Lightspeed’s Gaurav Gupta and Grafana Labs’ Raj Dutt will tell us why they financially tied the knot (twice!)

/0 Comments/in /by

Many founders only know their own experience fundraising and don’t hear much about what other founders went through. On Extra Crunch Live on Wednesday, we’re going to remedy that.

Grafana Labs has raised upward of $75 million since it launched in 2014. Lightspeed Venture Partners, and partner Gaurav Gupta to be specific, led both the startup’s Series A and Series B rounds. As far as commitments go, that’s a pretty significant one.

The new and improved Extra Crunch Live pairs founders and the investors who led their earlier rounds to talk about how the deal went down, from the moment they met to the conversations they had (including some disagreements) to the relationship as it exists today. Hell, we may even take a peek at the original pitch deck that made it all happen.

Then, we’ll turn our eyes back to you, the audience. That same founder/investor duo (in this case, Grafana Labs CEO Raj Dutt and LVP’s Gaurav Gupta) will take a look at your pitch decks and give their own feedback. (If you haven’t yet submitted a pitch deck to be torn down on Extra Crunch Live, you can do so here.)

The hour-long episode is sandwiched between two 30-minute rounds of networking. From start to finish, it goes from 11:30 a.m. PST/2:30 p.m. EST to 1:30 p.m. PST/4:30 p.m. EST. And Extra Crunch Live will come to you at the same time, every week, with a new pair of speakers.

So let’s learn a little bit more about Gupta and Dutt.

Before becoming an investor, Gupta enjoyed a rich career in the product development sphere, holding positions at Elastic (where he led product management), Splunk (VP of Products), as well as Google, Gateway and the McKenna Group. He joined Lightspeed in 2019 as a partner, focusing primarily on enterprise software. He’s led investments in Impira, Blameless, Hasura and Panther, and of course, Grafana. He sits on the board of the last three companies in that list.

Dutt is the co-founder and CEO at Grafana Labs, but the fast-growing company isn’t his first go at entrepreneurialism. Dutt also founded and led Voxel, a cloud-hosting startup that was acquired by Internap for $30 million in 2012.

We’re absolutely thrilled to have Gupta and Dutt join us on our first episode of Extra Crunch Live in 2021. As a reminder, Extra Crunch Live is for Extra Crunch members only. We’re coming to you with a new pair of speakers every week, and you can catch everything you missed on-demand if you can’t join us live. It’s worth the cost of the subscription on its own, but EC members also get access to our premium content, including market maps and investor surveys. Long story short? Subscribe, smarty. You won’t regret it.

Oh, and here’s a look at other speakers you can expect to see on Extra Crunch Live:

Aydin Senkut (Felicis) + Kevin Busque (Guideline) — February 10
Steve Loughlin (Accel) + Jason Boehmig (Ironclad) — February 17
Matt Harris (Bain Capital Ventures) + Isaac Oates (Justworks) — February 24

And that’s just the February slate!

All the details to register for this upcoming episode (and more) are available below. Can’t wait to see you there!

Rapid7 acquires Kubernetes security startup Alcide for $50M

/0 Comments/in /by

Boston-based security operations company Rapid7 has been making moves into the cloud recently, and this morning it announced that it has acquired Kubernetes security startup Alcide for $50 million.

As the world shifts to cloud native using Kubernetes to manage containerized workloads, it’s tricky ensuring that the containers are configured correctly to keep them safe. What’s more, Kubernetes is designed to automate the management of containers, taking humans out of the loop and making it even more imperative that the security protocols are applied in an automated fashion as well.

Brian Johnson, SVP of Cloud Security at Rapid7 says that this requires a specialized kind of security product and that’s why his company is buying Alcide. “Companies operating in the cloud need to be able to identify and respond to risk in real time, and looking at cloud infrastructure or containers independently simply doesn’t provide enough context to truly understand where you are vulnerable,” he explained.

Rapid7 is acquiring DivvyCloud for $145M to beef up cloud security

“With the addition of Alcide, we can help organizations obtain comprehensive, unified visibility across their entire cloud infrastructure and cloud-native applications so that they can continue to rapidly innovate while still remaining secure,” he added.

Today’s purchase builds on the company’s acquisition of DivvyCloud last April for $145 million. That’s almost $200 million for the two companies that allow Rapid7 to help protect cloud workloads in a fairly broad way.

It’s also part of an industry trend with a number of Kubernetes security startups coming off the board in the last year as bigger companies look to enhance their container security chops by buying talent and technology. This includes VMware nabbing Octarine last May, Cisco getting PortShift in October and Red Hat buying StackRox last month.

Alcide was founded in 2016 in Tel Aviv, part of the active Israeli security startup scene. It raised about $12 million along the way, according to Crunchbase data.

