Tag: Security

29
Apr

Opportunities in Privacy & Security Emerging During COVID-19

This article, by First Ascent Ventures, is the first in a series that will outline emerging trends across the Privacy and Security space.

Katharine Tomko, Venture Partner at First Ascent Ventures

It would be an understatement to say that COVID-19 has drastically altered daily life and business dealings across the globe. The Canadian technology space is not immune to this disruption and as a venture fund supporting local innovation, the daily announcement of layoffs across the technology ecosystem has been painful to watch.

At First Ascent Ventures, we have worked very closely with each of our North American portfolio companies to deepen our understanding of not only the challenges but also the numerous opportunities(eternal Canadian optimists!) that exist across various verticals in enterprise software.

One such area that First Ascent Ventures has spent considerable time exploring is the Privacy and Security startup space. In the past year, the fund has added significant privacy industry expertise with Katharine Tomko, the Former Head of Privacy Programs at Facebook, joining as a Venture Partner.

This article will discuss some of the work our fund has undertaken in the Privacy and Security space, and specifically, outline four areas within privacy that have been highlighted as “ripe for startup disruption” since the COVID-19 crisis emerged.


Trends and Opportunities

Connecting Remote Workers With The Systems And Services That They Need To Perform Their Jobs.

Problem — While most companies have the infrastructure for remote employee connectivity (VPN, etc.), very few have the capacity to provide for a fully remote workforce for months at a time. The first weeks of lockdown were a scramble for hardware capacity, circuit upgrades, and hasty network configuration changes with a view of ‘it’s an emergency, we’ll clean this up later’, and the associated security headaches. Employee productivity was often hampered by poor network performance, as over-taxed VPN infrastructure was forced to scale beyond its design.

Opportunity — “Support of large scale remote working” as a highly available, performance service is now a budgetary item for every company that employs knowledge workers. Most forward-thinking companies will iterate beyond the traditional centralized VPN architecture, and move to a ‘zero trust’ architecture, as popularized by Google’s own corporate network with their ‘Beyond Corp’ design. The Zero Trust model assumes that there are hackers both within and outside the network, which effectively prevents any machine from being automatically trusted. Zero Trust ultimately shifts access controls from the perimeter (ie. a VPN gateway) to internally authenticating and verifying individual devices and computers. This allows employees to work securely from any location without the need for a traditional VPN. This will serve as a major technology refresh for most large companies and their ‘traditional’ VPN device vendors will not be able to accommodate this change with their existing holistic solutions. There are no standout ‘incumbent’ players in this massive market, and opportunities exist across all areas of this architecture.

Securing And Tracking Remote Employee Assets.

Problem — There are in essence two problems at work here. First, most large IT infrastructures have been built with the physical office in mind, and remote workers are an afterthought. Existing management systems and security tooling are often subpar for remote devices. Second, the biggest security problem that most companies have is understanding their existing device inventory; solid asset management and inventory are the cornerstones of any good security program — for example, you can’t patch unaccounted-for inventory. The Equifax breach, which happened through a staging server that was ‘forgotten’, is an illustrative example. Remote working further exacerbates this problem as the assets are pushed out beyond the traditional network edge.

Opportunity — A significant amount of security budget dollars have been spent on plugging ’security devices’ into internal networks over the past twenty years (intrusion detection, etc.). As the design of the network changes towards a model where both ‘on network’ and remote workers are treated equally as first class citizens, we can expect a whole new category of security control to emerge. The billions of dollars spent on security hardware will move into software. Similarly, as companies move to a ‘zero trust’ networking architecture, they will be fully reliant on their asset management and inventory systems being up to date to ensure that they are only providing data access to devices that they actively manage and maintain.

Business Continuity Planning & Execution.

Problem — While most companies have some form of a business continuity plan, it’s usually a neglected 45 page document at the bottom of a drawer, with little understanding of its practical use. During COVID-19, boards, investors and key customers were all asking for details on business continuity plans, often requiring a copy of the actual document, and specifics on how it has been tested and updated over time.

Opportunity —Business continuity planning is a fairly specialized practice, with ‘control owners’ spread across all parts of the organization. It’s extremely laborious to create, test, update and attain management approval for these plans, and they are almost always missing some key types of ‘disaster’ — how many companies had ‘pandemic’ as a realistic risk to plan for in 2020? Now that companies have executed their plans (often for the first time), and been forced into transparency with their key stakeholders, we can expect to see renewed focus on building and maintaining a comprehensive disaster recovery/business continuity plan. There are opportunities for software to streamline this process, from guiding the organization through best practices in creating the plan, to managing control ownership across the organization, to ensuring regular testing of the plan and providing board visibility.

Physical Security/Safety of Employees.

Problem — While most travel has been eliminated from company budgeted expenses for the second and third quarter of 2020, many foresee a steady return to normal business travel later this year and into early 2021. Companies are responsible for the safety of their employees while they are on business travel or working in remote offices, and employee health (exposure to outbreaks, etc.), and safety (civil unrest, quarantine rules, etc.), will be a top priority. It has been some time since the average employee contemplated their safety while traveling for business. If business travel is really necessary for a job function, expect employees to hold their employer to a higher standard when it comes to safeguarding their health.

