to satisfy security and privacy-oriented European companies that want to store information closer to home.

In another key cloud computing front – innovation – Amazon has just rolled out a new service to help protect customers against denial-of-service attacks. Far more significantly, major technology companies such as IBM and Microsoft and startups such as Fulton, Md., based Enveil are also working hard on the development of homomorphic encryption to push cloud computing privacy and security to a higher level. When enterprises need to process encrypted data today, it must first be decrypted, a major security vulnerability. Homomorphic encryption would allow data to remain encrypted while being processed, plugging this security hole.

None of this should suggest that cloud computing customers can be complacent. In weighing the transition to cloud computing, they must have a clear understanding of potential security risks and set realistic expectations with their cloud provider. Failure to ensure appropriate security and privacy protection when using cloud services can lead to higher costs and the potential loss of business, eliminating any benefits.

Potential risks that must be addressed by customers in the cloud transition process include:

  • Making sure that none of the components of security fall through the cracks. Responsibility over aspects of security may be split between the cloud provider and the customer. Failure to allocate responsibility clearly could create security holes.
  • Making sure that your cloud service provider conducts thorough background checks on employees with physical access to data center servers. Also affirm that data centers are frequently monitored for suspicious activity.
  • Making sure your cloud provider appropriately protects the privacy of data subject to the legal requirements of regulation, such as The Health Insurance Portability and Accountability Act (HIPAA).
  • Making sure the identity of users is established with certainty. Remember that cloud resources are accessed from anywhere on the Internet. Strong authentication and authorization are critical.
  • Making sure that the cloud provider has appropriate certifications in place. Customer efforts to achieve certification may be futile if the cloud provider cannot provide evidence of its own compliance with requirements. There can also be problems if the cloud provider doesn’t permit audits by the cloud customer.
  • Making sure security breaches are handled professionally. The detection, reporting and management of security breaches may be delegated to the cloud provider, but these incidents impact the customer. Negotiate notification rules so that you are promptly and fully informed of problems.
  • Lastly, bear in mind you are tied tightly to any particular cloud provider, for better or worse. Applications and data across providers is not easily portable. Because it is difficult to switch to another provider, do everything possible to choose the right one in the first place.

It is obvious that the cloud, coupled with mobile computing, means that the IT landscape reaches far beyond an organization’s premises. This creates new security holes, and the explosive growth of IoT devices further compounds the challenge each and every day. The good news is that these challenges are hardly insurmountable. Strict attention to key details is a cornerstone of cloud computing security.

 

 

Robert Ackerman Jr.    by Robert Ackerman Jr. | Founder and Managing Director, Allegis Capital

 

Article found here: www.rsaconference.com

Read More

Security VCs Predict Rise In Managed Security Services In 2017

  |   Allegis News, The Latest

 

CRN | By Sarah Kuranda | January 3, 2017, 9:27 am EST

 

Security industry venture capitalists said the role of managed security service providers (MSSPs) will become more important as enterprise customers deal with a new host of security concerns.

“I see a continued significant expansion in the market for managed security services,” said Bob Ackerman, founder and managing director at Allegis Capital, a cybersecurity-dedicated venture capital firm that focuses on early-stage investments.

Driving that growth is an accelerating threat landscape, Ackerman said, which only a “small percentage” of businesses have the technical resources to handle, pushing them to turn to MSSPs.

Alberto Yepez, co-founder and managing director of Trident Cybersecurity, a fund of prominent VC firm Trident Capital that focuses on cybersecurity investments, said he sees the same trend. He said customers are recognizing that they need help and are becoming more and more willing to outsource their security, automation, and remote management to third-party companies, like MSSPs.

“This is a tremendous opportunity for the [managed security services] community,” Yepez said. “We’re seeing more and more companies that go after people that can help them deliver the solution-as-a-service. They will want the technology providers, but they want to make sure their resellers have the capability to offer their product-as-a-service and as a managed security service.”

Market confusion is also at play, Menlo Ventures Managing Director Venky Ganesan, said, as customers are inundated every day by new security solutions solving each aspect of the security problem. Customers are looking for “people with deep domain expertise” to help them navigate that landscape, he said.

