Information security is the gift that keeps on giving. Security, or at least security compromises, fuel the news while large publishing, analysis and events businesses fan out from it. As for security companies themselves, well, that way fortunes lie. Just ask Symantec with its $15bn market cap at time of writing, McAfee which sold to Intel for over $7bn in 2010, or companies that have gone public in recent years like CyberArk, Mimecast, FireEye or Palo Alto Networks.
Jim Dolce is the CEO of Lookout, another enterprise security outfit but one with its roots in the consumer sector and focused on the still-growing mobile world. Lookout was formed in 2007, the anno domini when the iPhone launched and changed everything, and it has raised over $282m from a Who’s Who of backers that includes golden names like Andreessen, Khosla, Bezos, Hoffman and Volpi. It’s formula: a cloud-based analytics engine that can predict security threats, log existing issues, identify malware or spot app vulnerabilities.
Dolce is an industry veteran and serial startup leader who held roles at Juniper Networks and Akamai Technologies. He joined San Francisco-headquartered Lookout in 2014 with the task of taking a startup that came from the work of entrepreneurs in a dorm room at the University of Southern California and making it one of the most important security firms of its generation.
The Big Switch
Dolce inherited what was predominantly a consumer security company for iOS and Android platforms with a big audience of 35 million customers. In March 2014, shortly after his arrival, Dolce says Lookout’s board of directors pivoted, deciding to target large enterprises because mobile cybersecurity was becoming a big issue as smartphones and BYOD devices had become critical elements of corporate IT infrastructure.
When he joined, over $130m had been raised and half was still left to be spent but Dolce took Lookout to the funding well again to help it focus on the global 2000 accounts and to build enterprise-grade product development programmes and distribution channels.
“As a consumer company you basically sell to an appstore; there is no field sales, there is no distribution, and if you sell to the global 2000 it’s a very different mode,” he says. “The task of getting into the enterprise was going to take something very different. There was a lot of fundraising around at the time so where we set out to raise $100m we got $200m.”
That’s a large sum but it didn’t make Dolce blink or worry about giving away too much equity, and he believes that the timing has turned out to be good given the harder market today for valuations, funding and IPOs.
“The basic rule is, if the money’s there you take it off the table because you know there may be tougher times around the corner - and now there are tougher times. It’s a very simple rule. It’s not a question of how much ownership you give away if it’s a reasonable valuation.”
Salesforce and LinkedIn as precedents
Lookout now has about 100 enterprise customers, typically with 5,000 to 10,000 users each, but it hasn’t taken its eyes off the consumer segment where it now has 100 million users. For the enterprises it’s a standard “land and expand” model familiar since Salesforce.com began to gel: get in, impress, and bet that more of your stuff will sell to more departments over time as awareness spreads like a benevolent virus. But while some businesses that switch from B2C to B2B might slowly strangle the consumer offering or have a forced march to higher charges, for Dolce consumers still have enormous value.
“Consumer grows at five million users per quarter for us – they’re sensors,” Dolce says. He sees a comparison with LinkedIn: the premium customers provide the revenue but without the volume of users, most of them paying zip, there is no critical mass and no data to be mined. Ultimately, Dolce argues, Lookout is a Big Data company able to identify threats by having people on the ground – users – everywhere.
Security firms that target the world’s biggest IT buyers have stayed hot but Dolce also contends that Lookout has significant differentiation from rivals focused on perimeter, network or endpoint security. Dolce makes a laundry list of such players from Cylance to FireEye via CrowdStrike, Tanium and Palo Alto.
“We’re very different,” Dolce says. “We’re cloud- and mobile-first. Everything is based on an app today and we protect data in an app-centric model.”
Dolce brushes off suggestions this could relegate Lookout to niche status, saying his company is an example of the hockey player skating to where the puck is going rather than standing still:
“If you follow Oracle you will know that they’re moving their business from selling to cloud-delivered solutions. No longer is it running in a private datacentre; instead it’s a cloud accessed from a mobile device or app.”
Opportunities abound. As well as selling to consumers and to enterprises, Dolce spies a big opportunity for carriers like Orange, EE or BT to become managed security software providers by white-labelling or otherwise partnering with a Lookout. He views the enterprise mobile security business as a $3-4bn market opportunity and says there is also the chance to address more sub-segments, most notably regulatory compliance where rules like Sarbanes-Oxley or HIPAA in healthcare mandate a duty of care with data.
What’s next for this company that Dolce says has annual revenues in the $50-100m range, potentially making it an IPO candidate in the next few years? Dolce says he’s open-minded and focused on delivering the kind of growth and other metrics that will give Lookout a full hand of options.
“For us, it’s execution… we just have to execute,” he says.