Opportunity — The largest and most forward-thinking companies already track and provide support to their employees while on business travel. As both employer and employee fully internalize who really owns the risks of business travel, expect these types of ‘global security operations centers’ to become more commonplace at large organizations, and to trickle down into smaller companies. Opportunities exist for software to support these functions, with integrations into corporate travel systems and automated integrations with government travel advisories.


Conclusion

We would encourage both startups and larger organizations to reflect on these four emerging trends in the privacy and security space and examine their own capabilities to address these concerns. First Ascent Ventures is confident that while these issues arose because of the massive work from home movement caused by COVID-19, enterprises will continue to keep privacy and security top of mind even after the world returns to normalcy (i.e. back to the office).

First Ascent Ventures is dedicated to working with companies and/or investors addressing these gaps in enterprise privacy. We hope to contribute and ensure that the next-generation of enterprise security is one that actively prepares companies for the future privacy challenges that lie ahead, rather than reacting after it is too late.

Please reach out to Noah@firstascent.vc to collaborate with us.

First Ascent Ventures — Who We Are And Behind the Name

Makalu as seen from the Summit of Everest. Photography by Tony van Marken, Founder, First Ascent Ventures

First Ascent Ventures was founded in 2015 and is a Toronto based VC fund that invests in emerging Canadian and U.S.-based technology companies that are building the next generation of disruptive, enterprise B2B software. www.firstascent.vc

In mountaineering, a first ascent is the first successful, documented summit of a mountain by an unclimbed route. First ascents are notable because they entail genuine exploration, with greater risks, challenges and recognition than climbing a route pioneered by others. This is not dissimilar to the challenges and risks involved in building a start-up technology company.

 

AI STARTUP RUBIKLOUD TO BE ACQUIRED BY OTTAWA-BASED KINAXIS FOR $81.4 MILLION CAD

OTTAWA, ON, June 15, 2020 – Kinaxis® Inc. (TSX: KXS), the authority in driving agility for fast, confident decision-making in an unpredictable world, has signed a definitive agreement to acquire Toronto-based Rubikloud, a disruptive, emerging provider of AI solutions that automate supply chain prescriptive analytics and decision-making in the retail and consumer packaged goods (CPG) industries.

Globally-recognized retailers and CPG manufacturers in the health and beauty, household and grocery segments use Rubikloud’s AI-based products today. Their offerings include demand forecasting and automation to manage and optimize trade promotions, pricing and assortment to drive product demand and dramatically improve financial results. Kinaxis will enhance RapidResponse’s demand planning capabilities with the Rubikloud offerings, anticipating initial opportunities in the company’s rapidly-growing CPG customer base and over time for other industries such as life sciences. The acquisition also offers Kinaxis a springboard into the enterprise retail industry.

“Rubikloud has capabilities and value that we can offer our CPG customers today, leads us into the retail industry with some bellwether accounts, and adds a group of approximately 80 people to an already-impressive AI and machine learning (ML) team here at Kinaxis. Over time, this enhanced group will contribute to new and existing AI-powered capabilities across the full Kinaxis RapidResponse® platform and applications,” said John Sicard, President and CEO of Kinaxis. “This acquisition reflects the growing importance of AI and ML to power intelligent automation and augment human decision-making to better deliver on customer promises, remove waste and increase resiliency for effective risk management.”

Rubikloud’s SaaS-based ML offerings empower retail and CPG manufacturers to transform their core operations by improving and automating complex, profit-generating decisions. Rubikloud’s proven AI capabilities and intuitive tools enable users to leverage disparate data sources to improve forecast accuracy, site-level allocations, inventory availability and promotion plans by allowing users to run boundless simulations in real time.

“We founded Rubikloud with the belief that purpose-built AI could be used to solve some of the most complex industry problems and we have spent the last seven years building a fantastic product that receives validation from global customers every day,” said Kerry Liu, CEO, Rubikloud. “We’re excited at the prospect of joining Kinaxis, which helps us bring our innovations to a much broader customer base at a faster pace than on our own. Not only that, being two strong Canadian companies we see great cultural synergy and look forward to working on the complex problems we know RapidResponse and concurrent planning can solve for customers.”

Terms of Agreement
Kinaxis will acquire Rubikloud for US$60 million in an all-cash transaction that is expected to close within 60 days. Based on Rubikloud’s current revenue and expense profile, the company’s fiscal 2020 revenue and Adjusted EBITDA guidance, as reiterated in its May 6, 2020 news release, remains unchanged. The transaction is subject to customary closing conditions.

About Kinaxis Inc. 
Everyday volatility and uncertainty demand quick action. Kinaxis® delivers the agility to make fast, confident decisions across integrated business planning and the digital supply chain. People can plan better, live better and change the world. Trusted by innovative brands, we combine human intelligence with AI and concurrent planning to help companies plan for any future, monitor risks and opportunities and respond at the pace of change. Powered by an extensible, cloud-based platform, Kinaxis delivers industry-proven applications so everyone can know sooner, act faster and remove waste. For more Kinaxis news, follow us on LinkedIn or Twitter.