As you well know by now, the cloud is about shifting IT labor to more strategic initiatives. Or as Andy Jassy posited at the first AWS re:Invent conference in 2012, removing the undifferentiated heavy lifting associated with deploying and managing IT infrastructure. Cloud is also about changing the operating model and rapidly scaling a business. Often overlooked with cloud, however, is the innovation piece of the puzzle. A main source of that innovation is venture funded startup companies with brilliant technologists who have a vision to solve hard problems and enter large markets at scale.
In this Breaking Analysis we’re pleased to welcome a special guest, Erik Suppiger, author of the Elite 80 – a report that details the hottest privately held cybersecurity and IT infrastructure companies in the world. Erik is a senior analyst at JMP Securities and will share insights from this report. We’ll also contextualize the market with data from ETR in the cyber security and IT infrastructure segments.
What is the Elite 80?
Erik Suppiger shared with us that JMP is a middle markets investment bank, based in San Francisco. Its focus is on technology, healthcare, financial services and real estate. Suppiger’s focus is cybersecurity firms, public companies and IT infrastructure firms more broadly. Based in San Francisco, he’s kept a good dialogue with private companies that compete with the public companies in his coverage area. About seven years ago, he started the Elite 80, which is designed to highlight emerging private companies that are well positioned to be leaders in their respective markets. The list today comprises 80 companies and is designed to keep tabs on the firms that are thriving.
Watch and listen to Erik Suppiger’s full description of the Elite 80 report and how the firms qualify.
Key Takeaways from the Elite 80
The first two takeaways comment on the perspectives of the technology companies and the buyers of their products and services. First it seems that the pandemic really got startups to sharpen their focus. We distinctly remember talking to some VC’s early on in the lockdown and they were all over their portfolio companies to reset their ICP – Ideal Customer Profile – and sharpen their UVP – their Unique Value Proposition…specifically in the context of the new reality.
On the buy side – if you weren’t a digital business…you were out of business.
The elite 80 raised more than $3B last year, eclipsing the previous highs of 2019. A huge portion of that capital went to only 10 of the 80 firms. And most of that went to cyber security plays.
Erik Suppiger shares his thoughts on these takeaways.
Where did the Money Go?
Erik and the JMP team segmented the $3B in raised capital into a number of different categories as shown in the chart above. Most of it went into cyber security categories like application security, assessment and risk, endpoint, which boomed during the pandemic…same with Identity.
Suppiger explains how these categories were derived and what the data means.
Ten Startups Received Most of the Funding
The lion’s share of the funding went to ten companies as shown in the following graphic.
These ten companies saw significant funding rounds with OneTrust securing more than $500M. Four others nabbed a quarter billion or more in funding.
Suppiger explains how they tracked this data and what it means.
$100M in Revenue Used to be a Magic Number for IPO
The left side of the chart above gives a sense of the size of the companies in the Elite 80. Most of the companies have broken through the $100M revenue mark but you can see the breakdown. And the right side of the chart shows the most active investors – i.e. those with 3 or more transactions. And it’s interesting to see the players there including Citi and Cisco along with some private equity players.
Suppiger explains the changing $100M dynamic.
The Security Market in Context
The chart above is from Optiv – one of the Elite 80. We’ve shared this graphic with you before and the point is the cybersecurity market is extremely fragmented with hundreds of companies providing a mosaic of solutions. It comprises an extremely complicated and bespoke set of tooling that buyers must digest. Combined with a lack of skilled expertise it makes for a really dynamic market.
Erik Suppinger’s takeaway on this data is it underscores the need for best-of-breed solutions.
Spending Data Shows Momentum is Bifurcated
The chart below shares a popular view of the ETR data that provides a nice snapshot of a market. On the vertical axis is Net Score or spending velocity and the horizontal axis shows Market Share or pervasiveness in the data. Remember that anything above 40% on the vertical axis (as shown in the dotted red line) is considered elevated and you can see there are a number of companies in cyber above that mark.
A couple of points here to add some color.
First, the market, while fragmented, is quite large at over $100B annually and growing in the low double digits. There are some big pure plays like Palo Alto Networks and Fortinet, but the market also includes some large companies like Cisco who also has built a sizeable security business. Microsoft is another example as the company participates in most markets and serves its software customers. The ETR data covers only a subset of the players in the market but you can still see how crowded the space is today.
We’ve superimposed in red the recent valuations for some companies and the other point we want to make is there are some big numbers on some of the pure plays. The pandemic has fueled a shift in cyber strategies toward endpoint security, identity and cloud. And you see that in Crowstrike’s $50B+ valuation. Okta at $34B. Auth0, which Okta is acquiring for $6.5B. Zscaler at $28B. Proofpoint is going private at a $12B number.
