Asheem Chandna on Cybersecurity & Enterprise Startups

The previous week featured significant global events, including elections in both Myanmar and the United States. Consequently, you may have been focused on news coverage and potentially missed our discussion with Asheem Chandna, a seasoned partner at Greylock with almost twenty years of experience investing in enterprise and cybersecurity ventures. His investment portfolio includes prominent firms like Palo Alto Networks, AppDynamics, and Sumo Logic. We have additional Extra Crunch Live sessions scheduled.

The landscape of enterprise software is currently evolving at a pace not seen in ten years. The coronavirus pandemic, the shift to remote work, the increased need for collaboration tools, and emerging cybersecurity risks have collectively prompted organizations to re-evaluate their IT approaches, creating both increased possibilities and difficulties for enterprise founders. We’re observing both a quicker development of established patterns and the emergence of entirely new ones.

Given the breadth of topics, our conversation last week covered a wide range of subjects. Chandna and I explored the current state of early-stage enterprise startups, the potential of vertical SaaS as a dominant model in enterprise investment, the role of data and no-code platforms, and the growing importance of a “shift left” approach to security.

This interview has been modified for brevity and clarity from our initial Extra Crunch Live broadcast.

What’s happening today in the early-stage startup world?

Asheem Chandna has consistently invested in startups during their initial phases, with some ventures originating directly within Greylock’s facilities. Considering his extensive experience, I was interested in his current perspective on the startup environment.

TechCrunch: What types of companies currently capture your attention? Are there specific markets you are closely following?

Asheem Chandna: Digital transformation is a key area. Organizations across all industries are striving to enhance their digital capabilities, a process significantly accelerated by the COVID-19 pandemic. Another important focus is the ongoing evolution of information technology and its migration to the cloud. We are likely only around 10% to 15% of the way through this transition. While certain trends are apparent, the overall journey remains in its early stages, presenting substantial opportunities.

A third significant trend involves utilizing data to improve forecasting and leveraging analytics. Every chief executive is seeking to enhance their decision-making processes. Typically, leaders rely on a combination of intuition and data; however, if data can provide compelling insights and improve predictive capabilities, it unlocks considerable potential.

I see these as three overarching trends. Additionally, cybersecurity is more critical now than ever before. Having worked in the cybersecurity field for over two decades, I can attest to its increasing prominence, importance, and prioritization.

I’d like to explore your first point, digital transformation. This concept has been widely discussed for the past ten years, accompanied by phrases like “Data is the new oil” and other marketing buzzwords. Where do we stand in this evolution? Are we nearing completion, or are we just beginning? What does the future hold for startups in this space?

The COVID-19 pandemic and the changing nature of work have established digital platforms as the primary means of operation. I still believe we are in the early stages, and a sector-by-sector analysis reveals the significant amount of work that remains.

Consider enterprise sales, which is still relatively new to digitalization. Its importance has grown even in the last year. I am currently using video for communication, and the next step is enabling self-guided software trials and tracking the customer experience throughout that trial period. Then there’s the matter of digitally managing the software contract and the overall sales process.

Even a seemingly straightforward process like enterprise sales is undergoing transformation. Successful software entrepreneurs recognize this and would benefit from carefully examining each step of the process, implementing instrumentation, and digitizing it.

Vertical versus horizontal plays in enterprise

Many of your investments lean towards broader, horizontal applications, but recently, numerous venture capitalists have been focusing on more specialized, vertical SaaS solutions. Could you share your investment philosophy regarding this trend?

My perspective is that both approaches hold merit. It’s important to remember that some of the most significant successes in the technology sector have come from horizontal software platforms. Consider customer relationship management systems used across various industries, or cybersecurity solutions serving a wide range of clients, marketing automation tools, and enterprise resource planning systems – the biggest achievements have generally been horizontal in nature.

However, substantial opportunities also exist within vertical markets. By establishing a strong initial position in a specific vertical, companies can often benefit from a winner-takes-most dynamic, achieving a dominant market share. While the total addressable market might be smaller in a vertical, it’s frequently easier for a leading company to expand its reach, making a vertical-focused strategy potentially very profitable.

You specifically mentioned ERP systems. What is your outlook for startups attempting to challenge established enterprise leaders in such areas?

In both the CRM and ERP spaces, it’s accurate to say that every venture capital firm focused on enterprise technology is actively seeking the next disruptor to Salesforce or SAP. To any entrepreneur with ideas on how to effectively compete with, integrate into, or overcome these exceptionally large and successful companies, I can assure you that Sand Hill Road and all enterprise VCs would be eager to discuss those concepts.

I believe it’s also reasonable to predict that within the next decade, there will almost certainly be publicly traded companies in these segments that currently do not exist, given the sheer size of these markets. Therefore, there’s a considerable amount of potential for innovation and growth.

What strategies do you foresee for challenging these large, established companies?

A key factor lies in recognizing how the current landscape differs from the environment when these incumbent companies were founded, both in terms of customer expectations and the available technology infrastructure. Today’s customers increasingly rely on mobile access and operate in more distributed environments than they did ten years ago.

Furthermore, the ability to leverage data and analytics on a large scale is crucial. This involves building and utilizing extensive data lakes with highly scalable backends, processing power, and memory, and then applying advanced algorithmic capabilities to that data. Starting with a fresh approach, it would be very challenging for the existing players to effectively compete.

