13 Boston-focused VCs share the advice they’re giving portfolio companies

TechCrunch is focusing a bit more on the Boston-area startup and venture capital ecosystem lately, which has gone pretty well so far.

In fact, we had originally intended on releasing this regional investor survey as a single piece, but since so many VCs took part, we’re breaking it into two. The first part deals with the world we live in today, and the remainder will detail what Boston-area investors think about the future.

We broke our questions into two parts to better track investor sentiment. But, we were also curious what was going to come when things got back closer to normal. So, this first entry in our Boston investor survey covers our questions concerning what’s going on now. On Thursday we’ll have the second piece, looking at what’s ahead.

Here’s who took part:

What follows is a quick digest of what stood out from the collected answers, though there’s a lot more that we didn’t get to.

Boston VC in the COVID-19 era

Parsing through thousands of words and notes from our participating VCs, a few things stood out.

Boston startups aren’t having as bad a time — yet, at least — as area investors expected

Fewer companies than they anticipated are laying off staff for example. From our perspective, the number of Boston investors who noted that their portfolio companies were executing layoffs or furloughs (we asked for each to be precise) was very low; far more Boston-area startups are hiring than even freezing headcount. Layoffs appear somewhat rare, but as we all know cost cutting can take many forms for startups. Especially startups on the seed and early-stage side, which makes up the majority of these firm’s portfolio companies.

According to Glasswing’s Rudina Seseri, startup duress has come in “significantly under what [her firm was] expecting at the beginning of COVID-19.”

This may be due to a strong first quarter helping companies in the city and its surrounding area make it another few quarters. We might not know the full bill of COVID-19 and its related disruptions until next year.

More investors than we expected noted that their Boston portfolio companies aren’t raising this year

So what we’re gleaning from that fact is that any decline in Q2 and Q3 VC data is not because companies can’t raise, but because they don’t need to. Comments echoed a theme we wrote about in April: Boston broke records in Q1 in terms of dollars raised, but saw a dip in the number of checks cut.

Pillar VC’s Jamie Goldstein said that “about 15% of our companies are planning to raise capital this year,” which felt about average. Underscore VC’s Lily Lyman simply noted that, “Yes,” her Boston-area portfolio companies would hunt for new capital this year. Bill Geary of Flare Capital is on the other side of that coin, saying that “each of [his firm’s] Boston-based investments has successfully recently raised capital and will not be raising additional funds until 2021.”

It’s hard not to wonder if what happened to Boston unicorns Toast and EzCater was the exception and not the rule

 You see, Boston’s startup scene skews relatively early stage, so smaller companies don’t have high-profile cuts because, to be frank, there isn’t much staff to cut in the first place. It puts Boston in a unique setting to focus in on its early stage market, and investors all agreed that this is an important moment for the ecosystem.

The March-era stress tests are now months in the rearview mirror, and every startup has shaken up their spend and growth plans. Perhaps we have met the new normal, and it’s time to let the runway do the talking.

With that, let’s get into full questions and answers.

Rudina Seseri, Glasswing Ventures

What is the top-line advice you’re giving your portfolio companies right now?

This is a pivotal time, be efficient and drive execution. Cut costs where possible but at the same time don’t be afraid to spend for growth acceleration.

What percentage of your Boston-based portfolio companies are still hiring, not including those merely backfilling?

About 60%.

What percentage of your Boston-based portfolio companies have frozen new hires?

About 20%.

What percentage of your Boston-based portfolio companies have furloughed staff?

None.

What percentage of your Boston-based portfolio companies have cut staff?

One company that represents about 4% of the portfolio.

Are your Boston-based portfolio companies looking to raise new capital this year?

Most have raised recently, and consequently are not looking to raise at this time.

If not, are they often delaying due to COVID-19?

No, because of their recent raises, their fundraising considerations will take place in 2021.

Has duress amidst your Boston-based portfolio companies undershot, matched or overshot your expectations from March?

It has been significantly under what we were expecting at the beginning of COVID-19.

How has your investment appetite changed in terms of pace and location, if at all?

We have been very active and closed deals in this environment. Our expectation is that our investment appetite will remain the same going forward.

Are you making investments in Q2 into net-new founders and companies?

Yes, as a matter-of-fact we just closed a yet-to-be announced investment this month.