The numbers show that trend is already starting to play out, with research firm MarketsandMarkets predicting the market for managed security services to grow to $35.5 billion by 2020, up from around $17.8 billion in 2015. For scale, MarketsandMarkets also predicts that the security industry overall, including all parts, will be $202.4 billion by 2021, up from $112.5 billion in 2016.

VCs expect to see a lot of growth and investment around the automation, orchestration and integration of managed security services. Those capabilities become more important as the number of vendors vying for a piece of a company’s security budget grows, and customers must implement new solutions in a way that can be managed, Allegis Capital’s Ackerman said.

“You will see more and more customers looking for more integrated solutions so they don’t have to parse all the bits and pieces and decide which they want and take responsibility for integrating them. They want fewer vendor offerings and more integrated solutions,” Ackerman said.

As managed security services grow in prominence, that market itself will begin to change, Trident Cybersecurity’s Yepez said. He said he expects to see a lot of acquisition in the MSSP space, both with other companies buying their way into managed security services and consolidation to create scale.

“It’s a great market. One thing I’ve learned is that security innovation doesn’t happen in the lab – security innovation comes from the new problems that customers are trying to solve … All these new technology platforms create new attack surfaces that need to be secured and then you need to integrate and automate them,” Yepez said. “I think managed security services will be a good market that will continue to evolve in the years to come.”

Article found here: www.crn.com

 

 

Read More

Trump Administration Needs To Set U.S. Cybersecurity Mandates

  |   Allegis News, The Latest

 

 

XCONOMY | By Robert R. Ackerman Jr. | January 4th, 2017

 

Robert R. Ackerman

Cybersecurity is the penultimate existential risk to the United States—economically, militarily, socially, and as we have seen recently, politically. The nature of cyber is asymmetric, and given the size of the U.S. economy, our reliance on intellectual property, and the leadership role the U.S. plays in the Community of Nations, we have a lot more to lose than we have to gain in the digital wars of cyberspace. We are target #1 for all comers.

While political rhetoric has been heating up around cybersecurity, for too long, there has been a lot more talk than concrete and substantive action from a public policy perspective.

The incoming administration needs to envision and enact a concerted initiative to ensure America is “cyber secure.” A well-rounded initiative would integrate:

1) Public policy requiring a flexible framework ensuring corporate responsibility, accountability and liability for their cybersecurity;

2) A national initiative, combining expertise and financial resources, to harden critical infrastructure with national economic and security implications—a national Cyber Works program;

3) Concerted support of cyber education at the high school and higher education levels to ensure a trained pool of talent to support our cybersecurity needs and efforts; and

4) A demonstrated ability to identify and respond to any and all cyber attacks targeting U.S. national interests. In essence, we need to create the cyber equivalent of a “Manhattan Project” to secure our welfare, safety, culture, and values in the uncontrolled and unmanaged domain of cyber space.

The key is that the Trump administration should set these requirements for accountability, and then let industry decide how to satisfy them. Government regulations tend to be broadly applied and inflexible—a problem in cyber, where flexibility is essential and there is no such thing as “one-size-fits-all.” So it’s best to give industry the freedom to figure out how to meet these government mandates.

Robert R. Ackerman, Jr. is the founder and managing director of Allegis Capital, a Palo Alto, CA-based early stage venture capital firm that specializes in cybersecurity.

Article found here: xconomy.com

Read More

Cybersecurity Investors Reset, Look at Changing 2017 Landscape

  |   Allegis News, The Latest

Consolidation of startups is set to repeat as venture firms take on cautious stance

