Sophos CEO on Security, SMEs, the US and an IPO

On an unseasonably warm September day in London it’s taken me 40 minutes to get from Charlotte Street to Southwark. I’m meeting Sophos CEO Kris Hagerman who also had a disrupted journey from Abingdon in Oxfordshire where the security software company has its HQ.

The state of endemic disruption and lack of coordination in entering and traversing the capital offers a fair analogue for business security perhaps as Hagerman reckons 99% of companies are not well protected and mostly because of basic failures rather than anything deeply techie.

“They just don’t have the IT staff or expertise to manage the complex security products and that’s kind of what the industry is churning out,” says this softly spoken, Ohio-born former Corel CEO and Symantec executive.

This is something of a mantra for Sophos, a company that often wins praise for the simplicity and manageability of its approach. It’s an unusual company and not just for having its heart in Oxfordshire and its head, as it were, in Silicon Valley where Hagerman is based these days. It also stands out for focusing on SMBs and SMEs in a business where most peers aim directly for the world’s biggest accounts.

“It’s like in Bonnie and Clyde when they say ‘Why do you rob banks?’ and they answer ‘Because that’s where the money is’,” he laughs, recalling the Warren Beatty/Fay Dunaway classic movie.

“These companies have hundreds of products with all sorts of bells and whistles and switches and knobs, and try to be all things to all people from consumer to Citigroup, but they’re really focused almost exclusively on the Global 2000.”

Sophos, by contrast, targets small and midmarket enterprises with zero to half a dozen dedicated security professionals, selling its wares exclusively through channel partners. Returning to the silver screen theme, he calls that high-concept “Intuit meets Citrix for security” and he seems genuinely bewildered as to why more companies don’t aim for the middle ground.

The reason for the endemic lack of security in businesses is to do with the volume of moving parts and simple failures to perform updates, impose password protection, use encryption and so on, he argues. But shouldn’t that diagnosis lead to a prescription for a rush to adopting cloud services, where Sophos is increasingly taking its security management consoles?

Hagerman thinks not, even if Sophos itself has moved manageability of its services to the cloud and is seeing strong business on AWS and other platforms. Instead he insists that the vast majority of enterprises will remain mixed on/off-premise environments.

Back to security and the lack of it in businesses, he’s reluctant to criticise the scaremongering of which the industry is sometimes guilty and disagrees with the view that it has long been a challenge for IT leaders to know what’s truly dangerous and what’s not.

“I’d like to give our security a bit more credit than that,” he says. “All the credible vendors have their hearts in the right place.”

As for what comes next, Hagerman agrees that an IPO might be a logical next stride for this 2,200-staff company with undisclosed revenues. Despite (another unusual aspect this), having been in existence for about 30 years, Sophos still enjoy double-digit growth, according to Hagerman.

If there were to be an IPO then I suggest that market watchers might demand a move to buyers with bigger wallets. Hagerman disagrees and says he is more than comfortable with the midmarket aim. However, he notes that some “larger enterprises say they want something simpler too” and are therefore drawn to Sophos. He won’t disclose his biggest customers but Sophos’s website points to some huge brands: Toshiba, Ford, Avis, Pixar and Xerox among them.

With only 35% of revenue coming from the US compared to half from EMEA – a very different split to most rivals - new funds could also lead to new geographic opportunities but Hagerman says he’s in “no rush” to float.

Being private has its advantages, notably focusing on the long term and being “pretty disruptive” but then again he says Sophos’s “number-one problem is that it’s a big world and Symantec and McAfee are just better known”.

He adds that “with better information” more decision-makers would plump for Sophos. A newsworthy float wouldn’t hurt publicity either, you might think.


Martin Veitch is Editorial Director at IDG Connect


« Typical 24: Michael Hiskey, MicroStrategy


Crowdsourcing Innovation: Colin Mahoney, Street Repairs »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?