Salesforce Q1, FY22 revenue was $5.96B, the best quarter in the company’s history.
$1M+ deals hit an all-time high and were up 120% year-over-year. New $1M+ sales are averaging four or more Clouds, with senior management calling out Service Cloud during the earnings call as gaining strong traction in enterprises. Eight of the top 10 deals included Tableau, and five included MuleSoft.
FY22 Revenue guidance raised from $25.9B to $26B, approximately 22% year-over-year growth.
Service Cloud Q1, FY22 revenue is $1.5B, growing 20% year-over-year.
Tableau sales grew 38% year-over-year, reaching $394M in sales. MuleSoft grew 49% year-over-year, reaching $380M in sales in Q1, FY22.
The Slack acquisition is expected to close at the end of Q2, FY22.
Key takeaways from their Q1, FY22 results include the following:
Q1, FY22 revenue is up 23% year-over-year to $5.96B. Operating margins reached 5.9%, with non-GAAP operating margins reaching 20.2% in Q1. Salesforce successfully capitalizes on its customers’ urgency to transform their businesses while providing them with proven, well-integrated apps and platform strategies to help them build new digital businesses. Salesforce is also well-positioned to increase revenue based on the growing interest in analytics apps, combined with strong demand for mobile and social apps and multi-cloud integration. Combining proven apps and platforms with their ongoing R&D work in machine learning, AI, and predictive intelligence shows Salesforce is well-positioned for long-term growth in an increasingly multi-cloud enterprise world.
Successful multi-cloud sales strategies are propelling double-digit growth in the platform side of the business. Five of the ten $1M+ deals Salesforce signed in Q1 included MuleSoft. The Platform business is the fastest-growing segment of Salesforce today, attaining 28% year-over-year growth. Marketing and Commerce are next at 25% year-over-year revenue growth, driven by many Salesforce customers digitally transforming their selling and service strategies online. The latest quarters’ financial results by product area show how well-integrated and revenue-generating the ExactTarget, MuleSoft, and Tableau are turning out to be today.
Salesforce will reach $50B in revenue by 2026, supported by their Total Available Market (TAM), reaching $204B by CY2025. During the Q1, FY22 earnings call, Marc Benioff predicted Salesforce would nearly double in size in four years, reaching $50B from $26B, which is the projected FY22 revenue target. During the earnings call, Marc Benioff also said, “but I’ll tell you that it’s awesome to see not just be number one in CRM, but we’re going to be the number one enterprise software applications company in the world passing SAP.” The seven core product areas Salesforce compete are combining to create a TAM growing at an 11% CAGR between 2021 and 2025.
Apple, Alphabet, Amazon, Microsoft, and Tesla are considered the five most innovative companies, according to BCG’s analysis of the 50 most innovative companies of 2021.
Abbott Labs, AstraZeneca, Comcast, Mitsubishi, and Moderna join the top 50 most innovative companies for the first time this year.
The fastest movers include Toyota, who jumped from 41st to 21st; Salesforce, who jumped from 35th to 22nd; and Coca-Cola, who jumped from 48th to 28th.
90% of companies that outperform on innovation outcomes demonstrate clear C-suite ownership of the innovation agenda.
These and many other insights are from the Boston Consulting Group’s (BCG) 15th annual report defining the world’s 50 most innovative companies in 2021. BCG surveyed 1,500 global innovation executives and found a 10% point increase, to 75%, in executives reporting that innovation is a top-three priority at their companies today. That’s the most significant year-over-year increase in the 15 global innovation surveys BCG has conducted since 2005. BCG’s Most Innovative Companies 2021: Overcoming the Innovation Readiness Gap is available for download free here (28 pp., PDF). This years’ report methodology focuses on identifying the factors causing a large innovation readiness gap between the world’s most innovative companies and their peers across industries. Please see page 23 of the study for the methodology.
Key insights from BCGs’ most innovative companies of 2020 include the following:
Creating a new COVID-19 vaccine in less than a year, inventing test kits in weeks to protect public health, and redefining online shopping and safe home delivery reflect the versatility of the world’s most innovative companies in 2021. Pzifer, Moderna, and Merck & Company’s innate ability to innovate gave everyone a decade of their lives back. Delivering a vaccine in a year when the initial projection was a decade reflects the innovative efficiency of these companies. 2021 is the first year Abbott Labs, who invented and scaled the production of COVID-19 test kits, is included in the 50 most innovative companies worldwide. Amazon and Walmart’s logistics and e-commerce expertise helped ensure safe online shopping and fast home delivery was available to millions of people under stay-at-home orders.
Five factors most differentiate the most and least innovative companies. The basis of BCG’s methodology to identify the 50 most innovative companies in 2021 centers on their innovation-to-impact (i2i) framework. The framework is designed to help companies measure the readiness of their innovation programs to operate at a consistently high level of efficiency and effectiveness. The BCG i2i scoring system identified five factors that most differentiate innovative company leaders and laggards. The five factors that best indicate how innovative a company has the potential to be are shown in the following graphic:
Lack of collaboration between sales, marketing & R&D is the major obstacle to innovation. 31% of all companies surveyed see poor collaboration between marketing and R&D as the most significant obstacle to improving the return on their innovation investments. According to BCG, the collaboration between marketing, sales, and R&D is the most challenging in the Pharmaceutical industry, where 42% of respondents say it’s the biggest hurdle to achieving more significant returns on innovation.
Digital transformation of the core business is now a top priority for 75% of CEOs, and 65% of firms are doubling down on their plans for transformation with renewed urgency. BCG identified six success factors that together—and only together—flip the odds of digital transformation success from 30% to 80%. Those six success factors are close integration of digital strategy with the business strategy, commitment from the CEO through middle management, a talent core of digital superstars, business-led and flexible technology and data platforms, agile governance, and effective monitoring of progress toward defined outcomes.
Companies that know how to collaborate quickly between customer and R&D teams have an inside edge on being innovation leaders. The world’s most innovative companies also have senior management teams committed to the long-term success of nascent, unproven programs. There’s greater tolerance for risk, more of a focus on customers first and innovating around their needs, and an intuitive sense of how to close innovation gaps that hold other companies back.
Worldwide end-user spending on public cloud services is forecast to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion in 2020.
Garter predicts worldwide end-user spending on public cloud services will jump from $242.6B in 2019 to $692.1B in 2025, attaining a 16.1% Compound Annual Growth Rate (CAGR).
Spending on SaaS cloud services is predicted to reach $122.6B this year, growing to $145.3B next year, attaining 19.3% growth between 2021 and 2022.
These and many other insights are from Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 23% in 2021. The pandemic created the immediate need for virtual workforces and cloud resources to support them at scale, accelerating public cloud adoption in 2020 with momentum continuing this year. Containerization, virtualization, and edge computing have quickly become more mainstream and are driving additional cloud spending. Gartner notes that CIOs face continued pressures to scale infrastructure that supports moving complex workloads to the cloud and the demands of a hybrid workforce.
Key insights from Gartner’s latest forecast of public cloud end-user spending include the following:
36% of all public cloud services revenue is from SaaS applications and services this year, projected to reach $122.6B with CRM being the dominant application category. Customer Experience and Relationship Management (CRM) is the largest SaaS segment, growing from $44.7B in 2019 to $99.7B in 2025, attaining a 12.14% CAGR. SaaS-based Enterprise Resource Planning (ERP) systems are the second most popular type of SaaS application, generating $15.7B in revenue in 2019. Gartner predicts SaaS-based ERP sales will reach $35.8B in 2025, attaining a CAGR of 12.42%.