So you can see why the VC’s are pouring money into this market. There are some really attractive valuations.
Erik Suppiger comments on the disruption in the cybersecurity market.
Erik what do you make of this data.
IT Infrastructure is a Different Story
Below is the same two-dimensional view of the ETR data and we’ve cut it by networking, servers and storage. This is a very large market – more than $200B but it’s much more of an oligopoly with more concentration at the top. You have some really big names like Cisco and Dell, which is spinning out VMware so it can unlock more value for the core Dell company. Dell’s valuation is $79B and that includes its 80% ownership in VMware – so you do the math as to how the street views Dell’s value with its current ownership. HPE is much smaller and its notable that its valuation is comparable to NetApp. NetApp is around 1/5th the revenue of HPE.
Arista stands out as the lone player that is having some clear success against Cisco.
Pure ($5B valuation) and Nutanix ($7.4B) were the only two infrastructure companies other than Arista to break out last decade and truly reach escape velocity.
Cohesity ($3.7B), Rubrik ($3.3B) and Veeam ($5B from the Insight acquisition) are the logical candidates for this decade to break out.
SUSE ($7B) is planning an IPO.
Erik Suppiger comments on Arista, networking and the data management space.
How CIOs Should Evaluate Startup Bets?
Erik – What do you look for from successful startups to make the Elite 80 list?
We discussed several aspects of working with startups as outlined below.
What Does it Take to Make the Elite 80?
According to Suppiger, a few factors can help get companies to this elite level. First is their performance. If a company is not growing, JMP will probably pull it from the list. The quality of of company management is another key consideration. JMP does take time to meet with all these management teams. If they feel like they’re putting together a leadership team that’s going to be around for a long time and they’ve got a product position that’s an advantage. Beyond these factors, feedback from the channel and even competitors weigh in the equation.
Another key factor is the enthusiasm for the respective markets in which the companies play. If it’s a market that is going to be difficult or flat or not very interesting, then that would certainly be a factor for excluding a firm. Conversely, even if it’s small company, if it’s a sector that is going to be around for quite a while, and it’s differentiated, then that will favor the inclusion for the startups.
What are the risks and rewards of working with startups?
The other thing we discussed was the risks and rewards of working with startup companies. We’ve had CIOs and enterprise architects tell us that when they go to RFP, they’ll pull out the Gartner magic quadrant. They will always pick a couple in the top right just to cover their butts. But many say, you know what– we also pick some of those in the challenger space, that are really interesting to us and we run them through the paces. We manage those risks so we don’t run the company on their products, but it helps us find diamonds in the rough. Think about in the second part of last decade, if you picked a Snowflake, you might’ve been able to get ahead of some of your competition in areas like data sharing and streamlining analytics. Or maybe you found an Okta to improve identity and you were better prepared to be a digital business.
Suppiger stated that he doesn’t think a company today can work using all legacy technologies. The greater risk is falling behind from a digital transformation perspective. As the pandemic underscored, you can’t go with just a traditional legacy architecture in a key aspect of your business. And so with startups you’ve got to take the “risk” of working with one that’s got a viable opportunity. The risk of having an IT infrastructure that’s inadequate is far greater according to Suppiger.
How will Startups Penetrate the Enterprise in the Modern Era?
Most of these startup players are either software firms, or sell software-defined offerings. Software is a capital efficient business, yet you’re seeing companies raise hundreds of millions of dollars. You see companies go to IPO that have raised over a billion dollars and much of that if not most of it goes to promotion and go to market.
According to Suppiger, one of the really interesting things that we’ve seen in the last couple of years is a lot of changes to sales models. And if you look at the mid market, the ability to leverage viral sales models has been wildly successful for some companies, it’s been a great strategy. One public company, Ubiquiti, has built a multi-billion dollar business without a sales organization. So there’s some pretty interesting directions that sales and go to market is going to incur over the coming years.
Will traditional enterprise sales change? Maybe not overnight, but there are many efficiencies that are going to come in sales over the coming years. And the possibility is that instead of just pouring money at promotion, maybe get more efficient with got to market and free up more money for engineering, because that really is the long-term sustainable value that these companies are going to create.
Today’s super-funded startups have taken somewhat of a brut force approach. Raise a ton of capital and try to run the table on the competition. While this has worked, especially as capital is plentiful, when the market turns, new models of efficiency will likely emerge that leverage the cloud, automation and more efficient ways of reaching customers.
Ways to Keep in Touch
Remember these episodes are all available as podcasts wherever you listen.
Email email@example.com | DM @dvellante on Twitter | Comment on our LinkedIn posts.
Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.
Watch the full video analysis: