Last week was a busy week, what with an election in Myanmar and all (well, and the United States, I guess). So perhaps you were glued to your TV or smartphone, and missed out on our conversation with Asheem Chandna, a long-time partner at Greylock who has invested in enterprise and cybersecurity startups for nearly two decades now, backing such notable companies as Palo Alto Networks, AppDynamics and Sumo Logic. We have more Extra Crunch Live shows coming up.
Enterprise software is changing faster this year than it has in a decade. Coronavirus, remote work, collaboration and new cybersecurity threats have combined to force companies to rethink their IT strategies, and that means more opportunities — and challenges — for enterprise founders than ever before. In some cases, we are seeing an acceleration of existing trends, and in others, we are seeing all new trends come to the forefront.
All that is to say that there was so much on the docket to talk about last week. Chandna and I discussed what’s happening in early-stage enterprise startups, whether vertical SaaS is the future of enterprise investing, data and no-code platforms, and then this rise of “shift left” security.
The following interview has been edited and condensed from our original Extra Crunch Live conversation.
What’s happening today in the early-stage startup world?
Chandna has been a long-time backer of startups at their earliest stages, with some of his investments being literally birthed in Greylock’s offices. So I was curious how he saw the landscape today given all that prior experience.
TechCrunch: What sort of companies are exciting for you today? Are there particular markets you’re particularly attuned to?
Asheem Chandna: One is digital transformation. Every company is trying to figure out how to become more digital, and this has been accelerated by COVID-19. Second is information technology today and its journey to the cloud. I would say we might be about 10% or 15% of the way there. Some of the trends are clear, but the journey is actually still relatively early, and so there’s just a ton of opportunity ahead.
The third one is leveraging data for better predictability along with analytics. Every CEO is looking to make better decisions. And you know, most leaders make decisions based on gut instinct and a combination of data. If the data can tell a story, if the data can help you better predict, there’s a lot of potential here.
I view these as three macro trends, and then if one was to add to that, I would say cybersecurity has never been more important than it is today. I’ve been around cyber for over two decades, and just the prominence and importance and priority has never been more important than today. So that’s kind of another key area.
I want to dive into your first category, digital transformation. This is a phrase that I feel like I’ve heard for a decade now, with “Data is the new oil” and all these sorts of buzzwords and marketing phrases. Where are we in that process? Are we at the beginning? Are we at the end? What’s next from a startup perspective?
Due to COVID-19 and because of the way people are working today, digital’s become the primary medium. I would still say we’re early, and you can literally look sector by sector to see how much more work there is to do here.
Take enterprise sales itself, which is early in what I consider digitalization. It’s even more important today than it was a year ago. I’m using video to basically communicate, and then the next piece would basically be trialing of software. Can I allow even complex software to be self trials and can I measure the customer journey through that trial? Then there’s the contracting of the software, and we go to the sale process, can all that be done digitally?
So even when you take something as very mundane as enterprise sales, it’s being transformed. Winning teams, winning software entrepreneurs, they understand this well, and they’d be wise to examine every step of this process, and instrument it and digitize it.
Vertical versus horizontal plays in enterprise
A lot of your investments tend to be more horizontal plays, yet over the last couple years, a lot of VCs have dived into these more vertical SaaS plays. What’s sort of your thesis on this, when you think about an investment?
I’d say the the short answer would be both. But it is worth noting that some of the biggest wins in technology were horizontal. So if you take software platforms, whether CRM integrating across industries or cybersecurity platforms going across industries, or marketing automation, or ERP — the largest wins have typically been horizontal.
That said, there’s a lot of opportunity in verticals as well. In verticals, if you can establish a beachhead early, you can often see a winner-takes-all phenomena, and you can have much larger market share. So even though the TAM might be more constrained, or the total size might be more constrained in that vertical, it’s often easier for a winner to grow. So it can be very lucrative if you can build vertical only.
Since you brought up ERP specifically, what does the prognosis look like for startups to go after huge enterprise incumbents in spaces like that?
So I would say in both CRM and ERP, I think it’d be safe to say every enterprise VC is looking to see what’s going to disrupt Salesforce or what’s going to disrupt SAP. For any entrepreneur out there, if you have ideas on how to wedge in, insert and take on these very, very large and very, very successful companies, I’d say all of Sand Hill Road and every enterprise VC would clearly be interested in taking that meeting.
I think it’s also safe to say, 10 years from now, there will almost be for sure publicly traded companies in those segments that don’t exist today, just given the size of those markets. So, I think it’s fairly safe to say, there’s tremendous opportunity here.
What angles do you see for taking on these large incumbents?
I would say a little bit of that lies in terms of how the world is different today from where it looked like when these companies were started, both in terms of customers and also in terms of the technology stacks and the capabilities. On customers, most customers today work much more on mobile and much more distributed than they did 10 years ago.
The second piece comes back to data and analytics at scale, and leveraging the ability to run very, very large data lakes on very, very scalable backends with scalable compute and scalable memory, and then placing the next level of algorithmic capabilities on that data. If you take a clean sheet of paper, it’s going to be very difficult for the incumbent to compete.
The changing face of data and no-code platforms
Let’s head over to data and the future of data in the enterprise. What does that market look like today?
I think at this point most people realize that most enterprises are struggling with a data lake strategy. Most enterprises today are looking to rebuild the concept of a data lake and build that with scalable compute and scalable memory behind it.