Desktop as a Service (DaaS) is predicted to grow 67% in 2021, followed by Infrastructure-as-a-Service (IaaS) with a 38.5% jump in revenue. Platform-as-a-Service (PaaS) is the third-fastest growing area of public cloud services, projected to see a 28.3% jump in revenue this year. SaaS, the largest segment of public cloud spending at 36.9% this year, is forecast to grow 19.3% this year. The following graphic compares the growth rates of public cloud services between 2020 and 2021.
In 2021, SaaS end-user spending will grow by $19.8B, creating a $122.6B market this year. IaaS end-user spending will increase by $22.7B, the largest revenue gain by a cloud service in 2021. PaaS will follow, with end-user spending increasing $13.1B this year. CIOs and the IT teams they lead are investing in public cloud infrastructure to better scale operations and support virtual teams. CIOs from financial services and manufacturing firms I’ve recently spoken with are accelerating cloud spending for three reasons. First, create a more virtual organization that can scale; second, extend the legacy systems’ data value by integrating their databases with new SaaS apps; and third, an urgent need to improve cloud cybersecurity.
CIOs and the organizations they serve are prioritizing cloud infrastructure investment to better support virtual workforces, supply chains, partners, and service partners. The CIOs I’ve spoken with also focus on getting the most value out of legacy systems by integrating them with cloud infrastructure and apps. As a result, cloud infrastructure investment starting with IaaS is projected to see end-user spending increase from $82B this year to $223B in 2025, growing 38.5% this year alone. End-user spending on Database Management Systems is projected to lead all categories of PaaS through 2025, increasing from $31.2B this year to $84.8B in 2025. The following graphic compares cloud services forecasts and growth rates:
Sage Intacct, Oracle ERP Cloud, and Microsoft Dynamics 365 ERP are the three highest-rated ERP systems by their users.
86% of Unit4 ERP users say their CRM system is the best of all vendors in the study. The survey-wide satisfaction rating for CRM is 73%, accentuating Unit4 ERP’s leadership in this area.
85% of Ramco ERP Suite users say their ERP systems’ analytics and reporting is the best of all 22 vendors evaluated.
These and many other insights are from SoftwareReview’s latest customer rankings published recently in their Enterprise Data Quadrant Report, Enterprise Resource Planning, April 2021. The report is based entirely on attitudinal data captured from verified owners of each ERP system reviewed. 1,179 customer reviews were completed, evaluating 22 vendors. SoftwareReviews is a division of the world-class IT research and consulting firm Info-Tech Research Group. Their business model is based on providing research to enterprise buyers on subscription, alleviating the need to be dependent on vendor revenue, which helps them stay impartial in their many customer satisfaction studies. Key insights from the study include the following:
Sage Intacct, Oracle ERP Cloud, Microsoft Dynamics 365 ERP, Acumatica Cloud ERP, Unit4 ERP and FinancialForce ERP are most popular with their users. SoftwareReview found that these six ERP systems have the highest Net Emotional Footprint scores across all ERP vendors included in the study. The Net Emotional Footprint measures high-level user sentiment. It aggregates emotional response ratings across 25 questions, creating an indicator of overall user feeling toward the vendor and product. The following quadrant charts the results of the survey:
80% of Acumatica Cloud ERP users say their system helps create more business value, leading all vendors on this attribute. How effective an ERP system is at adapting to support new business and revenue models while providing greater cost visibility is the essence of how they deliver business value. The category average for this attribute is 75%. Of the 22 vendors profiled, 12 have scores at the average level or above, indicating many ERP vendors are focusing on these areas to improve the business case of adopting their systems.
86% of Sage Intacct ERP users say their system excels at ease of implementation, leading all vendors in the comparison by a wide margin. Implementing a new ERP system can be a costly and time-consuming process as it involves extensive training, change management, and integration. Ease of Implementation received a category score of 75% across the 22 vendors, indicating ERP vendors are doubling down investments to improve this area. Just 11 of the 22 ERP vendors scored above the category average.
LinkedIn is relying on a new methodology for the 2021 Top Companies Report. They’re basing the methodology has seven key pillars, each revealing an important element of career progression: the ability to advance, skills growth, company stability, external opportunity, company affinity, gender diversity, and educational background. LinkedIn provides an in-depth description of how they built their methodology here.
The 10 Best Companies To Grow Your Career In 2021
Amazon – According to LinkedIn, Amazon has built an innovative remote-onboarding system, and it has more than 30,000 openings now. The fastest-growing skills in demand at Amazon include User Experience Design (UED), Digital Illustration, and Interaction Design. LinkedIn’s analysis shows the most in-demand jobs are Health And Safety Specialist, Station Operations Manager, Learning Manager.
Alphabet, Inc – Planning to add at least 10,000 jobs in the U.S. alone and investing $7B in data centers and offices across 19 states, Alphabet grew revenue 47% last year, reaching $13B. According to LinkedIn, the most in-demand jobs are Digital Specialist, Field Sales Specialist, and Business Systems Analyst.
JPMorgan Chase & Co. – JPMorgan now offers 300 accredited skills and education programs to its workers, and the bank has been boosting wages for thousands of customer-facing roles to $16-$20 an hour. The most in-demand jobs include Market Specialist, Software Engineering Specialist, and Mortgage Underwriter.
AT&T – 2020 was a tough year for AT&T, increasing the urgency the company has to grow its wireless and WarnerMedia businesses. Due to the pandemic, the company had to close hundreds of stores. Fortunately, AT&T was able to help the employees affected by the closures to find new jobs. The most in-demand jobs are Service Analyst, Trading Analyst, and Investment Specialist.
Bank of America – Bank of America rose to the challenges of 2020, quickly redeploying almost 30,000 employees to assist in its role facilitating the government-backed Paycheck Protection Program. The most in-demand jobs are Trading Analyst, Investment Specialist, and Financial Management Analyst.
IBM – More than one-third of IBM’s revenue now comes from work related to cloud computing. The company’s Red Hat unit is a leading contributor to that growth, prizing skills such as Linux, Java, Python, and agile methodologies. IBM also is a leader in hiring autistic people through its Neurodiversity program. Most in-demand jobs include Back End Developer, Enterprise Account Executive, and Technical Writer.
Deloitte – Deloitte’s key activities span audit, assurance, tax, risk, and financial advisory work, as well as management consulting. It’s aiming to hire 19,000 people in the year ending May 29. Top recruiting priorities currently include cybersecurity, cloud computing, and analytics specialists.
Apple – LinkedIn finds that Apple is committed to building an inclusive culture. Over half of its new hires in the U.S. represent historically underrepresented groups in tech — and the company claims to have achieved pay equity in every country where it operates—looking for an in? Apple has nearly 3,000 open jobs in the U.S. right now, ranging from its “genius” role at its retail stores to executive assistants and software engineers.
EY – The accounting firm spent $450 million on employee training in 2020. And it is planning to hire over 15,000 people in the next year. With that much talent coming in, EY is focused on bringing in workers with diverse backgrounds, focusing on gender identity, race, and ethnicity, disability, LGBT+, and veterans. The most in-demand jobs include Strategy Director, Business Transformation Consultant, and Information Technology Consulting Manager.
Bottom Line: Customer revenue lifecycles are the lifeblood of any services business, making FinancialForce’s Spring 2021 release timely given the services-first revenue renaissance happening today.
