The V.C. Corner: Karim Faris, Google Ventures
Of all the people in the technology industry, it's those whose business is investing in the future -- venture capitalists -- that have the biggest stake in what's coming next.
So what's around the next corner in business tech? What's promising -- and what's overhyped?
In this occasional series, we sit down with the folks on the front lines to see what they're seeing.
Today, we talk to Google Ventures partner Karim Faris.
ZDNet: What are you seeing out there?
KF: The potential for the enterprise startups is as large, if not larger, than consumer. There are clear problems to be solved. The consumer is fickle. On the enterprise, you're trying to fulfill a demand that's there, and you can build a predictable business if you hit these milestones. On the consumer side, you really don't know.
There are a number of threads I'm looking at -- some we've made investments in, some we're just observing. I value straight-from-the-field insight from engineers and product managers in these areas. I keep tabs with the Fortune 100 and even small- and medium-sized businesses here.
ZDNet: What's hot right now?
KF: Security has always been a focus, and it's only becoming more of a focus now that more and more services are going to be offered [on demand]. The enterprise is slowly adopting them. Medium-sized businesses are more aggressive; large businesses have longer timelines for selling. The more SaaS stuff you're using, the more questions you'll face around, "Is it secure?" We've made a couple of bets, one with an anti-malware company called Dasient that we sold to Twitter. We saw the malware problem getting bigger -- what you'd read in the press was just the tip of the iceberg, particularly on social networks, where there would be links that lead to malware.
Another thing is enterprise access for employees. The incumbents in that space are RSA -- plastic tokens, two-factor authentication. I hate that stuff. When we were riding on Google infrastructure in the past, they had an advanced system that had a user barrier. When you deploy these systems, people forget the tokens at home, or they lose them, or you have to retrieve them when that person leaves the company. We're taking it to another level where you're leveraging smart devices with push notifications. That eases deployment within an existing notification -- Is this you? Approve or deny -- and the cost of deploying this is pretty low. We've seen that you need to make the deployment easier in the enterprise. If you make it easy enough, they'll deploy it to their own consumers, like banks or social networks. We saw this problem and sought to find innovative companies that are going to take the basic two-factor that's incumbent today and take it as a service. We have a portfolio company called DuoSecurity that does this, too.
ZDNet: What are enterprises telling you, in terms of their concerns?
KF: When you ask companies, "What are natural services that you believe are a burden to your organization and that you'd be willing to outsource?", what consumes the most cycles in terms of administrative burden is invariably OpEx. Once you triangulate on a natural service that would be good to outsource, then you look at whether there's anybody innovating in this space, or is there a team you can pull together to address it.
The other area [of enterprise concern] is botnets doing low-rate attacks on sites, trying to get to passwords and account information. The massive Sony break; several credit card companies...it's essentially defenses against these massive botnets that try to do password siphoning. The techniques that we've seen being used to address this problem is website obfuscation or form obfuscation -- something that sits in front of a web server, and as that page is served, it looks like garbage to a bot, but fine to you and me. There are a bunch of technologies trying to address this problem. It could be a very visible problem, like when you have a massive break and it's picked up in the press and it becomes a massive disaster, or a quiet problem, and you don't realize it's even happening.
These bots are getting smarter. They're very good about not tripping any alert wires. They never get picked up by existing countermeasures in the enterprise. How do you handle this? It's a very difficult problem. Terrorism, counterterrorism -- the world doesn't know it until there's a major break.
ZDNet: We've talked a lot about security. What else is interesting, from an investment perspective?
KF: Another big category is the movement to the cloud. There's a lot of interest from organizations to set up private clouds or leverage public clouds. With public clouds, they have to be comfortable with security. By the end of the year, you're going to have 10, 15 public clouds. It's amazing -- there have been a bunch of new cloud announcements in the past few months: Google, HP, IBM, Terremark, Amazon, Rackspace, SoftLayer. There's going to be a tremendous amount of choice, which is very exciting. OpenStack has gotten a bunch of steam, and enterprises are looking to do a mix of private and public.
