News
In the News
Security Policy Management and Compliance, Next Holy Grail
April 7, 2005
Courtesy of Sarbanes-Oxley Compliance Journal
Recently, Jack Martin spoke to Sameer Gandhi at Sequoia Capital on the topic of Elemental Security.
Jack: What does Sequoia Capital actually do?
Sameer: We invest in early stage high technology companies and then, post investment, manage those investments by serving on the boards of those companies, providing counsel and resources to build those companies into viable businesses and guiding them to, hopefully, prosperous outcomes. Our focus is on helping to build sustainable companies from scratch.
Jack: Do you get personally involved in that?
Sameer: Absolutely. I, and all my partners at Sequoia Capital, are intimately involved with our companies from the Board standpoint. Arguably, we are more active Board members than most investors. In between Board meetings, it is standard operating procedure to get behind our founders and companies on recruiting management, developing business and product strategy, overseeing operational and financial performance, supporting marketing/sales/distribution activity, providing customer/partner introductions and a host of other business building activities.
Jack: Elemental Security has made an incredible announcement today, and you are one of the key investors involved in that company. My question to you is why Elemental Security out of all the other choices you have?
Sameer: It’s worth taking a step back because it’s a very good question. I would say that our focus, from a standpoint of Sequoia Capital, is to invest in early stage information technology companies and, of that, enterprise security or network security is an important category for us. It is one of the most vibrant areas. There’s a lot of technological innovation driven by the start-up community versus in the established companies. We’re very interested and very active investors in the category in general.
More to the point, we’re seeing and investing in an array of very special entrepreneurs and companies that are clearly doing something novel and innovative differentiating with defensible IP, addressing a first order customer pain points and serving huge market opportunities.
We feel that Elemental has a lot of those attributes associated with it.
To get specific, I would say there are really three things that made us excited about the Elemental opportunity. One was Dan Farmer and the team. One thing about security is that there are a lot of smart people out there. But, when you’re talking about solving the class of problem that Elemental is trying to solve, policy management and compliance, I think you need very special, deep domain experts to go after it. In my opinion, there are probably only a handful of people, perhaps in the world, that have the capability to define a vision for solving this type of problem. Dan, as everyone knows, is an individual that’s really considered to be one of the true visionaries in enterprise security.
Jack: I would agree with you.
Sameer: He is known to virtually anybody that knows anything about security. His published works, his inventions his products are now just part of the fabric of security, part of the vernacular of security. There are not very many people that can be the lightning rod that Dan Farmer can be when you think about a specific segment. Just as importantly, he pulled together what we thought was an incredible team. Really a world-class team that you would look at and say, if any other company had the caliber of individuals that Dan was able to attract to go after this opportunity, you just want to back those people, not knowing even what they were going to do.
The second thing was, in fact, the nature of the problem. In the security market, a lot of people are selling smaller propositions. They’re solving tactical problems so they’re delivering point solutions. In our opinion, the next huge problem, almost sort of the Holy Grail type problem to solve, was this notion of security policy management and compliance. The reason it hadn’t been solved before, even though people recognized that it’s a massive issue in today’s corporations, is that it’s incredibly difficult to, from a technical standpoint, solve that problem. We felt like Dan was the first who was going to do it. Dan and his team were really the first group that presented to us not just a vision for solving a problem, but a credible technical approach where the business and products would be phased for getting there in a reasonable fashion.
When you look at the customers that we talk to, they all agree that this is a crucial issue that they desperately needed to solve.
Jack: Yes.
Sameer: If customers had a way to solve it, they’d want to spend real money solving it. This is an agonizing pain point for any enterprise of consequence. One that is very complex and very hard to solve and, subsequently, very difficult to sell into. But, if a start-up company was able to solve it with an offering that would be fundamental to the customer, they make for the kind of company that’s interesting to us at Sequoia Capital.
The third part about getting into business with Elemental Security was to see that all the right people had a seat that would give this company a shot. We were very excited about the notion that, when you looked at the investor line-up in the company, there were two very high quality firms, Mayfield and Bessemer, that very much understand the enterprise security market. They had very much the same notion that we did about building an important, large and valuable company. We felt like it would be great to partner with them in going after this particular opportunity.
We looked at this opportunity and were able to see that is a situation where there is a great team, addressing an existing burning pain point, associated with a very attractive customer base and market size opportunity and where we have fabulous co-investors to work with. You sum all that up and pretty quickly come to the point of making a positive investment recommendation on the company.