In 2016 venture capitalists invested $1.6 billion in cybersecurity startups, as of mid-December, according to the most recent data available from Dow Jones VentureSource. That falls well short of the $3.4 billion take for all of 2015.
That deal-making highlighted investors’ “wait and see” approach as concerns grew about the lofty valuations companies drew in 2014 and early 2015. Cybersecurity enjoyed a boom following a series of high-profile breaches, with enterprises beefing up spending on security products as legacy security providers struggled to provide innovative services.
Publicly traded security companies had a shake-up of their own. One of the leaders, Symantec Corp., acquired Blue Coat Systems in a $4.65 million deal. Intel Corp. sold the majority stake in its security business to private-equity firm TPG.
“In 2016, you had the attempted rise of the establishment to reassert itself,” said Kleiner Perkins General Partner Ted Schlein. “You saw the old guys trying to be relevant.”
Additionally customers faced a dizzying number of startups releasing cybersecurity products. Don Dixon, a managing partner at Trident Capital, said chief security officers he speaks to want “fewer throats to choke” instead of spreading their expenses around a multitude of vendors.
“They would like to see products more integrated rather than spend a lot on systems integration,” Mr. Dixon said.
Several venture capitalists said the consolidation the industry saw in 2016 will continue into 2017, in part because of a higher number of potential acquirers.
Mature IT companies like Oracle Corp. have been active in cybersecurity for some time, but now financial acquirers like Vista Equity increasingly are raising their profile as buyers, according to Mr. Dixon. Moreover, he said industrial companies like General Electric Co. and Emerson Electric Co. are increasingly investing in “Internet of Things” software, and they could potentially become active in acquiring security startups.
Bob Ackerman, managing partner at Allegis Capital, said venture firms have grown more cautious as they learn that not all the capital has been smartly deployed.

“This stuff is really hard, and unless you know the difference, it’s easy to invest in things that are not well-differentiated,” Mr. Ackerman said.

How the industry’s later-stage companies perform in the public markets could also affect private fundraising. This year saw a dearth of cybersecurity IPOs, and investors are closely watching the likes of Okta, ForeScout and Carbon Black, all of whom have signaled they are considering public offerings in 2017.

Also looming large is how the Trump administration, as well as unforeseeable world events, may affect security trends. Venture investors said the president-elect’s muscular talk on security could translate into a boon for the industry.

“I think that you’re going to see an increase in government security spending,” said Enrique Salem, a managing director at Bain Capital Ventures. “It’s hard to imagine any way you wouldn’t, given the amount of attention it’s getting.”

But there’s a question as to how easily startups could take advantage of such government spending. Startups often have struggled to bring on federal agencies as customers because the lengthy process puts a strain on small sales teams. The Obama administration used programs such as the Pentagon’s DIUx initiative to help bridge the divide. It is unclear how the new administration will treat that issue.

Apart from federal spending on cybersecurity, investors say there are many new security concerns that startups are uniquely poised to take on. Several say they are closely watching platforms addressing new attack vectors, such as those that might affect the Internet of Things.

Others predict 2017 will be the year that automation makes significant strides in cybersecurity. Investors say they’re looking to make bets on software that could augment the limited number security professionals, who are in high demand and command high salaries.

Mr. Ackerman said that certain companies with very differentiated approaches will succeed in 2017 as cyberthreats grow and enterprises continue to increase spending on products. However he noted that beyond high-end financial service providers, many IT managers want security programs that are more integrated, and some companies may struggle in that new reality.

“It will be a tale of two markets,” he said.

Write to Cat Zakrzewski at cat.zakrzewski@wsj.com

Read More

Industry Needs Common Security Standards to Thwart IoT Attacks

  |   Allegis News, The Latest

 

 

XCONOMY | By Robert R. Ackerman Jr. | December 21, 2016

 

A silver lining has emerged in the wake of the massive and well-publicized denial-of-service attack launched less than two months ago by hackers using millions of IoT devices to cripple the websites of major companies like Amazon, Netflix and Twitter. This ambush has triggered a redoubling of efforts to focus on the need for industry-led cybersecurity standards for IoT devices.

Even some in Washington, such as U.S. Senator Mark Warner, favor an industry-based approach before seeking some sort of government IoT security standards implementation. Security-minded business coalitions are stepping up activity in this area— and the more, the merrier.

After all, it isn’t clear in the United States who is supposed to be protecting the Internet. Most IoT (Internet of Things) devices have been hooked up to the Web in recent years with little concern for security, with weak password protection or none at all. There is no formal watchdog — not the government, nor for that matter, anyone else.

Instead, every organization is responsible for defending its own tiny piece of the Internet landscape. Companies and social media hubs are supposed to invest in protecting their websites and often do, but that doesn’t accomplish much if the connections among them are severed, as was the case in the October attack.