Are there particular sectors of startups in Boston that you expect to do well, aside from SaaS businesses that are benefiting from secular trends? Are there any sectors you have become newly bearish on?

Yes, those that are in our core focus areas — solutions that bring down the cost of cloud and data, platforms and tools leveraging AI, those that facilitate cost reduction, and intelligent solutions in cybersecurity that protect the enterprise.

How does the uncertainty of schools reopening impact the startup ecosystem?

This will further drive and institutionalize distributed teams and remote working as a go-forward mode of operating.

Superhuman’s Rahul Vohra says recession is the ‘perfect time’ to be aggressive for well-capitalized startups

Email is one of those things that no one likes but that we’re all forced to use. Superhuman, founded by Rahul Vohra, aims to help everyone get to inbox zero.

Launched in 2017, Superhuman charges $30 per month and is still in invite-only mode with more than 275,000 people on the waitlist. That’s by design, Vohra told us earlier this week on Extra Crunch Live.

“I think a lot of folks misunderstand the nature of our waitlist,” he said. “They assume it’s some kind of FOMO-generating technique or some kind of false scarcity. Nothing could be further from the truth. The real reason we have the waitlist is that I want everyone who uses Superhuman to be deliriously happy with their experience.”

Today, the app is only available for desktop and iOS. Superhuman started with iOS because most premium users have iPhones, Vohra said. Still, many users have Android, so Superhuman’s waitlist consists mostly of Android users.

“We don’t think that if we onboard them they’d have the best experience with Superhuman because email really is an ecosystem product,” he said. “You do it just as much on the go as you do from your laptop. There’s a lot of reasons like that. So if you’re a person who identifies that as a must-have, well, we’ll take in the survey, we’ll learn about you so we know when to reach out to you. Then when we have those things built or integrated, we’ll reach out.”

We also chatted about his obsession with email, determining pricing for a premium product, the impact of COVID-19, diversity in tech in light of the police killing of George Floyd and so much more.

Throughout the conversation, Vohra also offered up some good practical advice for founders. Here are some highlights from the conversation.

On competition from Hey, the latest buzzy email app

Yeah, I’m not at all worried. I used to get worried about this. You know, 10 years ago, even as recently as five years ago, I would get worried about competitors. But I think Paul Graham has really, really great advice on this. I think he says pretty much verbatim: Startups don’t kill other startups. Competition generally doesn’t kill the startup. Other things do, like running out of money being the biggest one, or lack of momentum or lack of motivation or co-founder feuds; these are all really dangerous things.

Competition from other startups generally isn’t the thing that gets you and you know, props to the Basecamp team and everything they’ve done with Hey. It’s really impressive. I think it’s for an entirely different demographic than Superhuman is for.

Superhuman is for the person for whom essentially email is work and work is email. Our users kind of almost personally identify with their email inbox, and they’re coming from Gmail or G Suite. Typically it’s overflowing so they often receive hundreds if not thousands of emails a day, and they send off 100 emails a day. Superhuman is for high-volume email for whom email really matters. Power users, essentially, though power users isn’t quite the right articulation. What I actually say is prosumers because there’s a lot of people who come to us at Superhuman and they’re not yet power users of email, but they know they need to be.

That’s what I would call a prosumer — someone who really wants to be brilliant at doing email. Now Hey doesn’t seem to be designed for that target market. It doesn’t seem to be designed for high-volume emailers or prosumers or power users.

Payfone raises $100M for its mobile phone-based digital verification and ID platform

As an increasing number of daily and essential services move to digital platforms — a trend that’s had a massive fillip in the last few months — having efficient but effective ways to verify that people are who they say they are online is becoming ever more important. Now, a startup called Payfone, which has built a B2B2C platform to identify and verify people using data (but no personal data) gleaned from your mobile phone, has raised $100 million to expand its business. Specifically, Rodger Desai, the co-founder and CEO, said in an interview that plan will be to build in more machine learning into its algorithms, expand to 35 more geographies, and to make strategic acquisitions to expand its technology stack.