With choice comes confusion. If I'm an enterprise, I'm looking for a travel agent to show me which cloud is the best for me. Who could help you navigate that and continuously optimize your load? A small company called CliQr, set up by some sharp ex-VMware guys, started that. So we made a seed investment in the space, and we're looking for more. On the consumer side, the analogy is Kayak -- pull your existing load, run it on all these clouds, and show you the price-performance curve.
From an investor's perspective, being too early is probably the same as being wrong. We're very attuned to [anxiety]. We look for very low barriers to testing and adoption. When you're looking at technology that can be developed as a service, little resources and money changes hands [during the early part of the sales cycle]. The burden is on the startup.
When I was investing a decade ago, it was all technologies delivered on appliances and hardware. Very long sales cycles. Now I look for services. You have to be flexible. You have to deliver it as a service and an appliance. Yes, you're a SaaS company, but there are classes of companies that will be very slow to adopt anything as a service for security concerns.
The way to address this confusion or indecision is to make the barriers for testing low.
ZDNet: That's interesting. Any other areas that interest you?
KF: Another area is mass analytics. You can call it "big data," but it's really the focus on enterprise analytics. Massive data has always been generated by the enterprise. When you talk to them, a lot of that data was never mined, let alone maintained. There wasn't ROI behind it; the tools didn't exist to make sense of it. All of a sudden, the barriers to trying to mine that data are much lower. We made an investment in ClearStoryData. The insight around the space is, essentially enabling the enterprise without the involvement of IT. Giving the power to business users to do very interesting mashups of data.
If I'm Starbucks and I want to mashup my latte sales with demographics or weather -- the enterprise could do this, not just with inside data but also mashing it up with Twitter feeds for sentiment analysis. It hasn't been done because it takes so much work to do this stuff with no clear ROI: "I don't know if I'm going to find anything." It's very exciting to have these tools.
The other sector [of interest] is the traditional one, storage. Storage infrastructure runs the enterprise. There are two different things happening: the existing storage infrastructure -- SAN, NAS -- and then you've got cloud storage for flexibility, convenience. There's this challenge that IT has where they have existing infrastructure and rogue pockets of employees using freemium products to share. It's not good for IT, but it's clearly a demand. You have to respect existing infrastructure but offer a bridge to the new stuff. Hybrid approaches to enterprise deployments -- you want to be able to leverage the enormous investments the enterprise has made in disks.
Expecting the enterprise to go from zero to one, incumbent to cloud, overnight is a mistake. We've learned that the hard way. We invested in a company called Egnyte for this.
ZDNet: We've talked about a lot of trends, a lot of positives. So what worries you?
KF: The biggest concern for me is on the sales side, sales cycles. Particularly when you're looking at stuff that can be delivered as a service.
There's a perception that because it's SaaS, the sales cycles should be shorte. While that's generally true, they're not that much shorter -- particularly when you're selling to the Fortune 500. The sales infrastructure you have to put in place, and what kind of discipline you have to put in place in that company...it's something that has to be tuned from the beginning with that company.
There are high hopes that the high-velocity sales model -- credit cards inbound over the web, very low-touch -- is going to work. There's always high hopes that that will work. I fear that there isn't as much emphasis on your old-school, direct-selling channel selling than there should be. There are a lot of resources being spent on this new high-velocity sales model for the enterprise, and I keep finding myself trying to bring them back to the middle.
Channel is, for the new crop of entrepreneurs, is often underestimated. You can get tremendous leverage if you know all the stakeholders in the enterprise.
ZDNet: Any more trends? It sounded like you were itching for one more.
KF: It's plumbing; it's mundane. It's server management.
It fits within cloud, but it really starts with your traditional sysadmins and goes up to developer operations -- when you've got to provision massive amounts of servers -- thousands, tens of thousands -- automation is what you do. Doing it by script becomes unwieldy. We have a company called Puppet Labs that allows this. It's an area that's being overhauled in the enterprise. Traditional players -- HP Opsware, EMC BladeLogic, IBM -- that's the space that these open source players are trying to disrupt with a better, easier-to-deploy product to manage massive servers.
We've even seen companies use automation to manage employees' desktops. A layer of very mundane, basic stuff to automate these things. Automation, reducing OpEx, and ensuring policy consistency across servers -- it's kind of a [multi-front] argument.