There is no way to know for sure if an industry-based IoT unified security approach will work. But it is certainly worth a shot. We know that the highly fluid nature of cyber threats nearly guarantees that government’s traditional approach to regulation (fixed and inflexible) is almost certainly doomed to failure. I believe that the Trump administration must envision and enact a concerted initiative to insure that America is “cyber secure”—but in a broad sense, leaving the specific details to industry players. Industry participants and their suppliers should assume the actual responsibility for stitching together best practices by which to meet government mandates. Ultimately, they are in the best position to combat evolving threats.

The dearth of effective IoT security is no secret. A survey of 220 information security professionals who attended the Black Hat USA conference this year found that 78 percent are concerned about the weaponizaton of IoT devices for use in distributed denial-of-service attacks. Similarly, a survey by Tripwire, a digital security firm, found that only 30 percent of the organizations polled are prepared for security risks associated with IoT devices.

It makes sense for the business community to take the first swipe at resolving the IoT security issue. Some experts suggest some basic security safeguards that manufacturers should provide, such as a unique user name and password for each IoT device. Even more folks are talking about some sort of up-to-date industry “seal of approval” or comparative ratings system regarding the security readiness of IoT devices. The private sector also would do well to try to tap into the expertise of the U.S. intelligence and defense communities, which are rumored to have developed expertise in IoT security.

Separately, collaboration between industry experts and standards groups is already robust. The National Institute of Standards and Technology has a Communications Technology Laboratory examining security in the context of IoT and 5G networks. Other groups, such as the International Standards Organization, Underwriters Laboratory, ATIS, IEEE and the 3rd Generation Partnership Project are collaboratively working on similar issues.

At the same time, at least two industry groups — the Online Trust Alliance and a separate coalition of security firms, including Symantec and ARM Security Systems — have also stepped up to the plate to improve IoT security. The security firm coalition has developed the Open Trust Protocol to provide secure architecture and code management to protect connected devices. The OTP’s architecture uses technologies deployed in banking and for handling sensitive data on smartphones and tablets. It’s designed to work with security software to protect IoT and mobile devices from malicious attacks.

Meanwhile, the Online Trust Alliance, a non-profit with the mission to enhance online trust, has established the OTA Trust IoT Framework as the first global, multi-stakeholder effort to address IoT risks comprehensively. It includes a baseline of 31 measurable principles that device manufacturers and developers should follow to help maximize the security of devices and data collected for smart homes and wearable technologies.

What these consortiums know all too well is that a specific IoT device may not be the actual target of an attack. That device, however, might be highly attractive as a gateway to the network to which it is connected—the real targets being the valuable enterprise assets on that network.

This problem, I should add, isn’t limited to the enterprise. It can also impact home security.

Consider, for example, a smart home equipped with a garage door opener with the added ability to deactivate the home alarm upon entry. This is good for a homeowner entering his home in a hurry. The catch is that now the entire alarm system could potentially be deactivated when only the garage door opener is compromised.

The broad array of Web-connected home devices — including TVs, home thermostats, door locks and home alarms— creates myriad connection points for hackersto gain entry into IoT residential ecosystems.

While companies and industries unite to correct such shortcomings in the home and in the enterprise, individual corporate CIOs, in particular, must push to address the challenges associated with IoT security.

The most important interim step is for CIOs to create a strong governance framework for IoT devices to meet corporate security standards. Such devices, just like any other touch points, must fit within an organization’s security strategy as a whole to prevent data leakages and other privacy breaches. Proactive planning of network and infrastructure upgrades is essential to enable proactive defense.

Having taken meaningful steps already, hopefully the private sector will work toward a viable, agreed-upon solution to the current IoT security nightmare. I, for one, am confident this will happen, albeit with a time lag. Despite some shortcomings, cybersecurity overall has made substantial progress in recent years. It’s time that IoT joined the club.

Article found here: xconomy.com

Read More

Building a New Cybersecurity Startup Platform: DataTribe

  |   Allegis News, Portfolio News, The Latest

 

 

National Venture Capital Association | By Robert R. Ackerman Jr.

 

If you want to get a sense of the size and significance of the U.S. cybersecurity ecosystem in one location, a must-visit is the National Business Park at Fort Meade in Maryland. It is highly impressive and may someday serve as a stellar example of an effective new way to participate in the startup ecosystem and its venture capital brethren.