The funding is being led by Apax Digital, with participation from an interesting list of new and existing backers. They include Sandbox Insurtech Ventures, a division of Sandbox Industries, which connects corporate investment funds with strategic startups in their space); Ralph de la Vega, the former Vice Chairman of AT&T; MassMutual Ventures; Synchrony; Blue Venture Fund (another Sandbox outfit); Wellington Management LLP; and the former CEO of LexisNexis, Andrew Prozes.

Several of these investors have a close link to the startup’s business: Payfone counts carriers, healthcare and insurance companies, and banks among its customers, who use Payfone technology in their backends to help verify users making transactions and logging in to their systems.

Payfone tells me it has now raised $175 million to date, and while it’s not disclosing its valuation with this round, according to PitchBook, in April 2019 when it raised previously it was valued at $270 million. Desai added that Payfone is already profitable and business has been strong lately.

“In 2019 we processed 20 billion authentications, mostly for banks but also healthcare companies and others, and more generally, we’ve been growing 70% year-over-year,” he said. The aim is to boost that up to 100 billion authentications in the coming years, he said.

Payfone was founded in 2008 amongst a throng of mobile payment startups (hence its name) that emerged to help connect consumers, mobile content businesses and mobile carriers with simpler ways to pay using a phone, with a particular emphasis on using carrier billing infrastructure as a way of letting users pay without inputting or using cards (especially interesting in regions where credit and debit card penetration and usage are lower).

That has been an interesting if slowly growing business so around 2015 Payfone starting to move towards using its tech and infrastructure to delve into the adjacent and related space of applying its algorithms, which use authentication data from mobile phones and networks, to help carriers, banks, and many other kinds of businesses verify users on their networks.

(Indeed, the connection between the technology used for mobile payments that bypasses credit/debit cards and the technology that might be used for ID verification is one that others are pursuing, too: Carrier billing startup Boku — which yesterday acquired one of its competitors, Fortumo, in a $41 million deal as part of a wider consolidation play — also acquired one of Payfone’s competitors, Danal, 18 months ago to add user authentication into its own range of services.)

The market for authentication and verification services was estimated to be worth some $6 billion in 2019 and is projected to grow to $12.8 billion by 2024, according to research published by MarketsandMarkets. But within that there seems to be an almost infinite amount of variations, approaches, and companies offering services to carry out the work. That includes authentication apps, password managers, special hardware that generates codes, new innovations in biometrics using fingerprints and eye scans, and more.

While some of these require active participation from consumers (say by punching in passwords or authentication codes or using fingerprints), there’s also a push to develop more seamless and user-friendly, and essentially invisible, approaches, and that’s where Payfone sits.

As Desai describes it, Payfone’s behind-the-scenes solution is used either as a complement to other authentication techniques and on its own, depending on the implementation. In short, it’s based around creating “signal scores” and tokens, and is built on the concept of “data privacy and zero data knowledge architecture.” That is to say, the company’s techniques do not store any personal data and do not need personal data to provide verification information.

As he describes it, while many people might only be in their 20s when getting their first bank account (one of the common use cases for Payfone is in helping authenticate users who are signing up for accounts via mobile), they will have likely already owned a phone, likely with the same phone number, for a decade before that.

“A phone is with you and in your use for daily activities, so from that we can opine information,” he said, which the company in turn uses to create a “trust score” to identify that you are who you say you are. This involves using, for example, a bank’s data and what Desai calls “telecoms signals” against that to create anonymous tokens to determine that the person who is trying to access, say, a bank account is the same person identified with the phone being used. This, he said, has been built to be “spoof proof” so that even if someone hijacks a SIM it can’t be used to work around the technology.

While this is all proprietary to Payfone today, Desai said the company has been in conversation with other companies in the ecosystem with the aim of establishing a consortium that could compete with the likes of credit bureaus in providing data on users in a secure way.

“The trust score is based on our own proprietary signals but we envision making it more like a clearing house,” he said.

The fact that Payfone essentially works in the background has been just as much of a help as a hindrance for some observers. For example, there have been questions raised previously about how data is sourced and used by Payfone and others like it for identification purposes. Specifically, it seems that those looking closer at the data that these companies amass have taken issue not necessarily with Payfone and others like it, but with the businesses using the verification platforms, and whether they have been transparent enough about what is going on.