Jack: I have spoken to a lot of people about Elemental and a reoccurring theme has been, the team that Elemental has put together. In your opinion, what makes them so special?
Sameer: You can easily describe them as world-class, but, that would be too superficial. What’s unusual about this situation is that the product requires a range of capabilities and, therefore, an incredible depth of technical competencies. We talked about the people that Dan Farmer has been able to attract. Take Guido van Rossum, for instance. Getting him involved in the same company is a miraculous occurrence. There are many other Guido-like people in the company. Having that many people of that caliber is unquestionably a strategic asset and competitive barrier to entry.
Now, I think that’s frankly a challenge as well. But, we saw that everybody seemed to coalesce very nicely and that there was chemistry. One could argue that any one of those individuals could be in the limelight in a different kind of company as an individual.
Jack: They’re both hyper-creatives.
Sameer: And so, you know that’s a tight rope to walk. But, our feeling was that the chemistry was there, with a collection with “A” players, if you will, which you normally don’t see in a company. You see one or two, but not the group together.
Jack: Who’s actually going to push the vision forth from a business perspective?
Sameer: We need to. From a standpoint of the customer pain point and understanding the need of the marketplace. Translating that to a vision for a product that is really going to address that pain point is Dan’s forte. He’s incredibly credible to the customer community when he talks about how Elemental is going to solve the policy management and compliance problem for them.
Translating that into how to build a company step by step, you need someone from a business standpoint that understands how to take a company from a group of talented engineers and a product to a real sustainable business. I think we’ve done an incredible job there in bringing Peter Watkins on board as the CEO of the company. You know, Peter’s got the great background from security, he’s run multiple businesses before, through various types of scenarios and for us to be able to attract that level of person for such a young company, I think is a credit to both Dan, obviously, and to the opportunity itself. You can only get someone like that when the opportunity is large and to the fact that again, the company is so solidly backed. We’ve got a good mix of product vision and execution capability in building that is now rolling out the company.
Jack: Peter Watkins, what kind of companies has he run?
Sameer: Peter was at Network Associates as COO, President and CEO, of Resonate.
Jack: Sameer, where do you see this company going in the next three to five years?
Sameer: When we invest in companies, our intention is not to invest in opportunities where we view them as small market opportunities or tactical problems where they tend to be sold for relatively small amounts of money. We like to invest in businesses where, by definition, these are opportunities for sustainability as a stand-alone, viable, attractive, profitable company. It’s a fundamental criteria to use in early stage investing.
In our opinion, a lot of today’s enterprise security problems are being addressed by lots of different kinds of companies. So, with our approach to investing, we look for the next generation problems in enterprise security, we look for where the vacuum is going to be and aim for that sweet spot.
With respect to Elemental Security, we don’t really think anybody has come up with such a holistic solution. They go beyond providing visibility into security policy by proactively managing a comprehensive set of policies and then, at any given point in time, relate the current posture of the company from a compliance standpoint relative to those policies. This is such a critical problem today that can’t be solved with currently available solutions. We think that this company has the chance to be a leader in an entirely new category of enterprise security products. I wouldsay that our hope for this company over the next three to five years is that it develops this category and it becomes the market leader and it becomes a very visible company in this space.
Jack: I’m hearing that you avoid companies that need to be purchased.
Sameer: We avoid companies that aren’t really long term sustainable businesses. They end up being single product companies that belong under someone else’s umbrella or, worse, are just features that belong under someone else’s product. By definition, those can’t be independent businesses and they just end up being R&D on someone else’s dime get purchased at a steal.
We like companies that have the option of being stand alone. But, when it comes to talking about an exit or liquidity event, we’re totally agnostic. We care about building companies and we think that whether it gets sold or whether it goes public, that’s just something that takes care of itself if we do our job. We created a nice business and the exit won’t really matter one way or the other. We don’t drive a company specifically to one or the other.
Jack: Is Sequoia Capital moving forward in the world of corporate governance and security, is this a focus that your group has at this point?
Sameer: Well, it’s been an area that’s been largely ignored and clearly there is much, much more oversight required in all aspects of a typical enterprise whether it’s the financial function, operations, manufacturing or IT. Management teams are clearly on the hook for ensuring either compliance to internal policies, external rules, government regulations, etc. Elemental Security is one of a number of companies that we have invested in that plays more to that broader theme in the enterprise market today. Others include Certus, LogLogic and Conformia.