Fort Meade has been transformed from an Army base into a sprawling cyber city. Thirteen years ago, the young park had 10 buildings. Today, the square footage of the 28-building complex is roughly half the size of the Pentagon, and it is completely full. Tenants include the National Security Agency, the U.S. Cyber Command, the Defense Information Systems Agency and the cybersecurity businesses of Boeing and General Dynamics, among others.

This represents a snapshot of the breadth of the U.S. cybersecurity industry today, albeit only one relatively small piece because the private sector has come to dwarf the size of the government sector. In 2004, the global cybersecurity market was $3.5 billion. This year, it’s expected to exceed $122 billion, according to Research and Markets, which also projects that it will exceed $202 billion by 2021. Cybersecurity has become by far the fastest-growing sector of information technology. The growth of the sector is also apparent from the recent increase in cybersecurity acquisitions.

The venture capital ecosystem has responded accordingly and, along the way, has had to develop its own cyber experts internally to separate the wheat from the chaff among cybersecurity startups – a world immersed in the domain of deep science and advanced engineering and one in which expertise is essential. VCs also have to approach potential cybersecurity startup investments gingerly because too many “me-too” companies are being funded by a venture community eager to participate in one of the hottest sectors of IT innovation.

Nonetheless, the cybersecurity investment picture remains very bright. Last year, VCs invested $3.2 billion in 219 cyber startups, more than double the total funding in 2012, according to CB Insights. Last year, five of the seven (seven confirmed, nine rumored) private cybersecurity unicorns reached their required $1 billion valuations. This year, while cooling a bit, cybersecurity VC funding remains vibrant.  As the founder of Allegis Capital, a Silicon Valley early-stage cybersecurity venture firm, it’s no surprise that I enjoy the proliferation of cyber startups in the Valley. At the same time, the cyber expertise around Fort Meade has always been impressive and so I’ve invested in Maryland-based cyber startups over the years. To put things in context, Maryland has more than three times as many cyber engineers as the rest of the country combined, and many work at the cutting edge, out of the necessity that comes with national defense imperatives.

Despite this wealth of engineering and technical expertise, start-up success in the Washington D.C. Beltway has faced a series of obstacles. No startup succeeds solely on the strength of its technological prowess. Also essential to success is entrepreneurial experience, startup “know how” and a broad cross section of commercial skills, contacts and customer and partner relationships. In other words, the cyber community around the Washington Beltway has needed a mini Silicon Valley ecosystem and the Silicon Valley “playbook”.

That’s why DataTribe was created—to merge the cyber security innovation of Maryland with the startup building expertise and resources of Silicon Valley. DataTribe is a cybersecurity startup platform – a crucible in which to forge start-ups – co-based in Fulton, Md., and Silicon Valley – and one dedicated to leveraging the expertise created from working with the most advanced information technologies forged by the NSA and related institutions, as well as national laboratories.

DataTribe focuses on those areas of innovation in which government labs, out of necessity, have been innovating in cybersecurity, data and analytics well in advance of the commercial market. DataTribe’s business model is unique, partly because it is an operating company, not a venture firm, although it can provide startups with up to $1.5 million in seed capital (with follow-on participation in subsequent rounds).  It’s also unique in that DataTribe itself creates the concept for each startup and co-founds each company with a team of technologists with deep, relevant technical expertise and experience. These are teams that have “been there and done that” in production environments.  Supporting these efforts on a daily basis is an operating team of highly experienced, dedicated executives with decades of successful start-up experience in Silicon Valley and Boston.

DataTribe will co-found and launch three start-ups a year. The first three startups came on board in this inaugural year and are already gaining market traction…

Dragos — recently named one of Cybersecurity Ventures “Cybersecurity 500” top companies  — was the first of the startups. It specializes in network mapping, detection and remediation of cybersecurity problems in industrial control systems. The second, Enveil, is developing the first commercial solution for end-to-end lifecycle encryption; including data-in-use (homomorphic encryption based Cloud Security). The third company, Kesala, is developing lightweight solutions for low cost and ad-hoc, secure virtual private networks as well as cloud-based security monitoring of large-scale traffic.