Payfone does provide an explanation of how it works with secure APIs to carry out its services (and that its customers are not consumers but the companies engaging Payfone’s services to work with consumer customers), and offers a route to opt out of of its services for those that seek to go that extra mile to do so, but my guess that this might not be the end of that story if people continue to learn more about personal data, and how and where it gets used online.

In the meantime, or perhaps alongside however that plays out, there will continue to be interesting opportunities for approaches to verify users on digital platforms that respect their personal data and general right to control how any identifying detail — personal or not — gets used. Payfone’s traction so far in that area has helped it stand out to investors.

“Identity is the key enabling technology for the next generation of digital businesses,” said Daniel O’Keefe, managing partner of Apax Digital, in a statement. “Payfone’s Trust Score is core to the real-time decisioning that enterprises need in order to drive revenue while thwarting fraud and protecting privacy.” O’Keefe and his colleague, Zach Fuchs, a principal at Apax Digital, are both joining the board.

“Payfone’s technology enables frictionless customer experience, while curbing the mounting operating expense caused by manual review,” said Fuchs. 

Intercom announces the promotion of Karen Peacock to CEO

Three years ago almost to the day, Intercom announced that it was bringing former Intuit exec Karen Peacock on board as COO. Today, she got promoted to CEO, effective July 1st. Current CEO and company co-founder Eoghan McCabe will become Chairman.

As it turns out, these moves aren’t a coincidence. McCabe had been actively thinking about a succession plan when he hired Peacock. “When I first started talking to Eoghan three years ago, he shared with me that his vision was to hire someone as COO, who could then become the CEO at the right time and he could transition into the chairman role,” Peacock told TechCrunch.

She said while the idea was always there, they didn’t feel the need to rush the process. “We were just looking for whatever the right time was, and it wasn’t something we were expected to do in the first year or two. And now is really the right time to transition with all of the momentum that we’re seeing in the market,” she said.

She said as McCabe makes the transition away from running the company he helped found, he will still be around, and they will continue working together on things like product and marketing strategy, but Peacock brings a pedigree of her own to the new role.

Not only has she been in charge of commercial aspects of the Intercom business for the past three years, prior to that she was SVP at Intuit where she ran small business products that included QuickBooks, and grew it from a $500 million business to a hefty $2.5 billion during her tenure.

McCabe says that experience was one of the reasons he spent six months trying to convince Peacock to become COO at Intercom in 2017. “It’s really hard to find a leader that’s as well rounded, and as unique as Karen is. You know she doesn’t actually fit your typical very experienced operator,” he said. He points to her deep product background, calling her a “product nerd,” and her undergraduate degree in applied mathematics from Harvard as examples.

In spite of the pandemic, she’s taking over a company that’s still managing to grow. The company’s business messenger products, which enable companies to chat with customers online have become increasingly important during the pandemic with many brick and mortar businesses shut down and the majority of business is being conducted digitally.

“Our overall revenue is $150 million in annual recurring revenue, and a supporting data point to what we were just talking about is that our new business to up market customers through our sales teams has doubled year over year. So we’re really seeing some quite nice acceleration there,” she said.

Peacock says she wants to continue building the company and using her role to build a diverse and inclusive culture. “I believe that [diversity and inclusion] is not one person’s job, it’s all of our jobs, but we have one person who’s the center post of that (a head of D&I). And then we work with outside consulting firms as well to just try and stay in a place where we understand all of what’s possible and what we can do in the world.”

She adds, “I will say that we need to make more progress on diversity and inclusion, I wouldn’t step back and, and pat ourselves on the back and say we’ve done this perfectly. There’s a lot more that we need to do, and it’s one of the things that I’m very excited to tackle as CEO.”

According to a February Wall Street Journal article, less than 6% of women hold CEO jobs in the U.S. Peacock certainly sees this and wants to continue to mentor women as she takes over at Intercom. “It is something that I’m very passionate about. I do speak to various different groups of up and coming women leaders, and I mentor a group of women outside of Intercom,” she said. She also sits on the board at Dropbox with other women leaders like Condoleezza Rice and Meg Whitman.

Peacock says that taking over during a pandemic makes it interesting, and instead of visiting the company’s offices, she’ll be doing a lot of video conferences. But neither is she coming in cold to the company having to ramp up on the business side of things, while getting to know everyone.

