Work-Bench

Check out our new blog

Tough Week for Cisco

Sent On August 15, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Tough Week for Cisco: It was a tough week for Cisco Systems. After another quarter of disappointing sales growth, CEO John Chambers announced that the company would be cutting its global workforce by 6,000 jobs, or approximately 8%. Further rubbing salt in the wound, a number of major Cisco customers, including Goldman Sachs, Verizon, and Coca-Cola have been publicly pressuring the networking behemoth to increase software-defined networking offerings, rather than continue peddling new hardware. Amid the reports of layoffs and customer complaints, there was one piece of information that really stood out as indicative of the "shifting sands in technology decision-making" in a cloud-first world. As Mr. Chambers himself noted, “We’re selling to the business unit more than to the CIO now when we do our job right." We have witnessed this first-hand at Work-Bench, and have been helping startups and corporate executives alike navigate and capitalize on these emerging trends in enterprise technology.

Cisco Pressured to Embrace Software-Defined Networking Bloomberg • "Cisco's customers are asking Chief Executive Officer John Chambers to step up the company’s push into software-driven networking, instead of just trying to sell more hardware."

Big Data Security Analytics Landscape

Sent On August 8, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Big Data Security Analytics Landscape: We are excited to share the first iteration of our Big Data Security Analytics Landscape with you. We have been evaluating the practical applications of big data predictive analytics and machine learning, and one of the most interesting enterprise use cases we have been seeing is in security analytics. Representing an evolution beyond traditional security information and event management (SIEM), we are excited to see how this Big Data Security Analytics (BDSA) market continues to evolve in the future. Read more.

The Most Fascinating Profile You’ll Ever Read Wired • "On first blush, it sounds boring. Worse, it’s a bit hard to explain because you haven’t used anything like it before. It’s a communications application, based on the system they created while building Glitch. It’s called Slack."

Version 1.0

By Jed LeidheiserAugust 6, 2014

Background

In the setup to this article, we discussed how Big Data Security Analytics (BDSA) is an evolution beyond the limitations of classic Security Information & Event Management (SIEM) solutions. Namely, that Big Data approaches are differentiated by their ability to provide analytics from unstructured data sources and huge, disparate data sets (IBM and others refer to this as the 4Vs: Volume, Velocity, Variety, & Veracity).

Big Data solutions have other traits that enhance their effectiveness, better unlocking insights than legacy solutions. For example, many solutions are capable of certain types of machine learning – suggesting or executing a particular course of action based on historical actions, rather than as a result of formally coded rules. As another example, Big Data solutions will often consume not just event-based sources, but also intelligence feeds or contextual reference data (e.g., threats, vulnerabilities, asset inventories) for better overall insights.

Industry Thinking

What this all means is that classifying a solution as Big Data Security Analytics is guided by principles rather than a distinct definition, and hence, is somewhat subjective. In fact, many respected analysts, such as Anton Chuvakin at Gartner, don’t believe “there is such a market at this time” (note: Gartner does believe that BDSA is relevant as a concept). 

Many enterprises that we interact with are indeed trying Big Data Security Analytics in some form or fashion (to say nothing of the preponderance of start-up marketing materials). As Larry Lunetta of PetaSecure reminds us about SIEM, “it took Gartner 2 years to publish a [Magic Quadrant], and the Leader’s quadrant for the inaugural version was empty.” This is to say nothing ill about our friends at Gartner; we’d argue it’s just early in the game.  Other analysts such as Jon Oltsik of the Enterprise Strategy Group believe that “there is no longer any debate – security analytics has become a big data application.” We concur.

Proposal

With that in mind, we’d like to propose an initial Big Data Security Analytics landscape; that is, the intersection of “Big Data Analytics” with “Security Analytics”. We fully expect it’ll have gaps, approximations, and maybe more egregious errors. But let’s start somewhere. Our central organizing theme is that BDSA solutions are either real-time or historical, depending upon the data on which they operate:

Real-time solutions (“Real-time Analytics”) live on the network and often perform automated remediation to prevent ongoing attacks.

Historical solutions (“Historical Analytics”) rely more on batch data and provide rich investigative capabilities for security analysts.

Within the Real-time Analytics space, the clearest delineator is whether the solutions perform deep packet inspection or not. There are trade-offs for each approach. Within the Historical Analytics space, solutions are typically provided either as all-in-one, self-contained implementations or are meant to be deployed on top of existing Big Data repositories. Hence, our sub-categories. 

The Landscape

For the purposes of this landscape, we assume the following are out-of-scope:

Classic SIEM and scalable “SIEM 2.0” solutions.  The latter refers to SIEM enhancements that provide for Volume and Velocity but still require structured datasets and/or do not incorporate non-log based sources.

Solutions that only provide a general platform for Analytics, rather than anything security-specific.

Solutions that only enable inbound data collection or ingestion, but do not perform analytics.  Similarly, solutions that only provide workflow, case management, or outbound response.

Public companies (and Palantir), since we’re focused on startups.

Final Thoughts

Big Data Security Analytics is an emerging market and we're certainly excited to see how it evolves. In the short-term, we're interested to know which companies we missed. We'll also be monitoring how well these companies gain traction with enterprise customers. Longer-term, it will be interesting to see which approaches prove most effective at detecting and preventing attackers. Please share your thoughts in the comments!

Why You Need a Great VP of Product

By Jane WangAugust 5, 2014

Last Wednesday, Jason Lemkin moderated NYC's first SaaStr Social with Greenhouse.io co-founders Dan Chait (CEO) and Jon Stross (Chief of Product). The three discussed what to expect from a VP of Product, how to make that hire in the first place, and how the CEO and VP of Product can work together to accelerate operations post initial traction. Below are a few highlights of the evening:

“If you don’t think you need it, you haven’t seen greatness” - Jason Lemkin 

For those in the audience who had never worked with a great VP of Product, Jason kicked off the night by diving into the benefits of such a hire. Jason advised startups to begin considering potential VPs of Product once the company starts accruing 1.5 million in revenue. Waiting much longer after that entails the risk of bringing in a product manager unfamiliar with the nooks and crannies your product has developed in its journey to reaching 6 or 10 million in revenue. To those fearful of the price tag, Jason argued that a great VP of Product more than pays for him/herself just by closing one and saving one customer per year. Jon added the caveat that it is best to go without than to go subpar, noting that “the difference in this field between someone who is great and someone who is good is humongous; paying an extra ten or twenty thousand is really worth it.”

VP of Product - Visionary or Synthesizer?

All three speakers agreed that it is a mistake to see the VP of Product as the product visionary. Instead, Greenhouse.io views the VP of Product as someone who can distill the CEO’s abstract vision into a tangible plan, mine feedback from customers on the first iteration, and then prod forward improvements in subsequent iterations. A VP of Product, Jon said, has the skill to “synthesize, clarify, and articulate,” all while balancing the priorities of infrastructure maintenance, customer requests, scheduled features, and more.

How important is domain expertise?

In terms of prerequisites to the position, all three speakers agreed that domain expertise is overrated. If someone can build great consumer software, then it is likely that they can master the programming language you need or build software behind the firewall and in the cloud. Citing someone who builds games (and never talks to customers) as one of the few times a natural athlete doesn’t work, Jason notes, "I don't worry about specific domain expertise, but I worry about hiring people who don't interact with customers." Along those lines, Jason revealed one major interview questions he asks all VP of Product candidates: what do you plan on doing in your first 30 days on the job? Any candidate who does not plan on talking to and visiting the company’s best customers for preliminary diagnostics is quickly eliminated.

Handling the Priority Checklist

As mentioned above, a product team is constantly juggling the priorities of overhauling lagging features, considering new customer requests, completing features that company deals depend on, and more. Dan believes that the saving grace of the Greenhouse.io team is not their ability to precisely gauge priorities, but rather their commitment to shipping features regularly. Noting that that even projects at Google fail, being able to ship software well is a differentiating competitive advantage. “If you’re confident you can ship things every week, then you worry less about getting your priorities wrong. If you can’t ship things every week, then priority becomes important because items only get done if they’re at the head of the list,” Jon said. A company that reliably ships features encourages customer patience, since customers are confident that the gears are constantly churning, even if the feature they requested is not amongst this week’s output. Greenhouse.io also builds transparency into the system by hosting a public backlog list that customers can vote on.

Work-Bench Enterprise Security Summit

Sent On August 1, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Work-Bench Enterprise Security Summit: We're excited to invite you to our Work-Bench Enterprise Security Summit, a half-day security conference, taking place in New York City on September 30th. We will be bringing together Fortune 1000 executives and the most disruptive security startups to provide the latest insights on emerging trends and solutions in the enterprise security space. The event will feature panel discussions, company presentations, and a keynote from Gus Hunt, former CTO of the CIA. Read more.

Enterprise Investments Surge To Over $5.4 Billion TechCrunch • "The amount of capital invested in these startups has already surged to over $5.4 billion in the first half of 2014. That’s roughly the same amount that enterprise-facing companies raised in the entire year for 2013..."

Gaurav Dhillon, Chairman and CEO of SnapLogic

July 28, 2014

We recently held our second Enterprise Founders Upfront at Work-Bench with Gaurav Dhillon, Chairman and CEO of SnapLogic. SnapLogic is the leader in Elastic Integration, helping companies connect enterprise applications and data in the cloud and on-premise for improved business agility and faster decision-making. Funded by leading investors, including Andreessen Horowitz and Ignition Partners, SnapLogic is used by prominent companies in the Global 2000.

In an interview with Jon Lehr, Gaurav touched on topics such as what led to the successful exit of his first company Informatica, the most SaaS friendly industries in today’s market, the evolution of enterprise sales in the last two decades, and more.

Below are a few of the major issues he touched upon throughout the night:  

1. The early days of Informatica

In talking about the formation of Informatica, Gaurav credited a good portion of his success to hard work, luck, and perseverance. Whether at a startup of a large corporation, everyone works hard in technology - what was clear to Gaurav, however, was that the products he was working on were not seeing the light of day. With the release of Windows 3.1, there was a tipping point in the shift from mainframe to client server computing. As Gaurav said, “It was clear to me that if we wanted to do something, we needed to do it on our own.” The timing was right, but before the proliferation of seed funds & accelerators, they had to rely on the small business administration (SBA) for seed funding. With a bit of luck and a lot of perseverance, they were selected for a $75,000 SBA grant. As Gaurav noted, “that was like mom & dad giving you the down payment to buy your first house. You can make the payments, but it’s that down payment that’s really hard to come up with. That’s what incubators do, they give you the down payment.”

2. Which industry is leading cloud adoption 

Although financial services is typically considered the leader in adopting new startup technologies, Gaurav commented that he was surprised by the retail industry which has proven to be aggressively SaaS savvy. Many retailers are facing huge pressure from online shopping and showrooming, and they have a desire to stay relevant. This has led companies like Target to create mobile apps and get more sophisticated in their understanding of customers.  When you include new security challenges too, there are a lot of software solutions that retailers are seeking today.

Gaurav also shared a tip when developing your sales strategy to think: “What verticals and what job titles do we want to clobber with our product?” Once you evaluate things that way, it can help you realize if you need to focus more on your key customers and use cases.  

3. The disruption of legacy tech incumbents 

Prompted by an audience question, it was interesting to hear Gaurav's thoughts on the future prospects of legacy tech incumbents. Drawing analogies to the mainframe to client-server transition 20 years ago, Gaurav had a dim outlook for the legacy tech incumbents. As he noted, “I think the majority of them will not make it. It’s too hard to pick which ones, but if you look at the basket, I would say the basket is in trouble.” Given the tension that exists between cloud computing and their existing business units, Gaurav pointed out that in order to survive, “you have to take huge risks and sail your company into harm’s way - like Netflix did with the streaming business and Adobe did with the subscription model for the creative suite.”

He did note that some companies, like IBM, have transitioned well from mainframe computing to the client-server computing era, and they now have the chance to do the same with cloud computing. But as Gaurav pointed out, “the majority of people from that era were eclipsed by new generations of companies, and I think that will happen again.” Gaurav did caution though that we can’t just write off the incumbents due to the sheer amount of cash on their balance sheets. After all, “You can handle Windows 1, 2, and 3 when you have DOS”

Hewlett-Packard Buys into Big Data

Sent On July 25, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Hewlett-Packard Buys into Big Data: Hortonworks took on an additional $50 millionstrategic investment from HP this week to bring their total funding to $248 million. While they likely didn’t need the money (see their $100 million Series D earlier this year), the strategic partnership gives them an avenue into new customers & allows HP to further incorporate Hadoop into its own Big Data platform - HP Haven. It is also worth noting, with Intel’s previous $900 million investment in Cloudera, that older more established players are seeing this as a legitimate business opportunity. 

Recurring Revenue is Magic Jeff Bussgang • "At Flybridge, we have added "business model", with a particularly weighting towards recurring models with high gross margins, as one of the important evaluation criteria when we make investment decisions alongside market and team, which are the two canonical criteria for all venture capital firms."

An Evolution Beyond Security Information & Event Management

By Jed LeidheiserJuly 24, 2014

Limitations of SIEM

Depending on which company or startup we speak with, Security Information & Event Management (SIEM) is either dead or will live on forever. Quite different answers. In our minds, Big Data Analytics represents an evolution – not revolution – beyond the aggregation, alerts, and response facilitated by a classic SIEM solution. Big Data approaches differ from SIEM in two key ways: 1) unstructured data is acceptable, and 2) huge datasets are no longer a challenge. Of course, #1 and #2 resulted from new technologies we’ve spoken about before, which were created for purposes other than security.

Enterprises now realize that complete prevention of security incidents is impossible. Instead, there must be an increased focus on timely detection and response. Breaches WILL HAPPEN – so find them and contain them quickly. Both classic SIEM and Big Data approaches are compatible with this mindset and seek to unlock value through the aggregation and analysis of events generated by disparate systems. The problem is that SIEM promised the world but under delivered. Verizon’s 2013 Data Breach Investigations Report provides an indication of this, noting that only about 1% of data breaches were discovered through log review. This is due to tools being configured only for certain use cases, monitoring teams being understaffed and undertrained, and the sheer volume of activity, among other reasons.

More directly, Gartner found that many organizations have “genuinely outgrown their SQL-based SIEM and moved to Hadoop-based systems.” This has been publicly confirmed by CISOs at companies such as IDT and Jeffries & Company at the 2014 RSA Conference (see TechTarget write-up), who found that existing SIEM solutions simply failed from a performance standpoint under Big Data volume.

What must enterprises do now?  

To start, existing SIEM solutions still form part of a security monitoring and analytics capability. The events collected and normalized by an existing SIEM must feed into a security-focused environment for Big Data analytics. This environment will also aggregate security events from solutions such as Data Loss Prevention (DLP) and Identity & Access Management (IAM), as well as data sources related to vulnerabilities, threats, and asset inventories (e.g., business processes, applications, databases, and hosts). Enterprises must start their Big Data Security Analytics focus now. A few points to remember:

Start Small: build environments along focused use cases

Educate: select/hire initial team members and encourage training of both Big Data technologies and data science concepts

Remember Quality: the principle “garbage in, garbage out” still applies to the data being aggregated

Integrate and Centralize: communicate with technology teams and business areas in order to gain and automate access to data

Secure: remember that access controls and other security concepts still apply

Report: determine how insights can be easily reported to management

Where do we go from here?

with Jason Lemkin, Dan Chait, and Jon Stross

July 23, 2014

We're excited to invite you to a very special event at Work-Bench, Jason Lemkin's first SaaStr Social outside of Menlo Park. Together with Jason M. Lemkin, we'll have a founder combo from one of New York's rising star SaaS start-ups, Greenhouse.io.

Jason will lead an unscripted Q&A with Dan Chait (CEO and Co-founder) and Jon Stross (Chief of Product and Co-founder) on what to expect from a VP of Product, how to make the right hire, and how a CEO and a VP of Product can work together to accelerate things post-initial traction.

Welcome  6:00-6:15pm Discussion  6:15-7:15pm Drinks & Networking  7:15-9:00pm

Apple in the Enterprise

Sent On July 18, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Apple in the Enterprise: The big news this week is the Apple-IBM mobile partnership. While this may be good news for the two companies, it is probably less so for competition from the enterprise technology startup ecosystem because of the dominant reach of the two mega-corporations. The move means IBM now has full-blown iOS support, which is a positive for corporate customers that were previously lacking enterprise support from Apple.

The partnership is also interesting to consider in light of the fact that IBM has been shifting away from hardware as much as possible, as evidenced by offloading their x86 business to Lenovo. We wonder what the ultimate impact for customers will be. Will we see Watson-iOS integration and specialized machine learning apps created, or will apps running from the mainframe be streamed to your phone? Only the next couple of years will tell.

Apple, IBM Alliance Can Benefit Both CIOs and End Users The Wall Street Journal • "Apple's partnership with IBM probably won’t drive a massive shift in mobile strategy for the CIO. But IBM’s backing could make them more willing to give Apple a try, leading to new inroads for i-Products in the enterprise arena traditionally dominated by Microsoft’s Windows OS."

Member Spotlight: Monaeo

By Mickey GrahamJuly 15, 2014

We are excited to announce our Work-Bench Member Spotlight series, where we do a monthly deep dive feature into some of the unique challenges that enterprise technology startups face in building, scaling, and selling a product to the enterprise. Each of our 15 member companies at Work-Bench has been tackling big challenges in product development, marketing, and sales, and have gained immense insights and learnings to share with our community. First up - Monaeo, a location-based tax and audit protection platform.

We recently sat down with Vinay Pai, tech lead at Monaeo, to shed light on a few of the differences between consumer and enterprise software development. Monaeo’s SaaS solution enables companies to understand their mobile footprint, send early warning alerts, and deliver reports to save taxes and provide protection in tax audits. Prior to joining Monaeo, Vinay was CTO at OkCupid.com, where he helped scale their architecture to handle 10x the traffic, with millions of active users when he left. An expert in both consumer tech and enterprise software engineering, Vinay shared his thoughts on the key differences between the two domain.

1. Systems Integration

One of the most significant differences between engineering in consumer tech and enterprise tech is that enterprise software needs to integrate with a customer’s legacy technology and their other third-party vendors. In enterprise software development, there are many more external systems that a development team needs to prepare for. Customers will often require reports and integrations with their other third-party vendors, and a product offering must fit into a customers internal workflows, practices, and systems. “It doesn’t matter how great your system is if they have to go in and change everything - a large organization simply won’t use your product if it’s not compatible with their established processes and practices,” says Vinay.

Similar to consumer tech, it is essential in enterprise software development to come up with a core architecture that makes it very easy to build on top of. In consumer tech, developers are generally dealing with a feature rich system and the challenge is architecting an underlying system that is powerful and efficient. In enterprise tech, however, developers need to build an information architecture that can consume and output data without bleeding into core systems. A unique aspect of being in the enterprise tech space is that customers will dictate how they need the product to work. In the HR space, a customer may need a startup's solution to integrate with PeopleSoft, while another may be using Workday or ADP. If the product doesn’t have a robust enough core system, developers will need to continue writing new code and reinventing the wheel in order to keep up.

2. User Testing

Another key differentiating factor in enterprise software development is user testing. In the consumer space, one can generally build a new feature, push it live, and see what happens. In making a consumer design change, developers can build a simple version, roll it out to 5-10% of users, and measure the impact. This is not a luxury developers have in the enterprise space, and without the benefit of being able to roll out redesigns and new features to users seamlessly, a big challenge is understanding what exactly to build. The key to solving this problem, according to Vinay, is a close integration of product, sales, and development.

One way Monaeo gets around these customer testing challenges is by getting product feedback during the sales cycle. By incorporating mockups and prototypes in their demos, their sales team can receive valuable customer feedback while pitching the product, and understand which features the customer wants to have by the time they are ready to close the deal. Given the length of enterprise sales cycles, this typically means that a sales team should be a month or two ahead of the development team. That being said, it is crucial not to over-promise and under-deliver.

For this to work effectively, Vinay suggests keeping the information flowing in both directions. It is important for developers and founders to sit in on sales calls and to provide mockups and powerpoints for demos, as well as for the business team to know where the development team is on the product roadmap. Sitting in on sales calls every couple weeks allows the team to see what people care about, what resonates, and what questions come up. A close collaboration of the business, product, and development units allows a flow of information that can serve as effective user testing.

3. Scalability

In scaling consumer products, developers rarely add a giant batch of users to their system overnight. Besides the rare case of showing up on the front page of Hacker News or Reddit and needing to handle the sudden influx of traffic, consumer tech companies generally tend to grow linearly or exponentially in a more predictable model.

As an enterprise SaaS company, however, developers may be adding tens of thousands or hundreds of thousands users simultaneously upon closing a large enterprise contract - such as Box’s recent 300,000 person deal with General Electric. With a paying customer, there is more pressure on enterprise technology companies to support the scale of an enterprise wide deployment without crashing. Enterprise companies need to do their absolute best when it comes to testing and load generation, and Vinay suggests taking a more phased approach as far as possible. Batching users and managing the provisioning of users on to a system will help avoid many of these scalability issues.

4. Pace of Development

Working with a large organization as a customer can dramatically slow down the pace of software development, and there are different expectations for the pace at which the process should move. There are many formal systems that need to be checked off as an enterprise software vendor, which can dramatically slow down the development process. Stakeholders often include an IT department, a security department, and other departments, who will probe with questions around how a service is hosted, what a disaster recovery plan looks like, and more. Oftentimes, the customer’s boilerplate forms and processes are outdated, rendering them ineffective and slowing down the procurement process even more.

If a customer wants an integration with one of their vendors, what could be a simple quick fix may actually take months to implement. What may normally take a week to set up -  like configuring a csv - can be a painfully slow process, involving the customer, other third-party vendors, and a 15 page document with requirements and specifications on what format a csv file should be generated. Even once the enterprise product gets into the hands of a customer’s development team to integrate, it can be a 3 month process - if they are moving quickly.

5. Security

In the consumer space, there are very few laws on how data is handled. It is very self-regulating, and the biggest motivation for not being careful with user data is the threat of a breach, negative publicity, and the loss of user trust. With federal regulations for data privacy, however, especially as it relates to personally identifiable information (PII) and material non-public information (MNPI), enterprise technology products have a number of much more formal requirements. 

Interestingly, a lot of the more formal requirements enterprise customers want to see covered are antiquated, increasingly so with the transition from on-premise to cloud-based software. There are a lot of internal regulations that are asking for specific requests, which do not address underlying concerns such as having a network-based intrusion detection system (not relevant if on an AWS system). The key to overcoming these challenges, according to Vinay, is getting to the right people who understand the technology, addressing the underlying concerns, and playing by their rules when possible.

Predictive Analytics Landscape

Sent On July 11, 2014

Note from editors: this post was originally sent as the Enterprise Weekly - our weekly Work-Bench newsletter featuring commentary & the latest news in enterprise, upcoming community events, and recent fundings & exits. Sign up here to subscribe.

This Week's Enterprise News

Predictive Analytics Landscape: We're excited to share our Work-Bench Ventures' predictive analytics landscape with you. This landscape is a first pass at understanding the range of vertical-specific predictive analytics solutions available on the market, with emphasis on startups and newer incumbents (rather than legacy providers such as SAS, FICO, and IBM’s SPSS and Watson products). Our goal is to understand which verticals are supersaturated with new predictive solutions (e.g. predictive sales and marketing applications), versus which have yet to see many new, disruptive solutions. Did we miss a great company? Is your company not on the list? Are there verticals that are much busier than we’ve captured here? Please let us know!

Rethinking the Enterprise Data Archive for Big Data Analytics and Regulatory Compliance GigaOM Research • "With enterprise data growing rapidly and with business and regulatory demands requiring continuous data access, organizations must have a well-thought-out approach for keeping years of history online..."

 Version 1.0

By Jonathan Lehr, Venture DirectorJuly 10, 2014

Background

At Work-Bench Ventures, our investment thesis focuses on the disruption of legacy enterprise IT stacks. One area in particular which we’ve been studying is the need to derive business value from all of the data being captured by Big Data tools in today’s enterprise environments. Our thesis is that the way to do this is through empowering business and IT users within their own silos with predictive analytics solutions.  

This is difficult to do at scale, and the only way business people can leverage predictive analytics is if you give them applications tailored to their specific functions. For these applications to be effective, a certain ‘special sauce’ is necessary behind the scenes with the proper models and customizations for each unique use case and context.

The Landscape

This landscape represents a first pass at understanding the range of vertical-specific predictive analytics solutions available on the market, with emphasis on startups and newer incumbents (rather than legacy providers such as SAS, FICO, and IBM’s SPSS and Watson products). The goal in compiling this landscape is to understand which verticals are supersaturated with new predictive solutions (e.g. predictive sales and marketing applications), versus which have yet to see many new, disruptive solutions.

The key areas of focus included HR, Purchasing, Finance, Sales & Marketing, Security, IT, and Facilities.

For each area that is sparser when it comes to vertical-specific predictive modeling tools, we ask ourselves: is this because the vertical represents a market that is too small; or is it a sector that involves so much proprietary information that all solutions are built in house? Or does it represent an enormous market undersupplied with new, efficiency-adding and revenue-driving solutions?

Community Collaboration

By “open-sourcing” this list to the public, we hope to gain insight beyond what we’ve been able to initially compile, and to create a dialogue with our enterprise tech community. Did we miss a great company? Is your company not on the list? Are there verticals that are much busier than we’ve captured here? Please let us know in the comments.

To see a list of all of the companies listed in the landscape and their respective descriptions, check out this Google Doc. It also has areas we researched but couldn't find any companies, so please let us know what we missed in the comments! 

Managing Big Data Environments

By Jed LeidheiserJuly 8, 2014

Let’s face it, Big Data is here to stay. With its buzzword-friendly use rampant in media and vendor sales decks alike, the conversation is often focused on being able to quickly and efficiently unlock business insights from large, siloed data sets. But what about the security of the massive amount of information collected under the guise of Big Data?

Aggregating information into data warehouses is nothing new, and large organizations have historically collected large datasets using relational database management systems. Nowadays, these data warehouse technologies place a premium on security, with provisioning and both cell-level and table-level security built into their functionality.

However, there is marked difference in both the purpose and technology of newer Big Data environments from traditional data warehousing. The driver for Big Data environments is often customer analysis, security intelligence, healthcare research, or financial instrument analysis, rather than simply aggregating information into a data warehouse. The technical implementations are also new, with the likes of Hadoop, MongoDB, and HBase as key players. The purpose and technology keeps expanding, and in practice, data attracts more data. The term “data lake” - a data-centric environment where centralized and accessible information is the norm - is becoming more common.

What has been missing from the equation is adequate security. Big Data environments store massive amounts of information from multiple business units within an organization. That data is then mashed, mangled, and distributed across diverse analytic and visualization technologies. By the nature of their original business purpose (research or predictive analytics), Big Data environments are accessible. In fact, Hadoop was originally designed without proper security according to Kevin T. Smith on InfoQ: “anyone could submit code and it would be executed… access control was easily circumvented.”

The identity problem – validating that someone is who they say they are – is now being addressed by multiple vendors and products who offer Kerberos, PAM, and AD/LDAP integration. No longer should implementations create separate identities within the Big Data ecosystem… single sign-on is a reality. Now the focus must be on authorization (role-based access and fine-grained entitlements), as well as sensitive data handling (encryption and metadata-driven governance). These are the key security issues at hand for most enterprise implementations:

Authorization

No centralized access administration across different engines (e.g., HDFS, Hive, Hbase)

Only coarse entitlement granting capabilities (i.e., difficulty to grant fine-grained entitlements at the cell/file level)

Sensitive Data Handling

Limited support for encryption and/or data masking

Inadequate use of metadata, hampering sensitive data handling

In the authorization space, an employee may have different entitlements across HDFS, Hive, HBase, and the list goes on. When users have different entitlements across applications/tools with similar business purposes, it is difficult to determine if their access levels are appropriate for their job. This rings more true as employees change responsibilities – particularly, transitions without a formal title change – which leads to an accumulation of privileges. Fine-grained entitlement administration is also critical to an effective access management posture.  For example, HBase only provides control for tables and column families, but not to the cell level, which may house privacy data.

The handling of sensitive data is the other major concern. Encryption for data-at-rest is not available in native Hadoop, nor currently on platforms such as Hortonworks. In addition, the use of encryption or data masking relies on metadata about data elements, which often go untagged. Not only does this hamper access control and data handling, but audit logging and monitoring as well. All activity must be logged for both compliance and monitoring reasons, including when sensitive data has been accessed and by whom. If sensitive data is not tagged appropriately, it is difficult to detect inappropriate activity after the fact.

The big platforms – Hortonworks and Cloudera – have taken notice. Hortonworks acquired XA Secure in May of this year, while Cloudera quickly followed by acquiring Gazzang in June. These acquisitions certainly make sense.  Hopefully, these vendor platforms will address the missing gaps and deliver solutions that meet enterprise security needs.

With Jason Shen & Dom Goodrum of Percolate

July 2, 2014

Last Wednesday, Jason Shen and Dom Goodrum of Percolate led a double-header Work-Bench Workshop on marketing and product design for the enterprise. As an enterprise tech startup building a marketing platform that enables Fortune 500s to better create, plan, schedule, publish, and analyze content, Jason and Dom provided some key takeaways that we’d love to share below:

Building Blocks of Marketing

Jason Shen, Percolate’s Marketing Manager, first spoke about the five primary elements of any effective marketing strategy: brand (what you stand for), objective (what you want to achieve), audience (who you are talking to), platform (the vehicle you use to deliver content), and trigger (why your content is relevant).

Critical to Percolate’s core operating beliefs, Jason described their brand as being built on four key pillars: technology (software), marketing (serving an industry), design (with beautifully designed software), and culture (because your employees matter and because customers care about the people behind the work).

Although every company’s primary objective may be to create a market for themselves and obtain customers, Jason stressed the error of approaching all projects with the goal of “closing a deal.” By utilizing social media, events, their blog, whitepapers, and syndicated content, they are effectively targeting two different types of audiences. First, they look at roles within the enterprise - those who had the budget to buy their software or would be reviewing product results (e.g., brand managers like the CMO or VP of Digital) and those who would be handling social media or otherwise using the product itself (e.g., community managers). Second, they look at the community outside of the enterprise - prospective employees, leaders within the technology, marketing, or local community, and trusted industry analysts like Gartner, who released third party reviews of their product.

To this end, Percolate’s marketing strategy makes an effort to add value to the field of brand content marketing in ways that do not directly advertise their core products. Online, they write content for their blog and for syndication on design, company culture, sales, technology, and more, and they produce a variety of gated white papers that discuss tricks of the trade. On foot, Percolate hosts “speakeasies” or monthly happy hours in New York City that allow community managers from across companies to connect and share ideas. Within their own company, they host annual Hack Days that bring the product and business team together to brainstorm products to improve company operations.

Designing from Start to Finish

Dom Goodrum, Percolate’s Design Director, led the second half of the Workshop with an in-depth examination of Percolate’s design process. Traditionally, building a design department involves hiring for three unique positions: a research role, user experience role, and visual role. The user experience role maps out how the tool functions, the visual role decides the color palette, typefaces, and other aesthetic aspects, and the research role attempts to understand the customer. Percolate, however, aims to make the product designer responsible for all three areas, so that designers have a clear line of sight into the problem being solved.  

In order for this to work, Dom stressed the importance of listening as a company - not just in sales or customer support - but across product, business and marketing. This way everyone plays a role in hearing the feedback and challenges that their customers face and is thinking about what opportunities exist for the product. One way Percolate achieves this is by documenting user insights in a Google Doc or in a visual representation of the user journey, allowing anyone on the team to access and understand these insights.

Interestingly, Dom pointed out that the client and consumer research his team runs does not actually focus on the product, but rather on the problem they are solving for. In avoiding talking about the product, Percolate’s design team can focus on understanding the jobs people do and the problems their product is trying to solve. In addition, Percolate places a big emphasis on consumer grade designs and interfaces, which speaks to an exciting shift we are seeing in design for enterprise solutions. “We want people to love our product like they love using Instagram,” Dom said.  

Given their design focus, Percolate has thought deeply about brainstorming and internal collaboration. “We know that we need all perspectives from the company, and to bring them together physically.” They’ve learned that, traditionally, the person with the biggest mouth  (or HIPPO - the Highest Paid Person’s Opinion) leads the room, so they sometimes shake up their workshops by breaking people into small groups, posing problems, and asking folks to quietly sit and think and sketch out some solutions. Additionally, they hold company-wide internal quality assurance sessions, so that everyone at Percolate gets to participate in the feedback loop and try a new feature or product update before it is released.