The essence of an excellent services business is that it can consistently create expectations clients trust and the business regularly exceeds. Orchestrating the best people for a given project at the right time, tracking costs, revenue, and margin across all services revenue, including those associated with a client’s assets, is very challenging. Customer revenue lifecycles are in the data, yet no one can get to them because they’re hidden across multiple systems that aren’t integrated. Knowing how efficient a services business is at turning customer engagement into cash is what everyone needs to know, but no one can find. The challenge is equally as daunting for long-established services providers and those rushing into new services businesses to redefine themselves in the hope of profits that are more consistent and fewer price wars.
How Much Is Customer Engagement Is Worth?
Services businesses face the paradox of exceeding client expectations with every engagement but not knowing if extra time, resources, and staff invested are paying off with more revenue and profit. FinancialForce’s Spring 2021 release looks to solve this problem. What galvanizes the ERP, PSA, and platform announcements is a fresh intensity on customer centricity, both for the services business adopting the Spring 2021 release and the customers it’s intended to serve.
Knowing if and by how much a given customer engagement and its revenue lifecycle generate cash, and its potential is one of the core focus areas of the Spring 2021 release. It’s badly needed as many services are flying blind today, overcommitting resources for little return and too often losing control of client engagement and paying the price in lost margin and profits. FinancialForce sees that pain and wants to alleviate it with better financial visibility on all aspects of customer services revenue. FinancialForce aims to provide customer-centric financial reporting down to the revenue stream and costing measure level.
Key Takeaways From The Spring 2021 Release
Customer centricity seen through a financial lens is the cornerstone of FinancialForce’s latest release. One of the primary goals of this release is to update more applications to Salesforce Lightning to provide FinancialForce users with a more consistent user experience across all applications. Salesforce has been doubling down for years on Lightning and its user experience technologies, with FinancialForce reaping the benefits for over a decade. FinancialForce is transitioning their core Professional Services Automation (PSA), Billing, Accounting & Finance and Procurement, Order and Inventory Management to Lightning in this release in response to their customers wanting a consistent user experience across the entire FinancialForce suite of applications. The Spring 2021 release reflects how FinancialForce strives to provide a real-time understanding of customer lifetime value for their ERP and PSA customers.
Additional key takeaways include the following:
FinancialForce sees reducing days to close as one of the highest priorities they need to address today. The majority of new feature announcements center on how the days to close cycles can be streamlined, especially across multi-company and multisite locations across geographic and currency-specific regions of the world. Multi-company currency revaluation will help FinancialForce customers who operate across multiple geographies that operate in different currencies and will be especially useful for those clients creating new global channels and considering foreign acquisitions. Further showing the high priority they are putting on reducing days to close, the Spring 2021 release also includes automated eliminations, multi-company period close for software closes, which are designed to temporarily close out a financial report and revenue schedules that can provide a future view in revenues – a key factor in knowing customer revenue lifecycles.
New features and a new Lightning interface for Accounting, Billing Central, and Inventory Management simplifies complex transactions for users. FinancialForce has one of the most customer-driven product management teams in enterprise software. The depth of features they have added to inventory management, transactional and reconciliation processes for accounting, drop-ship use cases, and enhancements for adding products to billing contracts show how much FinancialForce is listening to customers.
AI-enhanced financial reporting that works with any Einstein data set. FinancialForce leads the Salesforce partner ecosystem when it comes to integrating Tableau CRM (formerly known as Einstein Analytics) into its platform. Now thirteen releases in, FinancialForce’s Spring 2021 release reflects the intuitive, adaptive intelligence that the product management team aims to achieve by integrating Einstein into their financial reporting workflows.
Professional Services Automation (PSA) Applications Including Resource Management, Project Management, and Time & Expense upgraded to Lightning. Transitioning three of the core PSA applications to Lightning will help broaden adoption and make them easier to upsell and cross-sell across the FinancialForce customer base. It will also help existing customers using these applications get new employees up to speed faster on them, given how much more streamlined Lightning is as an interface compared to previous versions.
Intelligent Staffing solves the complex challenges resource managers face when assigning the best possible associates to a given project. Designed to filter and intelligently rank potential resources based on region, practice, group skill sets, and availability, Intelligent Staffing is designed to get resource managers as close to an ideal match as possible for a given project’s requirements. This is a much-welcomed new feature by FinancialForce customers who are large-scale services providers as they’re facing the challenges of assigning the right person to the right project at the right time to ensure project success.
Integration of Salesforce AI’s Next Best Action (NBA) will raise the level of project expertise at scale across customers. Part of the customer centricity focus in Spring 2021 is focused on providing customers with new technologies and applications to share expertise and knowledge at scale. Next Best Action provides prescriptive guidance for the project manager and will see heavy use in new associate onboarding across services businesses and achieve greater corporate-wide learning at scale. This is consistent with the focus in the Spring 2021 release on bringing greater space and speed to mid-size and larger services customers.
FinancialForce defines customer engagement and centricity from a financial standpoint in the Spring 2021 release. Too often, services businesses commit to large-scale projects without a clear idea of the customer revenue lifecycle. With FinancialForce, they can stop and ask if the level of customer engagement they’re committing to is worth it or not – and if it isn’t, what needs to be done. FinancialForce is doubling down on user experience and accelerating time-to-close, two areas their customers want innovation to and look to them to deliver. Look for FinancialForce to scale out with more MuleSoft and Tableau integration scenarios, all aimed at capitalizing on their expertise developing on the Salesforce platform. There’s a bigger challenge to customer engagement on the horizon, and that’s providing a real-time view of financials across all customers with all available data across a business, making MuleSoft integration key to FinancialForce’s future growth.
There are a record number of 9,977 machine learning startups and companies in Crunchbase today, an 8.2% increase over the 9,216 startups listed in 2020 and a 14.6% increase over the 8,705 listed in 2019.
Artificial Intelligence (A.I.) and machine learning (ML)-related companies received a record $27.6 billion in funding in 2020, according to Crunchbase.
Of those A.I. and machine learning startups receiving funding since January 1, 2020, 62% are seed rounds, 31% early-stage venture rounds and 6.7% late-stage venture capital-funded rounds.
A.I. and machine learning startups’ median funding round was $4.4 million and the average was $29.8 million in 2020, according to Crunchbase.
Throughout 2020, venture capital firms continued expanding into new global markets, with London, New York, Tel Aviv, Toronto, Boston, Seattle and Singapore startups receiving increased funding. Out of the 79 most popular A.I. & ML startup locations, 15 are in the San Francisco Bay Area, making that region home to 19% of startups who received funding in the last year. Israel’s Tel Aviv region has 37 startups who received venture funding over the last year, including those launched in Herzliya, a region of the city known for its robust startup and entrepreneurial culture.
The following graphic compares the top 10 most popular locations for A.I. & ML startups globally based on Crunchbase data as of today:
Top 20 Machine Learning Startups To Watch In 2021
Augury – Augury combines real-time monitoring data from production machinery with AI and machine learning algorithms to determine machine health, asset performance management (APM) and predictive maintenance (PdM) to provide manufacturing companies with new insights into their operations. The digital machine health technology that the company offers can listen to the machine, analyze the data and catch any malfunctions before they arise. This enables customers to adjust their maintenance and manufacturing processes based on actual machine conditions. The platform is in use with HVAC, industrial factories and commercial facilities.