The evolving landscape of data and no-code platforms

Let's turn our attention to data and the future of data within enterprises. What is the current state of this market?

It appears that most organizations are currently facing difficulties with their data lake strategies. Many enterprises are now focused on reconstructing the data lake concept, incorporating scalable computing power and memory resources.

Looking ahead, a significant challenge will be addressing data privacy concerns—including data governance and lineage. This presents an opportunity for public cloud providers to expand their capabilities, and for independent companies to develop supporting layers that enable scalable access, governance, and privacy solutions, functioning across both single and multiple cloud environments.

Considering the increasing privacy regulations, does this create more obstacles for startups attempting to enter these markets?

I believe there are opportunities for both established companies and new ventures. These regulations often include exceptions based on business size and the volume of data processed. Therefore, a new startup today must be fully aware of these considerations.

I’d like to discuss no-code tools, a topic I’ve recently explored. What are your thoughts on this approach within the data world?

We haven’t yet made investments in this specific area, but we are observing it closely. We would welcome conversations with any entrepreneurs working in this space.

This sector is experiencing rapid growth. As software becomes more broadly applicable across industries, it is also becoming more widespread. This represents a degree of software democratization, and many individuals aspire to perform tasks traditionally done by developers.

In some respects, many would argue that Excel is the most impactful software ever created, as it allows almost anyone to begin working with data at a fundamental level, and the potential applications are vast. No-code tools can be seen as an extension of this concept, expanding its capabilities. Over time, we anticipate that cloud providers will integrate these features directly into their platforms.

Finally, I’m interested in understanding Greylock’s investment distribution across the data stack, from hardware to infrastructure and applications.

The simple answer is that we invest across the entire stack.

Chandna mentioned that Greylock has invested in companies such as Snorkel, Cresta, Abnormal Security, and others.

We engage in venture investing at both the tooling and application levels. Where are we less inclined to invest? In the tooling space, certain areas appear more risky than others. Some of these areas are likely to become standardized, and we expect to see acquisitions and integration into larger platforms in the coming years.

Opportunities in the SMB market?

Let’s address a question from the audience concerning SMB enterprise startups. What trends are you observing within the enterprise sector?

I would highlight a couple of key observations. First, if anyone is developing a solution for the enterprise that delivers substantial value – perhaps with an average selling price in the mid-five-figure range or the low six figures, potentially scaling to the mid-six-figure or even seven-figure level – and can establish a scalable and consistent sales process, that represents a highly promising avenue for growth. This approach has a strong track record of success and can generate considerable value.

Secondly, many companies that initially focus on the enterprise market eventually expand to include commercial clients as they mature. Examples include well-known organizations like Salesforce and Palo Alto Networks. While some companies choose to remain exclusively enterprise-focused, others successfully integrate both enterprise and commercial segments.

As an example, Asana recently launched an IPO utilizing a bottom-up sales strategy, prioritizing enterprise customers while also attracting a significant number of users in the broader commercial market. Dropbox is another company that has effectively implemented this strategy.

Finally, the midmarket has traditionally presented difficulties for expansion. Even now, it remains uncertain whether sustained growth beyond a specific market valuation is achievable. However, for new entrepreneurs launching ventures today, the midmarket appears to offer greater potential and opportunity than in the past, largely due to the increasing prevalence of bottom-up sales models.

Shifting left on cybersecurity

Turning our attention to cybersecurity as our concluding topic, how is this field evolving in response to the numerous global changes we’re experiencing?

This has become a critical concern for the majority of organizations today. The traditional security boundaries for most companies have fundamentally altered in two significant ways.

Firstly, these boundaries have expanded to encompass the location of each employee. Currently, many organizations have employees working remotely or operating in mobile environments. Consequently, the perimeter has effectively dissolved, requiring organizations to reconsider how they safeguard employees at their homes, protect data on their personal devices, and recognize the increased importance of home network security.

Secondly, the perimeter has also moved further upstream, largely due to the widespread adoption of cloud technologies. As most organizations continue their transition to the cloud – a process accelerated by recent events – greater investment in endpoint security and a deeper understanding of employee activity are now essential.

Given the ever-changing nature of these threats, is truly secure computing ever achievable?

Historically, cybersecurity has consistently adapted to advancements in IT infrastructure. Therefore, as technology evolves, so too will security measures. For example, if augmented reality becomes more prevalent, security protocols will naturally develop alongside it. Similarly, increased reliance on cryptocurrency or blockchain will prompt the creation of corresponding cybersecurity layers. Essentially, we can anticipate a continuous layering of software and a robust security framework built around emerging architectures.

Furthermore, this field presents a compelling opportunity for innovation and entrepreneurship, attracting talented individuals eager to develop improved security solutions. Notably, larger companies have demonstrated a willingness to adopt these new and better approaches, which has significantly aided the growth of smaller businesses.

A particularly important development to highlight is the growing trend of “shifting left” in security practices. Organizations are increasingly focused on accelerating software delivery while simultaneously enhancing its security. There’s a strong desire to build more secure software from the outset, leading to the concept of “shift left”—integrating security considerations directly into the software development process.

How to pitch Asheem

To conclude, what is the most effective method for a founder to present their idea to you?

The most productive way to reach out is through a thoroughly composed email, and it’s beneficial to include comprehensive information regarding the challenge you are addressing, your proposed solutions, and a brief overview of your background. What makes your solution groundbreaking? What novel aspects are you introducing? What personal connection drives your work on this?