Israel’s maturing cybersecurity startup ecosystem

Databricks raises $1B at $28B valuation as it reaches $425M ARR

/0 Comments/in /by

Another hour, another billion-dollar round. That’s how February is kicking off. This time it’s Databricks, which just raised $1 billion Series G at a whopping $28 billion post-money valuation.

Databricks is a data-and-AI focused company that interacts with corporate information stored in the public cloud.

News of the new round began leaking last week. Franklin Templeton led the round, which also included new investors Fidelity and Whale Rock. Databricks also raised part of the capital from major cloud vendors including AWS, Alphabet via its CapitalG vehicle, and Salesforce Ventures. Microsoft is a previous investor, and it took part in the round as well.

But we’re not done! Other prior investors including a16z, T. Rowe Price, Tiger Global, BlackRock and Coatue were also involved along with Alkeon Capital Management.

Consider that Databricks just raised a bushel of capital from a mix of cloud companies it works with, public investors it wants as shareholders when it goes public and some private money that is enjoying a stiff markup from their last check into the company.

The company has made its mark with a series of four open-source products with a core data lake product call Delta Lake leading the way. You may recall that another hot data lake company, Snowflake, raised almost a half a billion dollars on a $12.4 billion valuation a year ago before going public last September with a valuation twice that. Databricks has already exceeded that public valuation with this round — as a private company.

When we spoke to Databricks CEO Ali Ghodsi at the time of his company’s $400 million round in 2019, one which valued the company at $6.2 billion at the time, he said his company was the fastest-growing enterprise cloud software companies ever, and that’s saying something.

The company makes money by offering each of those open-source products as a software service and it’s doing exceedingly well at it, so much so that investors were tripping over each other to be part of this deal. In fact, Ghodsi said in a conversation with TechCrunch today that his company had targeted a much more modest $200 million raise, but that figure grew as more parties wanted to invest funds into the company. Even with that, Databricks had to turn capital away, he added, after deciding to cap the round at $1 billion.

The extra $800 million that the company raised will be used for M&A opportunities with an eye on talent, spend on establishing a Lakehouse concept, international expansion, while also expanding its engineering team, the CEO said.

Databricks crossed $350M run rate in Q3, up from $200M one year ago

Ghodsi also made clear that he does not intend to let the percentage of revenue that the company spends on R&D to drop, as is common at modern software companies — as many SaaS companies grow, they expend more of their revenue on sales and marketing efforts over product spend, something that Databricks wants to avoid by continuing to invest in engineering talent.

Why? Because Ghodsi says that the pace of innovation in AI is so rapid that IP becomes outdated in just a few years. That means that companies that want to lead in this space will have to stay on the bleeding edge of their market or fall back swiftly.

The Databricks model appears to be working well, with the company closing 2020 at $425 million in annual recurring revenue, or ARR. That figure, up 75% from the year-ago period, is also up from a $350 million run rate at the end of its Q3 2020. (For more on Databricks’ business, product and growth, head here.)

Notably Ghodsi told TechCrunch that this deal only started to come together in December. It’s February 1st today, which means that it took on this bushel of new funding remarkably quickly.

Finally, at $425 million in ARR, is the CEO worried about having a valuation sitting at roughly a 65x multiple? Ghodsi said that he is not. He said that he told his company during an all-hands earlier today that the AI market is a long journey, one that he hopes to be on for decades, and the stock market will go up and down. His point, as far as I could read into it, was that so long as Databricks keeps growing as it has, its valuation will take care of itself (and that seems to be the case so far with this company).

What’s certainly true is that Databricks is now as rich as it has ever been, as large as it has ever been, and in a market that is maturing. Let’s see what it can do with all this money.

Databricks announces $400M round on $6.2B valuation as analytics platform continues to grow

Weights & Biases raises $45M for its machine learning tools

/0 Comments/in /by

Weights & Biases, a startup building tools for machine learning practitioners, is announcing that it has raised $45 million in Series B funding.

The company was founded by Lukas Biewald, Chris Van Pelt and Shawn Lewis — Biewald and Van Pelt previously founded CrowdFlower/Figure Eight (acquired by Appen). Weights & Biases says it now has more than 70,000 users at more than 200 enterprises.

Biewald (whom I’ve known since college) argued that while machine learning practitioners are often compared to software developers, “they’re more like scientists in some ways than engineers.” It’s a process that involves numerous experiments, and Weights & Biases’ core product allows practitioners to track those experiments, while the company also offers tools around data set versioning, model evaluation and pipeline management.

“If you have a model that’s controlling a self-driving car and the car crashes, you really want to know what happened,” Biewald said. “If you built that model years ago and you’ve run all these experiments since then, it can be hard to systematically trace through what happened” unless you’re using experiment tracking.