“I feel very fortunate to have been with Intercom for three years, and so I know all the people and they all know me. And so I think it’s a lot easier to do that virtually than if you’re meeting people for the very first time. Similarly, I also know the business very well, and so it’s not like I’m trying to both ramp up on the business and deal with a pandemic,” she said.

When Security Takes a Backseat to Productivity

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force.

So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive entities, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today.

The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data detailing the CIA’s capabilities to perform electronic surveillance and cyber warfare. But the report’s contents remained shrouded from public view until earlier this week, when heavily redacted portions of it were included in a letter by Sen. Ron Wyden (D-Ore.) to the Director of National Intelligence.

The CIA acknowledged its security processes were so “woefully lax” that the agency probably would never have known about the data theft had Wikileaks not published the stolen documents online. What kind of security failures created an environment that allegedly allowed a former CIA employee to exfiltrate so much sensitive data? Here are a few, in no particular order:

  • Failing to rapidly detect security incidents.
  • Failing to act on warning signs about potentially risky employees.
  • Moving too slowly to enact key security safeguards.
  • A lack of user activity monitoring or robust server audit capability.
  • No effective removable media controls.
  • No single person empowered to ensure IT systems are built and maintained securely throughout their lifecycle.
  • Historical data available to all users indefinitely.

Substitute the phrase “cyber weapons” with “productivity” or just “IT systems” in the CIA’s report and you might be reading the post-mortem produced by a security firm hired to help a company recover from a highly damaging data breach.

A redacted portion of the CIA’s report on the Wikileaks breach.

DIVIDED WE STAND, UNITED WE FALL

A key phrase in the CIA’s report references deficiencies in “compartmentalizing” cybersecurity risk. At a high level (not necessarily specific to the CIA), compartmentalizing IT environments involves important concepts such as:

  • Segmenting one’s network so that malware infections or breaches in one part of the network can’t spill over into other areas.
  • Not allowing multiple users to share administrative-level passwords
  • Developing baselines for user and network activity so that deviations from the norm stand out more prominently.
  • Continuously inventorying, auditing, logging and monitoring all devices and user accounts connected to the organization’s IT network.

“The Agency for years has developed and operated IT mission systems outside the purview and governance of enterprise IT, citing the need for mission functionality and speed,” the CIA observed. “While often fulfilling a valid purpose, this ‘shadow IT’ exemplifies a broader cultural issue that separates enterprise IT from mission IT, has allowed mission system owners to determine how or if they will police themselves.”

All organizations experience intrusions, security failures and oversights of key weaknesses. In large enough enterprises, these failures likely happen multiple times each day. But by far the biggest factor that allows small intrusions to morph into a full-on data breach is a lack of ability to quickly detect and respond to security incidents.

Also, because employees tend to be the most abundant security weakness in any organization, instituting some kind of continuing security awareness training for all employees is a good idea. Some security experts I know and respect dismiss security awareness programs as a waste of time and money, observing that no matter how much training a company does, there will always be some percentage of users who will click on anything.

That may or may not be accurate, but even if it is, at least the organization then has a much better idea which employees probably need more granular security controls (i.e. more compartmentalizing) to keep them from becoming a serious security liability.

Sen. Wyden’s letter (PDF), first reported on by The Washington Post, is worth reading because it points to a series of continuing security weaknesses at the CIA, many of which have already been addressed by other federal agencies, including multi-factor authentication for domain names and access to classified/sensitive systems, and anti-spam protections like DMARC.

Contentful raises $80M Series E round for its headless CMS

Headless CMS company Contentful today announced that it has raised an $80 million Series E funding round led by Sapphire Ventures, with participation from General Catalyst, Salesforce Ventures and a number of other new and existing investors. With this, the company has now raised a total of $158.3 million and a Contentful spokesperson tells me that it is approaching a $1 billion valuation.

In addition, the company also today announced that it has hired Bridget Perry as its CMO. She previously led Adobe’s marketing efforts across Europe, the Middle East and Africa.

Currently, 28% of the Fortune 500 use Contentful to manage their content across platforms. The company says it has a total of 2,200 paying customers right now and these include the likes of Spotify,  ITV, the British Museum, Telus and Urban Outfitters.

Steve Sloan, the company’s CEO who joined the company late last year, attributes its success to the fact that virtually every business today is in the process of figuring out how to become digital and serve its customers across platforms – and that’s a process that has only been accelerated by the coronavirus pandemic.