The cybersecurity market is large, rapidly growing and driven by non-stop innovation. It is enormously complex at every level – within its individual components, in its connection to complex networks and in its relationship to data in all its forms and flows. You simply can’t learn fast enough from a standing start.

DataTribe is bringing the Silicon Valley playbook to the nation’s center of innovation excellence in cyber-related domains to forge a new generation of cyber security startups.  In time and with success, we expect to see the emergence of a self-sustaining cybersecurity startup ecosystem, fueled by an unusually deep reservoir of relevant U.S. technical talent. In a broader sense, this is how Silicon Valley started, and there is no reason why a smaller, more concentrated version can’t take root on the other side of the country.

Robert R. Ackerman Jr. is founder and managing director of Allegis Capital, a Palo Alto, Calif.-based early stage venture capital firm specializing in cybersecurity.  Ackerman is a co-founder of DataTribe and Allegis Capital is a strategic partner.

allegis

datatribe

Article found here: nvcaconnection

 

Read More

The CyberWire Special Edition: Venture Capital

  |   Allegis News, The Latest

In this CyberWire Podcast Special Edition, we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists what they expect before they invest.

The CyberWire | November 29, 2016

There’s no question that cyber security remains a hot industry, and that attracts investment. What are venture capitalists looking for, and how do they decide which deals to make? How did we get here, and what’s the outlook for the future?

We round up some experts, as well as some of the top cyber security venture capitalists in the industry to find out how they choose, and what they expect once the deal’s been made.

  • Robert R. Ackerman, Jr. is founder and managing partner at Allegis Capital. They describe themselves as, “a leading seed and early stage venture capital investor in companies building disruptive and innovative cybersecurity solutions for the global digital economy.” allegiscap.com
  • Alberto Yepez is co-founder and managing director at Trident Capital Cybersecurity. In their own words, “We know cybersecurity. It’s all we invest in. And we care about making the world a more secure place to live.” tridentcybersecurity.com
  • Tom Kellermann is CEO of Strategic Cyber Ventures. They say they are, “the industry’s first investment vehicle for synergistic cybersecurity technologies focused on disrupting the adversary.” scvgroup.net
  • Tami Howie is executive director of the Chesapeake Regional Tech Council. Prior to that, as a lawyer, she has been involved with the successful exits of over 150 companies and has represented technology companies, investors, SBICs and underwriters such as JP Morgan, Goldman Sachs and Morgan Stanley. chesapeaketech.org
  • Dr. Christopher Pierson is general counsel and chief security officer at Viewpost, an electronic payments and invoicing company. Prior to joining Viewpost, Chris was the Senior Vice President, Chief Privacy Officer for the Royal Bank of Scotland’s U.S. banking operations. viewpost.com
Cylance Logo

Cylance

Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.

Article found here https://thecyberwire.com

Read More

Why tech M&A fails so often: The three most common mistakes

  |   Allegis News, The Latest

 

 

 

By Bob Ackerman | November 1, 2016 | PE Hub

 

It was a failure. That’s what we learned in September about semiconductor giant Intel’s acquisition of antivirus software maker McAfee five years ago. Intel agreed to sell a majority stake in its $7.7 billion acquisition to a private equity firm at a price that showed that McAfee’s assets had increased only marginally, if at all.

There is an important message here.

Far too many technology companies are doing a poor job pursuing acquisitions. Strategic planning is insufficient and integration is largely bungled, and companies usually value acquisitions based on project potential and end up overpaying when that “potential” fails to materialize.

bob

Robert R. Ackerman Jr., founder and managing director, Allegis Capital. Photo courtesy of the firm

A technology company should acquire another only if the acquisition is highly likely to enable or enhance growth prospects indefinitely. Acquirers sometimes say this will be accomplished, but it usually turns out to be a pipe dream.

Most experts say the failure rate of acquisitions is at least 50 percent. Harvard Business Review has estimated it to be 70 percent to 90 percent.

It’s not as though companies decide to pursue an acquisition out of thin air. Their motivation is usually reasonable.

Companies may turn to M&A to embrace a new or emerging market opportunity or, concerned about their deteriorating competitive position, as a means to reinvigorate themselves. In other cases, a company may decide that it is better to buy new technology than to make it, or that it needs an outside company under its wings to enhance its domain expertise. Some acquisitions are sparked by several of these factors.