I think one of the biggest challenges around this looking forward is going to be the issue of data privacy — data governance, data privacy, lineage. I think there’s opportunity here for the public cloud providers to add more capabilities, and I think there’s tremendous opportunity for third-party companies to kind of refuel the layers, where you can enable access, you can enable governance, enable privacy in a very scalable way, both single cloud and across multiple clouds.
Isn’t all this new regulation around privacy making it more challenging for startups to enter these markets though?
I think there’s opportunity for both. With these regulations, there are exceptions around them in terms of the size of the businesses, and the amount of data they handle. So I think a pure startup starting today does need to be cognizant of these dimensions.
Let me ask about no-code tools, which I have written a bit about recently. What’s your take on that particular lens on the data world?
So we haven’t made an investment in the space, but we are watching very carefully. And you know, we would encourage any entrepreneurs out there to please call us.
It’s an area that’s growing rapidly. I think just as software is going more horizontal across industries, software is becoming more pervasive. It’s a little bit of the democratization of software and at some level, everybody wants to become a developer, right? Or everybody wants to do what developers can do.
In many ways, a lot of people would say Excel might be the most powerful or the most utilitarian software package anyone’s ever invented, because almost anybody can start working with Excel at a basic level, and look at what somebody can do, right? So in that way, you can almost think of it as no-code. It’s just kind of taking that further, right across dimensions. I think over time, you’re going to see the cloud providers themselves add these capabilities.
Finally here, I’m curious how much Greylock invests at each layer of the data stack from hardware, to infrastructure, to applications?
The short answer would be straight across the board.
Chandna noted that Greylock has invested in companies like Snorkel, Cresta, Abnormal Security and more.
We’re venture investing both at the tooling levels carefully and then also just applications. Where wouldn’t we invest? I would say, in the tooling areas, some areas are probably just a little bit more treacherous than others. Some of these areas likely will commoditize, and there’ll probably be some level of acquisitions in the coming years and then that’ll get baked into the platforms.
Opportunities in the SMB market?
I want to turn to one of the questions from the audience about SMB enterprise startups. What are you seeing out of the pure enterprise space?
I’d make a couple of points. One is, if anybody out there had an idea of how to go after the enterprise where you had deep value, let’s say mid-five-figure ASP or low six figures, mid-six-figures going into seven figures, if you have a product offering, and you can think through that in a repeatable way, that’s an outstanding place to run. You can grow value in a very significant way through that, and there’s a lot of precedent for that.
The second point is if you have an enterprise-focused play, as you grow that business, many businesses at some point also add commercial. Take like a Salesforce or a Palo Alto Networks. Some will do enterprise only as a clean play, but others will do enterprise plus commercial.
For instance, Asana recently went public in a bottoms-up model with enterprise leading but with a large number of other users on the more commercial side. Other companies like Dropbox have popularized this approach as well.
The last piece is, historically, the midmarket has been challenging. I would still say today that if you want to grow beyond a certain size of market value, the jury’s still out. However, I would say for new entrepreneurs starting up today, I’d say in the midmarket there’s more promise and more upside on that than ever before, because of the bottoms-up model.
Shifting left on cybersecurity
Let’s pivot over to cybersecurity as our final area. With so many changes going on in the world today, how is cybersecurity adapting?
That’s become a very important question today for most organizations. I would say the security perimeter for most organizations today has really changed in two ways.
One is the perimeters kind of moved out to wherever the employee is. Today for most organizations, employees are sitting at home or employees have gone mobile. So the perimeter, you know, has completely gone out. And most organizations really need to think about how they’re going to protect that employee in their house, how they can protect the data on that employee’s system at home, and the home network has suddenly become much more relevant than it was in the past.
The second one is I’d say the perimeter has moved up. And by that, what I mean is the perimeter has really gone to the cloud, because most organizations are on a journey to the cloud, and again, with COVID, that journey has been accelerated. What that means is you’ve got to now invest more into endpoint technologies and invest into understanding what’s going on with your employee.
These attacks always seem to change with the times. Will we ever have secure computing systems?
If you look over the last couple of decades on cybersecurity, security tends to follow IT architectures. So if, let’s say in the future, we’re going to be working more with augmented reality, you’ll see security follow AR. If crypto becomes more important in the future, if blockchain becomes more important in the future, you’ll see layers of cybersecurity follow that. So basically, you’re gonna see layering of software, a kind of scaffolding of security around those architectures.
A second point is it’s also been a very interesting area for entrepreneurs to kind of build new things because smart people are attracted to building better mousetraps. And this is a great area to build a better mousetrap. I think the other interesting thing also is large enterprises have been willing to buy better mousetraps here. That’s kind of been an interesting dynamic that’s really helped accelerate small companies.
One noteworthy trend that’s worth mentioning is that there is a “shift left” happening in security. Every organization today wants to bring software to market faster, but they also want to make software more secure. There is a genuine interest today in making the software more secure, so there’s this concept of shift left — bake security into the software.
How to pitch Asheem
Before we close out, what’s the best way for a founder to pitch you?
The best way to pitch me is send a well-written email, and ideally provide as much detail as you can about the problem you’re solving, what are your approaches, and a little bit about yourself. What’s innovative about the approach? What is it that you’re doing new? Why is this authentic for you?