Alation – Alation is credited with pioneering the data catalog market and is well-respected in the financial services community for its use of A.I. to interpret and present data for analysis. Alation has also set a quick pace to evolving its platform to include data search & discovery, data governance, data stewardship, analytics and digital transformation. With its Behavioral Analysis Engine, inbuilt collaboration capabilities and open interfaces, Alation combines machine learning with human insight to successfully tackle data and metadata management challenges. More than 200 enterprises are using Alation’s platform today, including AbbVie, American Family Insurance, Cisco, Exelon, Finnair, Munich Re, New Balance, Pfizer, Scandinavian Airlines and U.S. Foods. Headquartered in Silicon Valley, Alation is backed by leading venture capitalists including Costanoa, Data Collective, Icon, Sapphire and Salesforce Ventures.
Algorithmia – Algorithmia’s expertise is in machine learning operations (MLOps) and helping customers deliver ML models to production with enterprise-grade security and governance. Algorithmia automates ML deployment, provides tooling flexibility, enables collaboration between operations and development and leverages existing SDLC and CI/CD practices. Over 110,000 engineers and data scientists have used Algorithmia’s platform to date, including the United Nations, government intelligence agencies and Fortune 500 companies.
Avora – Avora is noteworthy for its augmented analytics platform, making in-depth data analysis intuitively as easy as performing web searches. The company’s unique technology hides complexity, empowering non-technical users to run and share their reports easily. By eliminating the limitations of existing analytics, reducing data preparation and discovery time by 50-80% and accelerating time to insight, Avora uses ML to streamline business decision-making. Headquartered in London with offices in New York and Romania, Avora helps accelerate decision making and productivity for customers across various industries and markets, including Retail, Financial Services, Advertising, Supply Chain and Media and Entertainment.
Boast.ai – Focused on helping companies in the U.S. and Canada recover their R&D costs from respective federal governments, Boast.ai enables engineers and accountants to gain tax credits using AI-based tools. Some of the tax programs Boast.ai works with include US R&D Tax Credits, Scientific Research and Experimental Development (SR&ED) and Interactive Digital Media Tax Credits (IDMTC). The startup has offices in San Francisco, Vancouver and Calgary.
ClosedLoop.ai – An Austin, Texas-based startup, ClosedLoop.ai has created one of the healthcare industry’s first data science platforms that streamline patient experiences while improving healthcare providers’ profitability. Their machine learning automation platform and a catalog of pre-built predictive and prescriptive models can be customized and extended based on a healthcare provider’s unique population or client base needs. Examples of their technology applications include predicting admissions/readmissions, predicting total utilization & total risk, reducing out-of-network utilization, avoiding appointment no-shows, predicting chronic disease onset or progression and improving clinical documentation and reimbursement. The Harvard Business School, through its Kraft Precision Medicine Accelerator, recently named ClosedLoop.ai as one of the fastest accelerating companies in its Real World Data Analytics Landscapes report.
Databand – A Tel Aviv-based startup that provides a software platform for agile machine learning development, Databand was founded in 2018 by Evgeny Shulman, Joshua Benamram and Victor Shafran. Data engineering teams are responsible for managing a wide suite of powerful tools but lack the utilities they need to ensure their ops are running properly. Databand fills this gap with a solution that enables teams to gain a global view of their data flows, make sure pipelines complete successfully and monitor resource consumption and costs. Databand fits natively in the modern data stack, plugging seamlessly into tools like Apache Airflow, Spark, Kubernetes and various ML offerings from the major cloud providers.
DataVisor – DataVisor’s approach to using AI for increasing fraud detection accuracy on a platform level is noteworthy. Using proprietary unsupervised machine learning algorithms, DataVisor enables organizations to detect and act on fast-evolving fraud patterns and prevent future attacks before they happen. Combining advanced analytics and an intelligence network of more than 4.2B global user accounts, DataVisor protects against financial and reputational damage across various industries, including financial services, marketplaces, e-commerce and social platforms. They’re one of the more fascinating cybersecurity startups using AI today.
Exceed.ai – What makes Exceed.ai noteworthy is how their AI-powered sales assistant platform automatically communicates the lead’s context and enables sales and marketing teams to scale their lead engagement and qualification efforts accordingly. Exceed.ai follows up with every lead and qualifies them quickly through two-way, automated conversations with prospects using natural language over chat and email. Sales reps are freed from performing error-prone and repetitive tasks, allowing them to focus on revenue-generating activities such as phone calls and demos with potential customers.
Indico – Indico is a Boston-based startup specializing in solving the formidable challenge of how dependent businesses are on unstructured content yet lack the frameworks, systems and tools to manage it effectively. Indico provides an enterprise-ready A.I. platform that organizes unstructured content while streamlining and automating back-office tasks. Indico is noteworthy given its track record of helping organizations automate manual, labor-intensive, document-based workflows. Its breakthrough in solving these challenges is an approach known as transfer learning, which allows users to train machine learning models with orders of magnitude fewer data than required by traditional rule-based techniques. Indico enables enterprises to deploy A.I. to unstructured content challenges more effectively while eliminating many common barriers to A.I. & ML adoption.
LeadGenius – LeadGenius is noteworthy for its use of AI to provide personalized and actionable B2B lead information that helps its clients attain their global revenue growth goals. LeadGenius’s worldwide team of researchers uses proprietary technologies, including AI and ML-based techniques, to deliver customized lead generation, lead enrichment and data hygiene services in the format, methods and frequency defined by the customer. Their mission is to enable B2B sales and marketing organizations to connect with their prospects via unique and personalized data sets.
Netra – Netra is a Boston-based startup that began as part of MIT CSAIL research and has multiple issued and pending patents on its technology today. Netra is noteworthy for how advanced its video imagery scanning and text metadata interpretation are, ensuring safety and contextual awareness. Netra’s patented A.I. technology analyzes videos in real-time for contextual references to unsafe content, including deepfakes and potential cybersecurity threats.
Particle – Particle is an end-to-end IoT platform that combines software including A.I., hardware and connectivity to provide a wide range of organizations, from startups to enterprises, with the framework they need to launch IoT systems and networks successfully. Particle customers include Jacuzzi, Continental Tires, Watsco, Shifted Energy, Anderson EV, Opti and others. Particle is venture-backed and has offices in San Francisco, Shenzhen, Las Vegas, Minneapolis and Boston. Particle’s developer community includes over 200,000 developers and engineers in more than 170 countries today.
RideVision – RideVision was founded in 2018 by motorcycle enthusiasts Uri Lavi and Lior Cohen. The company is revolutionizing the motorcycle-safety industry by harnessing the strength of artificial intelligence and image-recognition technology, ultimately providing riders with a much broader awareness of their surroundings, preventing collisions and enabling bikers to ride with full confidence that they are safe. RideVision’s latest round was $7 million in November of last year, bringing their total funding to $10 million in addition to a partnership with Continental AG.
Savvie – Savvie is an Oslo-based startup specializing in translating large volumes of data into concrete actions that bakery and café owners can utilize to improve their bottom line every day. In doing so, we help food businesses make the right decisions to optimize their operations and increase profitability while reducing waste at its source. What’s noteworthy about this startup is how adept they are at fine-tuning ML algorithms to provide their clients with customized recommendations and real-time insights about their food and catering businesses. Their ML-driven insights are especially valuable given how bakery and café owners are pivoting their business models in response to the pandemic.
SECURITI.ai – One of the most innovative startups in cybersecurity, combining AI and ML to secure sensitive data in multi-cloud and mixed platform environments, SECURITI.ai is a machine learning company to watch in 2021, especially if you are interested in cybersecurity. Their AI-powered platform and systems enable organizations to discover potential breach risk areas across multi-cloud, SaaS and on-premise environments, protect it and automate all private systems, networks and infrastructure functions.
SkyHive – SkyHive is an artificial intelligence-based SaaS platform that aims to reskill enterprise workforces and communities. It develops and commercializes a methodology, Quantum Labor Analysis, to deliver real-time, skill-level insights into internal workforces and external labor markets, identify future and emerging skills and facilitate individual-and company-level reskilling. SkyHive is industry-agnostic and supporting enterprise and government customers globally with a mission to reduce unemployment and underemployment. Sean Hinton founded the technology company in Vancouver, British Columbia, in 2017.
Stravito – Stravito is an A.I. startup that’s combining machine learning, Natural Language Processing (NLP) and Search to help organizations find and get more value out of the many market research reports, competitive, industry, market share, financial analysis and market projection analyses they have by making them searchable. Thor Olof Philogène and Sarah Lee founded the company in 2017, who identified an opportunity to help companies be more productive, getting greater value from their market research investments. Thor Olof Philogène and Andreas Lee were co-founders of NORM, a research agency where both worked for 15 years serving multinational brands, eventually selling the company to IPSOS. While at NORM, Anders and Andreas were receiving repeated calls from global clients that had bought research from them but could not find it internally and ended up calling them asking for a copy. Today the startup has Carlsberg, Comcast, Colruyt Group, Danone, Electrolux, Pepsi Lipton and others. Stravito has offices in Stockholm (H.Q.), Malmö and Amsterdam.
Verta.ai – Verta is a startup dedicated to solving the complex problems of managing machine learning model versions and providing a platform to launch models into production. Founded by Dr. Manasi Vartak, Ph.D., a graduate of MIT, who led a team of graduate and undergraduate students at MIT CSAIL to build ModelDB, Verta is based on their work define the first open-source system for managing machine learning models. Her dissertation, Infrastructure for model management and model diagnosis, proposes ModelDB, a system to track ML-based workflows’ provenance and performance. In August of this year, Verta received a $10 million Series A round led by Intel Capital and General Catalyst, who also led its $1.7 million seed round. For additional details on Verta.ai, please see How Startup Verta Helps Enterprises Get Machine Learning Right. The Verta MLOps platform launch webinar provides a comprehensive overview of the platform and how it’s been designed to streamline machine learning models into production:
V7 – V7 allows vision-based A.I. systems to learn continuously from training data with minimal human supervision. The London-based startup emerged out of stealth in August 2018 to reveal V7 Darwin, an image labeling platform to create training data for computer vision projects with little or no human involvement necessary. V7 specializes in healthcare, life sciences, manufacturing, autonomous driving, agri-tech, sporting clients like Merck, GE Healthcare and Toyota. V7 Darwin launched at CVPR 2019 in Long Beach, CA. Within its first year, it has semi-automatically annotated over 1,000 image and video segmentation datasets. V7 Neurons is a series of pre-trained image recognition applications for industry use. The following video explains how V7 Darwin works:
76% of enterprises increased their use of endpoint devices since the beginning of the COVID-19 pandemic, supporting their remote, work-from-home (WFH) and hybrid workforces globally.
66% of enterprises believe securing their networks and infrastructure requires a more focused, proactive approach to endpoint resilience that doesn’t leave endpoint security to chance.
Cybersecurity leader’s top challenges today are maintaining compliance, enforcing security standards, and understanding the health of security controls on each endpoint.
Just 38% of IT leaders can track the ROI of their cybersecurity investments, accentuating the need for more resilient, persistent endpoints that provide greater visibility and control.
These and many other fascinating insights are from Forrester Consulting’s latest study on endpoint security, Take Proactive Approach To Endpoint Security, completed in collaboration with Absolute Software. The study is noteworthy for its impartial, accurate view of the current state of endpoint security and the challenges IT teams face in creating greater endpoint resilience. The study’s methodology is based on 157 interviews with IT and security professionals located in the U.S. and Canada who are decision-makers in endpoint protection, with interviews completed in November and December 2020.
Key insights from the study include the following:
Security leaders are reprioritizing endpoint automation efforts with a strong focus on sensitive or at-risk data. In 2021 automation efforts will focus on sensitive or at-risk data (60%), geolocation (52%), security control health (48%), web-based application usage (36%), patch management (35%), and hardware inventory (32%). Each of these technologies is integral to supporting remote workers. There’s also a significant shift from how automation strategies were prioritized before the pandemic, as the graphic from the study below illustrates:
Maintaining compliance, enforcing security standards, understanding security controls’ health, and measuring security investments are the top challenges to managing endpoint security today. The majority of enterprises, 59%, cannot maintain or prove compliance of endpoints at any given time. Lack of compliance drags down the efficiency of endpoint security efforts, making an entire network more vulnerable. Just over half of enterprises can’t enforce security standards across endpoints or don’t know today’s health. The most surprising finding of the study: 62% of enterprises cannot measure the ROI of their security investments – with half (31%) – strongly disagreeing with how measurable security ROI spend is.
Enterprises see four key areas where endpoint management could improve today. Forrester asked enterprise IT and security leaders which capabilities need to be added to endpoint management systems to make them more effective. The executives first focused on securing sensitive and at-risk data, a sure sign enterprises are moving to a more data-centric cybersecurity model in the future. That’s good news as cyber attackers want to penetrate software supply chains and take control of systems managing data assets. Managing devices remotely at scale is second, which is also a frequent challenge IT and security teams encounter when attempting to patch endpoints. Having an unbreakable digital tether to devices is solving the scale issue while also providing greater endpoint resiliency, visibility, and control.
The pandemic forced every business to become more innovative in supporting work-from-home and hybrid work environments, improving endpoint security an immediate priority. What’s needed is an unbreakable digital tether to all devices, capable of delivering complete visibility and control, enabling real-time insights into the state of those devices, and allowing them to repair security controls and productivity tools autonomously. Of the many solutions available for securing endpoints today, the ones that take a firmware-embedded approach to secure endpoints are proving the most reliable. The more integrated an endpoint is to firmware, the more likely self-healing agents will be reliable while also providing complete visibility across every device on or off the network. Absolute’s firmware-embedded approach is noteworthy in its track record of securing endpoints during the pandemic.
Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today.
22,156 startups who either compete in or rely on cybersecurity, security and privacy technologies and solutions as a core part of their business models today, 122 have pre-seed or seed funding in the last twelve months based on a Crunchbase Pro query.
From network and data security to I.T. governance, risk measurement, and policy compliance, cybersecurity is a growing industry estimated to be worth over $300B by 2025, according to C.B. Insight’s Emerging Trends Cybersecurity Report downloadable here.
Today, 680 cybersecurity, privacy, and security startups have received $6.8 billion in funding over the last twelve months, with $4 million being the median funding round and $12.6 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 20 cybersecurity startups are all based on Crunchbase Pro analysis done today.
The 20 Best Cybersecurity Startups To Watch In 2021
Based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets, the following are the top 20 cybersecurity startups to watch in 2021:
Axis Security – Axis Security’s Application Access Cloud™ is a purpose-built cloud-based solution that makes application access across networks scalable and secure. Built on zero-trust, Application Access Cloud offers a new agentless model that connects users online to any application, private or public, without touching the network or the apps themselves. Axis Security is a privately held company backed by Canaan Partners, Ten Eleven Ventures, and Cyberstarts. Axis is headquartered in San Mateo, California, with research and development in Tel Aviv, Israel.