Too often, however, the strategy is flawed and key tactical steps miss the mark. Companies put on blinders and conclude that their particular deal will somehow buck the negative historical trend.

More often, the result is that the wrong companies are purchased for ultimately an unrealistic reason, and deals are improperly priced. If the marriage doesn’t fail outright, the financial performance of the acquirer declines.

Why deals fail

Even if the right acquisition is made, lots of things tend to go wrong. Corporate cultures clash. Or too much attention is focused on tactics and too little on strategy. Or, in the case of startups, new employees who are unwilling to swap the dream of being a key player in the growth of a successful startup to merely become a cog in a corporate wheel don’t buy into the deal and depart.

Consider another, recent technology acquisition that has looked shaky from the get-go. Microsoft’s purchase in the summer of LinkedIn for more than $26 billion, almost 50 percent more than the value of LinkedIn’s stock. Synergy is lacking. Small wonder given that Microsoft’s M&A track record is weak. It has written down multibillion-dollar purchases of the Nokia handset business and the aQuantive advertising business. And its $8.5 billion purchase of Skype is widely viewed as disappointing.

In many cases, mergers and acquisitions don’t flat out fail. They just underperform. According to an analysis last month of acquisitions by the S&P Global Market Intelligence team, post-deal returns among Russell 3000 companies making significant acquisitions generally did worse than their peers. Profit margins, earnings growth and return on capital all declined, relatively speaking, while interest expense rose as debt soared.

The three most common M&A mistakes

So what happens most often to undermine M&A deals?

  1. Integration is weak. The strategic partnering and business development executives who find companies and negotiate the deals are notthe executives who actually manage the acquisition or integrate the target company. Most of the time, it is the acquirer’s chief technology officer or the operating executive who wanted the acquisition who determine the fate of the startup. The success of an acquisition often depends on whether the acquiring company wants to keep the new company as a standalone division or integrate it into the corporation. Standalone divisions tend to have a better shot at success. The reality, however, is that if a company is being acquired for its intellectual property, typically the case, the usual strategy is to integrate the company and quickly assimilate it.
  2. Executives fail to distinguish between deals that might improve current operations from those that could dramatically improve the company’s growth prospects. Companies then pay the wrong price and integrate the acquisition poorly. A deal designed to boost a company’s performance is generally insufficient to significantly change a company’s growth trajectory. It usually requires something seldom done, working to successfully integrate the acquisition in terms of its business model.

Business models are multifaceted, but their most important component is the resources, such as employees, customers and products, used to deliver customer value. In an ideal case, these resources can be extracted from an acquired company and plugged into the parent’s business model. The problem is that additional business model components, such as the profit formula and business processes such as manufacturing, R&D and sales, are imbedded and generally not transferrable.

  1. Acquisitions don’t have a specific mission and targeted goals. Much more typical is the Microsoft-LinkedIn acquisition, in which the corporate combination simply hopes to improve corporate prospects by scooping up a new business.

M&As that have worked

It’s not impossible for corporate combinations to work. Some have.

One example is Apple’s purchase of chip designer P.A. Semi in 2008. Before then, Apple procured its microprocessors from independent suppliers. But as competition with other smartphone companies increased the importance of battery life, it became imperative for Apple to optimize power consumption by designing processors specifically for its products. Apple had to purchase the technology and talent to develop an in-house chip design capability. Predictably, the combination fared well.

Another successful example was EMC’s acquisition of VMware in 2003. EMC is a manufacturer of hardware storage. Its marriage with VMware substantially strengthened the company’s reach into its customers’ data centers. This merger turned out to be a stunning success.

The bottom line is that executives need to become far more discerning in eyeing potential acquisitions. This is precisely why Salesforce.com, Walt Disney Co and Google parent Alphabet Inc recently took a hard look at acquiring Twitter and, in each case, walked away.

Robert R. Ackerman Jr. is founder and managing director of Allegis Capital, a Palo Alto, California-based early-stage venture capital firm specializing in cybersecurity.

 

Article found here: Pehub.com

 

Photo of logos taken in June 2016 when Microsoft announced its $26.2 billion purchase of LinkedIn. Reuters/Dado Ruvic

 

bob

Read More