“Ten or fifteen years ago, when these content platforms or content management systems were created, they were a) really built for a web-only world and b) where the website was a complement to some other business,” he said. “Today, the mobile app, the mobile web experience is the front door to every business on the planet. And that’s never been any more clear than in this recent COVID crisis, where we’ve seen many, many businesses — even those that are very traditional businesses — realize that the dominant and, in some cases, only way their customers can interact with them is through that digital experience.”

But as they are looking at their options, many decide that they don’t just want to take an off-the-shelf product, Sloan argues, because it doesn’t allow them to build a differentiated offering.

Image Credits: Contentful /

Perry also noted that this is something she saw at Adobe, too, as it built its digital experience business. “Leading marketing at Adobe, we used it ourselves,” she said. “And so the challenge that we heard from customers in the market was how complex it was in some cases to implement, to organize around it, to build those experiences fast and see value and impact on the business. And part of that challenge, I think, stemmed from the kind of monolithic, all-in-one type of suite that Adobe offered. Even as a marketer at Adobe, we had challenges with that kind of time to market and agility. And so what’s really interesting to me — and one of the reasons why I joined Contentful — is that Contentful approaches this in a very different way.”

Sloan noted that putting the round together was a bit of an adventure. Contentful’s existing investors approached the company around the holidays because they wanted to make a bigger investment in the company to fuel its long-term growth. But at the time, the company wasn’t ready to raise new capital yet.

“And then in January and February, we had inbound interest from people who weren’t yet investors, who came to us and said, ‘hey, we really want to invest in this company, we’ve seen the trend and we really believe in it.’ So we went back to our insiders and said, ‘hey, we’re going to think about actually moving in our timeline for raising capital,” Sloan told me. “And then, right about that time is when COVID really broke out, particularly in Western Europe in North America.”

That didn’t faze Contentful’s investors, though.

“One of the things that really stood out about our investors — and particularly our lead investor for this round Sapphire — is that when everybody else was really, really frightened, they were really clear about the opportunity, about their belief in the team and about their understanding of the progress we had already made. And they were really unflinching in terms of their support,” Sloan said.

Unsurprisingly, the company plans to use the new funding to expand its go-to-market efforts (that’s why it hired Perry, after all) but Sloan also noted that Contentful plans to invest quite a bit into R&D as well as it looks to help its customers solve more adjacent problems as well.

Loodse becomes Kubermatic and open sources Kubernetes automation platform

Loodse, a German Kubernetes automation platform, announced today that it was rebranding as Kubermatic. While it was at it, the company also announced that it was open sourcing its Kubermatic Kubernetes Platform as open source under the Apache 2.0 License.

Co-founder Sebastian Scheele says that his company’s Kubernetes solution can provision clusters and applications on any cloud, as well in a datacenter running, for example OpenStack or VMware. What’s more, it can do it much faster by automating much of the operations side of running Kubernetes clusters.

“We wanted to really have a cloud native way to run and manage Kubernetes. And so it’s running the Kubernetes master itself, which is completely containerized on top of Kubernetes, rather than being run on VMs. This helps provide you with better scalability, but also because it’s running on Kubernetes, we get all of the resilience and auto scaling out of Kubernetes itself,” Scheele told TechCrunch.

He says that he and his co-founder Julian Hansert have always had a strong commitment to open source, and offering Kubermatic platform under the Apache 2.0 license is a way to show that to the community. “One of the big [things] we can bring to the table is making Kubermatic completely open source, while following the Open-core model, and having a strong commitment to open source to the world and also to the community,” he said.

Image Credit: Kubermatic

As for why it’s rebranding, he says that the original company name is a German word that means navigation pilot for a ship. The name is a nod to its Hamburg base, which is a hub for container ships. It makes sense to Germans, but not others, so they wanted a name that more broadly reflected what the company does.

“Now that we are open sourcing Kubermatic, we also thought that people should understand our vision and what’s our DNA. It’s Kubernetes automation, helping our customers to really save money on Kubernetes operations by automating as much as possible on the operation level, so our users can really focus on building new applications,” he explained.