Bitglass – What makes Bitglass unique and worth watching is how they are evolving their Total Cloud Security Platform to combine cloud access security brokerage, on-device secure web gateways, and zero-trust network access to secure endpoints across all devices. Its Polyscale Architecture is delivering uptimes of 99.99% in customer deployments. Bitglass’s 2020 Insider Threat Report has several interesting insights based on their recent interviews with a leading cybersecurity community. One interesting takeaway is 61% of those surveyed experienced an insider attack in the last 12 months (22% reported at least six).
Cado Security – Cado Security’s cloud-native forensics and response platform helps organizations respond to security incidents in real-time, averting potential breaches and security incidents. The Cado Response platform is built on analytics components that perform thorough forensic analyses of compromised systems. Cado’s platform, Cado Response, is an agentless, cloud-native forensics solution that allows security professionals to quickly and comprehensively understand an incident’s impact across all environments, including cloud and containers as well as on-premise systems. “Finding the root cause of security incidents in cloud or container environments is incredibly difficult. Traditional tools don’t support these new environments, and there is a shortage of people who know both forensics and cloud security,” said CEO James Campbell, formerly Director, Cyber Threat Detection and Response at PricewaterhouseCoopers. “Our Cado Response platform completely changes how security professionals can respond to incidents in the cloud.”
Confluera – Originally mentioned as one of the 20 Best Cybersecurity Startups To Watch In 2020, Confluera’s sustained innovation pace in the middle of a pandemic deserves special mention. They are one of the most resilient startups to watch in 2021.Confluera is a cybersecurity startup helping organizations find sophisticated security attacks going on inside of corporate infrastructures. The startup delivers autonomous infrastructure-wide cyber kill chain tracking and response by leveraging the ‘Continuous Attack Graph’ to stop and remediate cyber threats in real-time deterministically. Confluera’s platform is designed to detect and prevent attackers from navigating infrastructure. Confluera technology combines machine comprehended threat detection with accurately tracked activity trails to stop cyberattacks in real-time, allowing companies to simplify security operations radically. It frees up human security personnel to focus on more important work instead of spending hours trying to join the dots between the thousands of alerts they receive daily, many of which are false positives. The following is a video that explains how Confluera XDR for Cloud Infrastructure works:
DataFleets – DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance. The platform provides data scientists and developers with a “data fleet” that allows them to create analytics, ML models, and applications on susceptible data sets without direct access to the data. Each data fleet has easy-to-use APIs, and under-the-hood, they ensure data protection using advances in federated computation, transfer learning, encryption, and differential privacy. DataFleets helps organizations overcome data privacy and innovation struggle by maintaining data protection standards for compliance while accelerating data science initiatives.
DefenseStorm – DefenseStorm’s unique approach to providing cybersecurity and cyber-compliance for the banking industry make them one of the top startups to watch in 2021. Their DefenseStorm GRID is the only co-managed, cloud-based and compliance-automated solution of its kind for the banking industry. It monitors everything on a bank’s network. It matches it to defined policies for real-time, complete and proactive cyber exposure readiness, keeping security teams and executives updated on bank networks’ real-time security status. The company’s Threat Ready Active Compliance (TRAC) Team augments its bank customers’ internal teams to protect business continuity and skills availability while ensuring cost-effective coverage and management.
Enso Security – Enso is an application security posture management (ASPM) platform startup known for the depth of its insights and expertise in cybersecurity. With Enso, software security groups can scale and gain control over application security programs to protect applications systematically. The Enso ASPM platform discovers application inventory, ownership, and risk to help security teams quickly build and enforce security policies and transform AppSec into an automated, systematic discipline.
Ethyca – Ethyca is an infrastructure platform that provides developers and product teams with the ability to ensure consumer data privacy throughout applications and services design. It also provides your product, engineering, and privacy teams with unmatched ease of use and functionality to better care about your user’s data. The company helps companies discover sensitive data and then provides a mechanism for customers to delete, see, or edit their data from the system. Ethyca’s mission is to increase trust in data-driven business by building automated data privacy infrastructure. Ethyca’s founder and CEO Cillian Kiernan is a fascinating person to speak with on the topics of privacy, security, GDPR, and CCPA compliance. He continues to set a quick pace of innovation in Ethyca, making this startup one of the most interesting in data privacy today. Here’s an interview he did earlier this year with France 24 English:
Havoc Shield – Havoc Shield reduces the burden on small and medium businesses (SMBs) by giving them access to advanced security technology that protects against data breaches, phishing, dark web activity, and other threats. The Havoc Shield platform offers comprehensive security and compliance features that meet the standards of Fortune 100 companies, making it easier for businesses working to win deals with those companies. “For a long time, cybersecurity technology has been virtually inaccessible to small businesses, who largely can’t afford those resources,” said Brian Fritton, CEO and co-founder of Havoc Shield. “We created Havoc Shield because we believe in democratizing cybersecurity for the little guy. Small businesses deserve the ability to protect what they’ve built, just as much as larger companies that have dedicated cybersecurity staff.” Since the end of Q2 2020, Havoc Shield has quadrupled its client list. In the coming months, the company aims to grow its team to help more small businesses protect themselves from threats and achieve customer trust.
Illumio – Widely considered the leader in micro-segmentation that prevents the spread of breaches inside data centers and cloud environments, Illumio is one of the most interesting cybersecurity startups to watch in 2021. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. The following video explains why Illumio Core is a better approach to segmentation.
Immuta – Immuta was founded in 2015 based on a mission within the U.S. Intelligence Community to build a platform that accelerates self-service access to and control sensitive data. The Immuta Automated Data Governance platform creates trust across data engineering, security, legal, compliance, and business teams to ensure timely access to critical data with minimal risk while adhering to global data privacy regulations GDPR, CCPA, and HIPAA. Immuta’s automated, scalable, no-code approach makes it easy for users to access the data they need when they need it while protecting sensitive information and ensuring customer privacy. Selected by Fast Company as one of the World’s 50 Most Innovative Companies, Immuta is headquartered in Boston, MA, with offices in College Park, MD, and Columbus, OH.
Isovalent – Isovalent makes software that helps enterprises connect, monitor and secure mission-critical workloads in modern, cloud-native ways. Its flagship technology, Cilium, is the choice of leading global organizations, including Adobe, Capital One, Datadog, GitLab, and many more. Isovalent is headquartered in Mountain View, CA, and is backed by Andreessen Horowitz, Google and Cisco Investments. Earlier this month, Isovalent announced that it had raised $29 million in Series A funding, led by Andreessen Horowitz and Google with participation from Cisco Investments. Google recently selected Cilium as the next-generation dataplane for its GKE offering calling Cilium “the most mature eBPF implementation for Kubernetes out there” in its “New GKE Dataplane V2 increases security and visibility for containers” blog: https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine.
JupiterOne – JupiterOne, Inc. reduces cloud security cost and complexity, replacing guesswork with granular data about cyber assets and configurations. The company’s software helps security operations teams shorten the path to security and compliance and improve their overall posture through continuous data aggregation and relationship modeling across all assets. JupiterOne customers include Reddit, Databricks, HashiCorp, Addepar, Auth0, LifeOmic, and OhMD. Earlier this year, JupiterOne received $19 million in venture funding. The Series A round was led by Bain Capital Ventures, with additional investment from Rain Capital, LifeOmic, and individual investors. “JupiterOne has developed a compelling product that integrates quickly, has applicability across enterprise segments, and is highly reviewed by current customers,” said Enrique Salem, partner at Bain Capital Ventures and former CEO at Symantec. Salem now joins the JupiterOne board. “We see a multibillion-dollar market opportunity for this technology across mid-market and enterprise customers. Asset management is the first step in building a successful security program, and it’s currently a tedious, imperfect process that’s well-suited for automation.”
