The World of Cybersecurity - An Investor's Eye View
By Daniel Gomez, Investor, Fusion Fund And Carol Mao, Vice President, Fusion Fund
1) What sort of opportunities does Fusion Fund target?
1) What sort of opportunities does Fusion Fund target?
Fusion Fund is an early stage venture firm based in Palo Alto, CA that invests in companies that monetize core technical advantages in their business model. We leverage our team’s strong technical background and entrepreneurial and operational experience to identify business opportunities and accelerate growth.
The firm focuses on targeted sectors including connected industries (mobility, robotics), network technologies (security, connectivity), artificial intelligence (computer vision, natural language processing), and health tech (medical devices, AI in healthcare).
If you have a startup in one of these areas or are actively working with startup communities, we would love to chat!
2) On the cybersecurity front what subsectors has Fusion Fund found explored?
We are excited about the future of container security! Software development is moving to containers. However, traditional security solutions are blind to container attacks making containers an attractive attack surface for hackers. According to the research firm Gartner, it is estimated that by 2020, more than 50% of global organizations will be running containerized applications in production, up from less than 20% today. To date, most of the container budget is spent on platforms like OpenShift and AWS since this is the first step of the containerization process. However, as the market matures and an increasing number of containers go into production, they will also require protection, resulting in a multibillion-dollar market opportunity.
"The cybersecurity industry is fragmented, so startups need to tackle large markets or multiple markets at once if they want to be "venture backable""
Given these market developments, we saw an opportunity where an early stage company could disrupt traditional firewall businesses. As a result, we identified and invested in Neuvector, a market leader in Kubernetes security that delivers the first and only multi-vector container firewall.
Data privacy is another area of interest at Fusion Fund. The amount of data being generated is growing astronomically with the majority of it being highly sensitive. In addition to the increase in data, the additional storage and computational demands are driving much of the underlying IT infrastructure into the public cloud resulting in new security and compliance challenges. We have seen the space continue to grow in parallel with an increased corporate focus on securing data after high-profile data breaches (e.g., Yahoo, Equifax, Uber) that exposed lax data protection solutions. We are closely watching developments in key technologies affecting the sector such as AI, blockchain technology, and homomorphic encryption which are allowing companies to utilize their immense data sources to generate insights while guaranteeing data privacy. AI applications we have observed are operating on sensitive datasets by anonymizing data. On the blockchain front, we have taken notice of new dataset sharing methods through the creation of secure ledgers. With homomorphic encryption, we have seen new techniques for protecting data-in-use without limiting app functionality.
At Fusion Fund, as a result of an increase in the attack surface, we recognized the market need for new security tools that embed security into the data itself and invested in NuCypher, which provides privacy infrastructure for the decentralized web. The company’s core technology consists of proxy re-encryption (PRE) and fully homomorphic encryption (FHE). NuCypher’s PRE network provides cryptographic access controls for distributed apps and protocols without performance and functionality drawbacks or a reduction in security that works both on-prem and in the cloud. NuCypher’sNuFHE library enables secure, private computation on encrypted data by outsourced nodes.
Given the dramatic increase in connected devices, sectors such as industrial internet of things (IIoT) is an area of focus as well. Although the market for IIoT Security is nascent, an ever-increasing number of IIoT devices significantly increases the attack surface leaving the network vulnerable to cybersecurity attacks and calls for advanced security points in the data lifecycle. We are monitoring IIoT security solutions aiming to prevent and resolve security threats at various stages in the data flow. The dataflow includes process sensors that locally connect and process data, transmission of data to the cloud, storage and further processing of data in the cloud, and interfacing between various platforms for end users. Companies in the space need to address complex authentication, provide more secure gateways, increase data privacy and protection protocols, and have a secure form of communication. Promising technologies addressing these issues include blockchain technologies that enhance the security of the overall IIoT network by preventing vulnerable devices from harming the network and chips optimized for AI computations that can be incorporated into devices to provide built-in security at points of computation.
3) What advice do you have to founders in the cybersecurity space?
Stratifyd is Fusion Fund portfolio company that provides visual, data-driven actionable business intelligence solutions. Kevin O’Dell, the CTO of Stratifyd, succinctly described how cybersecurity companies should be selling to their customers.
“To rise above the noise, companies need to have a simple and easy to understand pricing model. Understand the business of who they are selling to and concisely state how they are helping their customers meet their compliance needs.”
In addition to O’Dell’s comments, here are some relevant insights we have gathered from our experience in evaluating the cybersecurity industry:
• The cybersecurity industry is fragmented, so startups need to tackle large markets or multiple markets at once if they want to be “venture backable.”
• A cybersecurity company’s value-add to customers is not as tangible or apparent compared to businesses which provide customers with an increase in revenue. This results in longer sales cycles for cybersecurity startups. Be as specific as possible on your company’s ROI.
• The space is flooded with competitors and CISOs are constantly vacillating between multitudes of similar products and services. Differentiation is key. Attaching an ROI to your company and service is necessary. It may make sense to apply Factor Analysis of Information Risk (FAIR), the standard Value at Risk (VaR) framework for cybersecurity and operational risk, to quantify your company’s value to your customer.
• Get involved with corporate’s executive briefing centers. This a great way to showcase your company in front of C-level executives. If you are venture-backed, ask your investors for this! For example, at Fusion Fund, we have an annual CEO Summit and other periodic events where we provide useful operational and strategic insights to our executives’ teams and provide networking opportunities with key strategic partners and customers.