The company launched 4 years ago and has taken no funding, completely bootstrapping along the way. It’s worth noting it was of the top 5 committers to the open source Kubernetes project in 2019 along with much bigger names including Google, VMware, Red Hat and Microsoft.

Today the company has 50 employees most of whom are working remotely by choice, rather than due to the pandemic. In fact the company has employees working in 10 different countries. He says that has allowed him to work with people with a broad set of skills, who don’t necessarily live in Hamburg where he and Hansert are based.

‘One day we were in the office and the next we were working from home’

Ryan Easter couldn’t believe he was being asked to run a pandemic business continuity test.

It was late October, 2019 and Easter, IT Director and a principal at Johnson Investment Counsel, was being asked by regulators to ensure that their employees could work from home with the same capabilities they had in the office. In addition, the company needed to evaluate situations where up to 50% of personnel were impacted by a virus and unable to work, forcing others to pick up their internal functions and workload.

“I honestly thought that it was going to be a waste of time,” said Easter. “I never imagined that we would have had to put our pandemic plan into action. But because we had a tested strategy already in place, we didn’t miss a beat when COVID-19 struck.”

In the months leading up to the initial test, Johnson Investment Counsel developed a work anywhere blueprint with their technology partner Evolve IP. The plan covered a wide variety of integrated technologies including voice services, collaboration, virtual desktops, disaster recovery and remote office connectivity.

“Having a strategy where our work anywhere services were integrated together was one of the keys to our success,” said Easter. “We manage about $13 billion in assets for clients across the United States and provide comprehensive wealth and investment management to individual and institutional investors. We have our own line of mutual funds, a state-chartered trust company, a proprietary charitable gift fund, with research analysts and traders covering both equity and fixed income markets. Duct taping one-off solutions wasn’t going to cut it.”

Easter continued, “It was imperative that our advisors could communicate with clients, collaborate with each other and operate the business seamlessly. That included ensuring we could make real-time trades and provide all of our other client services.”

Five months later, the novel coronavirus hit the United States and Johnson Investment Counsel’s blueprint test got real.

Uptycs lands $30M Series B to keep building security analytics platform

Every company today is struggling to deal with security and understanding what is happening on their systems. This is even more pronounced as companies have had to move their employees to work from home. Uptycs, a Boston-area security analytics startup, announced a $30 million Series B today to help companies to detect and understand breaches when they happen.

Sapphire Ventures led the round with help from Comcast Ventures and ForgePoint Capital. The startup has now raised a total of $43 million, according to the company. Under the terms of today’s deal Sapphire Ventures’ president and managing director Jai Das will be joining the company’s board.

Company co-founder and CEO Ganesh Pai says he and his co-founders previously worked at Akamai, where they observed Akamai’s debugging and diagnostic tools, which were designed to work at massive scale. The founders believed they could use a similar approach to building a security analytics platform, and in 2016 the group launched Uptycs.

“We help people to solve intrusion detection, compliance and audit and incident investigation. These are table stakes requirements [for security solutions] that most large scale organizations have, and of course with their scale the challenges vary. What we at Uptycs do is provide a solution for that,” Pai told TechCrunch.

The company uses a flight recorder approach to security, giving security operations teams the ability to sift through the data and review exactly how a detection happened and how the intruder got through the company’s defenses.

He recognizes his company is fortunate to get a round this large right now, but he says the solution has attracted a number of customers signing seven-digit contracts and this in turn got the attention of investors. “That customer engagement, their experience and this commitment from our customers led to this substantial round of funding,” he said.

The company currently has 65 employees spread across offices in Waltham, a Boston suburb, as well as two offices in India. Pai says the plan is to double that number in the next 12 months. “Between the cash flow from our existing customers and the pipeline for us and the funding, we are planning to grow in a meaningful way. If everything aligns with our expectation we will double our team size in the next 12 months,” he said.

As he grows his company in this way, Pai says they are talking to their investors about how to build a diverse workforce. “We’ve thought long and hard about it, both in terms of diversity and inclusion. It is a lot harder to execute because at the end of the day, there is a finite talent pool, but we are having conversations with our investors, who have seen patterns of success in terms of implementing such plans from growth stage ventures,” he said.

He added, “And of course we are a very early stage company, but we are extremely cognizant, and given the current circumstances are acutely aware that we need to do our very best and make a difference.”