Lightspin – Lightspin is a pioneer in contextual cloud security protecting native, Kubernetes, and microservices from known and unknown risks and has recently announced a $4 million seed funding round on November 24th. They will use the proceeds of the round to finance continued R&D on how to secure cloud infrastructures. The financing round was led by Ibex Investors LLC, the firm’s first global investment from its new $100 million early-stage fund, and also included participation from private angel investors. Lightspin’s technology uses graph-based tools and algorithms to provide rapid, in-depth visualizations of cloud stacks, analyze potential attack paths and detect the root causes, all of which are the most critical vulnerabilities that attackers can exploit.
Orca Security – Orca Security is noteworthy for its innovative approach to providing instant-on, workload-deep security for AWS, Azure, and GCP without the gaps in agents’ coverage and operational costs.Orca integrates cloud platforms as an interconnected web of assets, prioritizing risk based on environmental context. Delivered as SaaS, Orca Security’s patent-pending SideScanning™ technology reads cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII.
SECURITI.ai – SECURITI.ai is an AI-Powered PrivacyOps company that helps automate all significant functions needed for privacy compliance on a single platform. It enables enterprises to grant individual and group rights to data and comply with global privacy regulations like CCPA and bolster their brands. They collect and manage consent from multiple sources, including web properties, web forms, and SaaS applications. Their AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. SECURITI.ai was founded in November 2018 and is headquartered in San Jose, California.
SecureStack – SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing them to become security experts. The results are faster time to business and a 60%-70% reduction in the app attack surface.
The SecureStack platform’s intelligent automation manages security controls across distributed infrastructures using rules and profiles customizable by customers. SecureStack is noteworthy for its analytics and logging expertise in helping enterprises scale applications across cloud infrastructures.
Stairwell – What makes Stairwell one of the top startups to watch in 2021 is its unique approach to cybersecurity built around a vision that all security teams should be able to determine what alerts are threat-related or not and why. Mike Wiacek, the founder of Google’s Threat Analysis Group and co-founder and former Chief Security Officer of Alphabet moonshot Chronicle, leads the company as its CEO and founder. Wiacek is joined by Jan Kang, former Chief Legal Officer at Chronicle, as COO and General Counsel. Stairwell is backed by Accel Venture Partners, Sequoia Capital, Gradient Ventures, and Allen & Company LLC.
Ubiq Security – What makes Ubiq Security one of the top cybersecurity startups to watch in 2021 is how rapidly their API-based developer platform is maturing while gaining traction in the market. Ubiq Security recently signed commercial agreements with the United States Army and the Department of Homeland Security. This month, the startup announced it had raised $6.4 million in a seed equity investment round. Okapi Venture Capital, an early investor in Crowdstrike, led the round with participation from TenOneTen Ventures, Cove Fund, DLA Piper Venture, Volta Global, and Alexandria Venture Investments. Ubiq will use the funds to accelerate platform development, developer relations, and customer acquisition.
Unit21 – Unit21 helps protect businesses against adversaries through a simple API and dashboard to detect and manage money laundering, fraud, and other sophisticated risks across multiple industries. Former Affirm and Shape Security employees Trisha Kothari and Clarence Chio founded Unit21 in 2018 and work with customers like Intuit, Coinbase, Gusto, and Line to create a powerful & customizable rules engine for risk and compliance teams. Unit21’s highly flexible, customizable, and intelligent cloud-based system provides a configurable engine for transaction monitoring, identity verification, case management, operations management, and analytics and reporting. On October 19th of this year, Unit21 announced a $13 million funding round led by A.Capital Ventures. Additional participation includes investors such as Gradient Ventures (Google’s A.I. venture fund), Core V.C., South Park Commons, Diane Greene (founder of VMWare), William Hockey (founder of Plaid), Chris Britt and Ryan King (founders of Chime), Sumit Agarwal (founder of Shape Security), and Michael Vaughan (former COO of Venmo). Unit21 will use the new capital to grow its product and distribution-focused management team, increase sales and marketing efforts, and sell into new industries.
Bottom Line: Today’s largely-distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.
There’s a looming paradox facing nearly every organization today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity. Whether there’s the need to retire hardware as part of down-sizing or cost-cutting measures, or the need to equip virtual teams with newer equipment more suitable for long term work-from-home scenarios, this is one of the most pressing issues facing CISOs and CIOs today.
Wanting to learn more about how their customers are tackling their endpoint security challenges and how their companies are helping to solve it, I sat down (virtually) with Absolute Software’s President and CEO Christy Wyatt and Matthew Zielinski, President of North America Intelligent Devices Group at Lenovo. The following is my interview with both of them:
Louis Columbus:Christy and Matt, thanks so much for your time today. To get started, I would like each of you to share what you’re hearing from your customers regarding their plans to refresh laptops and other endpoint devices in 2021.
Christy Wyatt: We’re seeing a strong desire from organizations to ensure that every individual is digitally enabled, and has access to a screen. In some cases, that means refreshing the hardware they already have in the field, and in other cases, that means buying or adding devices. From the endpoint security standpoint, there’s been a shift in focus around which tools matter the most. When laptops were primarily being used on campus, there was a certain set of solutions to monitor those devices and ensure they remained secure. Now that 90% of devices are out of the building, an entirely different set of capabilities is required – and delivering those has been our focus.
Matt Zielinski: We are seeing historic levels of demand from consumers, as many are transitioning from having maybe one or two devices per household to at least one device per person. We’re also seeing the same levels of demand on both the education and enterprise side. The new dynamic of work-from-anywhere, learn-from-anywhere, collaborate-from-anywhere underscores that the device hardware and software need to be current in order to support both the productivity and security needs of hugely distributed workforces. That’s our highest priority.
Louis: Where are CISOs in their understanding, evaluation, and adoption of endpoint security technologies?
Christy: The journey has been different for the education market than for the enterprise market. Most enterprise organizations were already on the digital path, with some percentage of their population already working remotely. And because of this, they typically have a more complex security stack to manage; our data shows that the total number of unique applications and versions installed on enterprise devices is nearly 1.5 million. What they’ve seen is a trifecta of vulnerabilities: employees taking data home with them, accessing it on unsecured connections, and not being aware of how their devices are protected beyond the WiFi connection and the network traffic.
In the education space, the challenges – and the amount of complexity – are completely different; they’re managing just a small fraction of that total number of apps and versions. That said, as the pandemic unfolded, education was hit harder because they were not yet at a point where every individual was digitally connected. There was a lot of reliance on being on campus, or being in a classroom. So, schools had to tackle digital and mobile transformation at the same time – and to their credit, they made multiple years of progress in a matter of weeks or months. This rapid rate of change will have a profound effect on how schools approach technology deployments going forward.
Matt: Whether in enterprise or education, our customers are looking to protect three things: their assets, their data, and their users’ productivity. It’s a daunting mission. But, the simplest way to accomplish it is to recognize the main control point has changed. It’s no longer the server sitting behind the firewall of your company’s or school’s IT environment. The vulnerability of the endpoint is that the network is now in the user’s hands; the edge is now the primary attack surface. I think CISOs realize this, and they are asking the right questions… I just don’t know if everyone understands the magnitude or the scale of the challenge. Because the problem is so critical, though, people are taking the time to make the right decisions and identify all the various components needed to be successful.
Louis: It seems like completing a laptop refresh during the conditions of a pandemic could be especially challenging, given how entire IT teams are remote. What do you anticipate will be the most challenging aspects of completing a hardware refresh this year (2021)?
Matt: The PC has always been a critical device for productivity. But now, without access to that technology, you are completely paralyzed; you can’t collaborate, you can’t engage, you can’t connect. Lenovo has always been focused on pushing intelligent transformation as far as possible to get the best devices into the hands of our customers. Beyond designing and building the device, we have the ability to distribute asset tags and to provide a 24/7 help desk for our customers whether you’re a consumer, a school, or a large institution. We can also decommission those devices at the end, so we’re able to support the entire journey or lifecycle.
The question has really become, how do you deliver secure devices to the masses? And, we’re fully equipped to do that. For example, every Lenovo X1 Carbon laptop comes out of the box with Lenovo Security Assurance, which is actually powered by Absolute; it is in our hardware. Our customers can open a Lenovo PC, and know that it is completely secure, right out of the box. Every one of our laptops is fortified with Absolute’s Persistence technology and self-healing capabilities that live in the BIOS. It’s that unbreakable, secure connection that makes it possible for us to serve our customers throughout the entire lifecycle of device ownership.
Louis:Why are the legacy approaches to decommissioning assets falling short / failing today? How would you redesign IT asset-decommissioning approaches to make them more automated, less dependent on centralized IT teams?
Christy: There have been a few very visible cases over the past year of highly regulated organizations, experiencing vulnerabilities because of how they decommissioned – or did not properly decommission – their assets. But, I don’t want anyone to believe that that this is a problem that is unique to regulated industries, like financial services. The move to the cloud has given many organizations a false sense of security, and it seems that the more data running in the cloud, the more pronounced this false sense of security becomes. It’s a mistaken assumption to think that when hardware goes missing, the security problem is solved by shutting down password access and that all the data is protected because it is stored in the cloud. That’s just not true. When devices aren’t calling in anymore, it’s a major vulnerability – and the longer the device sits without being properly wiped or decommissioned, the greater the opportunity for bad actors to take advantage of those assets.
The other piece that should be top of mind is that once a device is decommissioned, it’s often sold. We want to ensure that nothing on that device gets passed on to the next owner, especially if it’s going to a service or leasing program. So, we’ve concentrated on making asset decommissioning as precise as possible and something that can be done at scale, anytime and anywhere.
Matt: Historically, reclaiming and decommissioning devices has required physical interaction. The pandemic has limited face-to-face encounters, so , we’re leveraging many different software solutions to give our customers the ability to wipe the device clean if they aren’t able to get the asset back in their possession, so that at least they know it is secure. Since we’re all now distributed, we’re looking at several different solutions that will help with decommissioning, several of which are promising and scale well given today’s constraints. Our goal is to provide our enterprise customers with decommissioning flexibility, from ten units to several thousand.
Louis:Paradoxically, having everyone remote has made the business case for improving endpoint security more compelling too. What do you hear from enterprises about accelerating digital transformation initiatives that include the latest-generation endpoint devices?
Christy: The same acceleration that I spoke about on the education side, we absolutely see on the enterprise side as well, and with rapid transformation comes increased complexity. There has been a lot of conversation about moving to Zero Trust, moving more services to the cloud and putting more controls on the endpoint – and not having these sort of layers in between. Our data tells us that the average enterprise device today has 96 unique applications, and at least 10 of them are security applications. That is a massive amount of complexity to manage. So, we don’t believe that adding more controls to the endpoint is the answer; we believe that what’s most important is knowing the security controls you have are actually working. And we need to help devices and applications become more intelligent, self-aware, and capable of fixing themselves. This concept of resiliency is the cornerstone of effective endpoint security, and a critical part of the shift to a more modern security architecture.
Matt: I think there are two major forcing functions: connection and security. Because we are all now remote, there’s a huge desire to feel connected to one another even though we aren’t sitting in the same room together. We’re modifying our products in real-time with the goal of removing shared pain points and optimizing for the new reality in which we’re all living and working. Things like microphone noise suppression and multiple far field microphones, so that if the dog barks or kids run into a room, the system will mute before you’ve even pressed the mute button. We’re improving camera technology from a processing standpoint to make things look better. Ultimately, our goal is to provide an immersive and connected experience.
Security, however, transcends specific features that deliver customer experiences – security is the experience. The features that make hardware more secure are those that lie beneath the operating system, in the firmware. That is why we have such a deep network of partners, including Absolute. Because you need to have a full ecosystem, and a program that takes advantage of all the best capabilities, in order to deliver the best security solution possible.
Louis:How is Absolute helping enterprise customers ensure greater endpoint security and resiliency in 2021 and beyond?
Christy: We spend a lot of time sitting with customers to understand their needs and how and where we can extend our endpoint security solutions to fit. We believe in taking a layered approach – which is the framework for defense in-depth, and an effective endpoint security strategy. The foundational piece, which we are able to deliver, is a permanent digital tether to every device; this is the lifeline. Not having an undeletable connection to every endpoint means you have a very large security gap, which must be closed fast. A layered, persistence-driven approach ensures our customers know their security controls are actually working and delivering business value. It enables our customers to pinpoint where a vulnerability is and take quick action to mitigate it.
Lenovo’s unique, high value-add approach to integrated security has both helped drive innovation at Absolute, while also providing Lenovo customers the strongest endpoint security possible. Their multilayer approach to their endpoint strategy capitalizes on Absolute’s many BIOS-level strengths to help their customers secure every endpoint they have. As our companies work together, we are both benefitting from a collaboration that seeks to strengthen and enrich all layers of endpoint security. Best of all, our shared customers are the benefactors of this collaboration and the results we are driving at the forefront of endpoint security.
Louis:How has the heightened focus on enterprise cybersecurity in general, and endpoint security specifically, influenced Lenovo’s product strategy in 2021 and beyond?
Matt: We have always been focused on our unique cybersecurity strengths from the device side and making sure we have all of the control points in manufacturing to ensure we build a secure platform. So, we’ve had to be open-minded about endpoint security, and diligent in envisioning how potential vulnerabilities and attack strategies can be thwarted before they impact our customers. Because of this mindset, we’re fortunate to have a very active partner community. We’re always scouring the earth for the next hot cybersecurity technology and potential partner with unique capabilities and the ability to scale with our model. This is a key reason we’ve standardized on Absolute for endpoint security, as it can accommodate a wide breadth of deployment scenarios. It’s a constant and very iterative process with a team of very smart people constantly looking at how we can excel at cybersecurity. It is this strategy that is driving us to fortify our Lenovo Security Assurance architecture over the long-term, while also seeking new ways of providing insights from existing and potentially new security applications.
Louis:What advice are you giving CISOs to strengthen endpoint security in 2021 and beyond?
Christy: One of our advisors is the former Global Head of Information Security at Citi Group, and former CISO of JP Morgan and Deutsche Bank. He talks a lot about his shared experiences of enabling business operations, while defending organizations from ever-evolving threats, and the question that more IT and security leaders need to be asking – which is, “Is it working?” Included in his expert opinion is that cybersecurity needs to be integral to business strategy – and endpoint security is essential for creating a broader secure ecosystem that can adapt as a company’s needs change.
I believe there needs to be more boardroom-level conversations around how compliance frameworks can be best used to achieve a balance between cybersecurity and business operations. A big part of that is identifying resiliency as a critical KPI for measuring the strength of endpoint controls.