As the company has moved to work from home across its operations, he says it has benefited from working in the cloud from the start. “As an organization we are very fortunate that we built our organization so that everything runs in the cloud and everyone has been able to remain very productive,” he said.

Onna, the ‘knowledge integration platform’ for workplace apps, raises $27M Series B

Onna, the “knowledge integration platform” (KIP) that counts Dropbox and Slack as backers, has raised $27 million in Series B funding.

Leading the round is Atomico, with participation from Glynn Capital. Previous investors Dawn Capital, Nauta Capital and Slack Fund also followed on.

Founded in 2015, Barcelona and New York-based Onna integrates with a plethora of workplace apps, including Slack, Dropbox, Gsuite, Microsoft 365 and Salesforce, to help unlock the proprietary knowledge stored in a company’s various cloud and on-premise software. Typical applications for a KIP include compliance, governance, archiving and “eDiscovery”.

From communication apps to cloud storage to HR platforms, the idea is to unify all of this data and make it searchable but in a way that is secure and protects existing permissions and privacy. In fact, another way to think of Onna is like Apple’s Spotlight functionality but for the enterprise. However, pitched as a platform not just a feature, Onna also offers an API of its own so that various use-cases can be built on top of this “single source of truth”.

“Onna’s knowledge integration platform is a centralised, searchable and secure hub that connects company data wherever it resides and makes it easier and faster to make informed decisions,” Onna founder and CEO Salim Elkhou tells TechCrunch. “It is a productivity tool built for the way businesses work today… something that didn’t exist before, creating a new industry standard which benefits all companies within the ecosystem”.

Citing a report by single sign-in provider Okta, Elkhou notes that companies today use an average of 88 different apps across their workforce, a 21% increase from three years ago.

“The reason apps have become so popular is that they’re very effective for tackling specific challenges, or even a broad range of tasks. But the problem large organisations were coming up against is that their knowledge was spread across a wide range of apps that weren’t necessarily designed to work together”.

For example, a legal counsel could be looking to find contracts company-wide to assess a company’s exposure. The problem is that contracts may be saved in Salesforce, sent by email, shared over Slack, or even saved on desktops. “Your company may have acquired another company, which has its own ways of saving information, so now the simple task of finding contracts can be a heavy lifting exercise, involving everyone’s time. With Onna, being the connective tissue across these applications, this search would take a split second,” claims Elkhou.

But the potential power of a KIP goes well beyond search alone. Elkhou says a more ambitious use-case is unifying knowledge across apps and using Onna as infrastructure. “We believe that the next generation of workplace apps will be built on top of a knowledge integration platform like Onna,” he explains. “Due to our plug and play integrations with most enterprise apps and our open API, you can now build your own bespoke workflows on top of your company’s knowledge. More importantly, we handle all the heavy lifting on the back end when it comes to processing the right contextual information across multiple systems securely, which means you can get on with creatively building a more efficient workplace”.

“In Onna, we saw a product in a new and complementary category, providing a solution not at the data level but at the ‘knowledge level’,” adds Atomico’s Ben Blume, who has also joined the Onna board. “Onna’s core solution integrates with any tools in an organisation where knowledge resides, [and] ingests, indexes and classifies the knowledge inside, enabling it to power applications in many areas”.

Blume also points to the belief that some of the cloud tools vendors themselves have in Onna, with both Slack and Dropbox “investing, using and promoting” Onna’s solution. “As they look to grow their own penetration in organisations with a wider range of needs and demands, we saw partnering with Onna as a recognition of its best in class nature to their customers,” he says.

Meanwhile, I understand the new round of funding was done remotely due to lockdown, even though Atomico and Onna had already met and stayed in touch after the VC firm ended up not participating in the startup’s Series A.

Recalls Elkhou: “We had met with our investors in person over a year ago, and have had many video calls since and prior to the pandemic. However, soon after the lockdowns took effect, the need for remote collaboration tools skyrocketed which only accelerated the critical role Onna has in helping people within organisations access and share knowledge that was spread across an ever growing number of apps. If anything, it brought new urgency to the problem we were solving, because workplace serendipity no longer existed. You couldn’t answer questions over a coffee or by the water cooler, but these new remote workers still needed to access knowledge and share it securely”.