He described the startup as “an early leader” in this market, and as competing tools emerge, he said it’s also differentiated because it is “completely focused on the ML practitioner” rather than top-down enterprise sales. Similarly, he said that as machine learning has been adopted more widely, Weights & Biases is occasionally confronted by a “high-class problem.”

Weights & Biases screenshot

Image Credits: Weights & Biases

“We’re not interested in selling to companies that are doing machine learning for machine learning’s sake,” Biewald said. “With some companies, there’s a mandate from the CEO to sprinkle some machine learning in the company. That’s just really depressing to me, to not have any impact. But I would actually say the vast majority of companies that we talk to really do something useful.”

For example, he said agriculture giant John Deere is using the startup’s platform to continually improve the way it uses robotics to spray fertilizer, rather than pesticides, to kill weeds and pests. And there are pharmaceutical companies using the platform for how they model how different molecules will behave.

Weights & Biases previously raised $20 million in funding. The new round was led by Insight Partners, with participation from Coatue, Trinity Ventures and Bloomberg Beta. Insight’s George Mathew is joining the board of directors.

“I’ve never seen a MLOps category leader with such a high NPS and deep customer focus as Weights and Biases,” Mathew said in a statement. “It’s an honor to make my first investment at Insight to serve an ML practitioner user-base that grew 60x these last two years.”

The startup says it will use the funding to continue hiring in engineering, growth, sales and customer success.

Deep Science: Using machine learning to study anatomy, weather and earthquakes

Best practices as a service is a key investment theme to watch in 2021

/0 Comments/in /by

Enterprise IT has been completely transformed by SaaS the past decade. Okta last week published a report that showed that the largest companies now use 175 apps, a doubling over the past few years. More professionals have more tools to do their jobs than ever before. It’s an explosion of creativity and expressiveness and operational latitude — but also a recipe for disaster.

It’s one thing to give people and businesses tools — and something else to train them to use those tools effectively. Worse, as the number and complexity of software has skyrocketed the past decade, it’s only become harder for end users to grapple with offering their customers the best possible experience.

That’s the opportunity for a range of new tools that are designed to guide — sometimes forcefully — people to use the software they have in the best possible way, in what you might dub “best practices as a service.” It’s software that is opinionated on what “best” looks like within its domain, and ensures that as many people follow that model as possible with minimal dissension. It’s simplicity-in-a-box for a complex world.

Let me give some examples from a few major fields of startups in e-commerce, security, web development and finally, in my chosen profession, writing to illustrate what I mean.

Salesforce promotes former Vlocity CEO David Schmaier to president and CPO

/0 Comments/in /by

Last year I penned a post positing that Salesforce’s propensity to purchase mature enterprise companies not only provided new technology, but was also helping to produce a profusion of executive talent. As though to prove my point, the company announced today that it was promoting former Vlocity CEO David Schmaier to president and chief product officer.

Schmaier came to the organization last year when Salesforce acquired his company for $1.33 billion. It seemed like a good match, given that Vlocity sold Salesforce solutions designed for certain niches like financial services, health, energy and utilities and government and nonprofits.

As a result, Schmaier knew the product set and the company well. Last June, he was named CEO of the Salesforce Industries division, which was created after the Vlocity acquisition. The connection was clear to Schmaier as he told me at the time of his promotion last year:

“I’ve been involved in various mergers and acquisitions over my 30-year career, and this is the most unique one I’ve ever seen because the products are already 100% integrated because we built our six vertical applications on top of the Salesforce platform. So they’re already 100% Salesforce, which is really kind of amazing. So that’s going to make this that much simpler,” he said.

Salesforce has built a deep bench of executive talent via acquisition

Brent Leary, founder and principal analyst at CRM Essentials, says that Schmaier’s history in building Vlocity makes this promotion pretty easy given the direction of the company, as well as the industry. “Over the last several years we’ve seen just how important developing industry-specific solutions have become to the major players in the space, and Schmaier’s promotion reaffirms this while illustrating how important creating verticals is to their platform [and] to the future of Salesforce,” he told me.

In a Q&A on the Salesforce website announcing the promotion, Schmaier talked about the challenges companies faced in the last year. “There’s no question 2020 was a challenging year. We are operating in this all-digital, work from anywhere world and things won’t go back to where they were, nor should they. One of the silver linings has been seeing what companies can do when there is no alternative and the imperative is to connect with their customers in entirely new ways,”

In his new position it will be Schmaier’s job to figure out how to help them do that.

It’s worth noting that there has been some turnover in the C Suite recently at Salesforce. Just today the company also announced that long-time CFO Mark Hawkins was retiring. He will be replaced by Amy Weaver, who was formerly the company’s chief legal officer. Meanwhile, last week the company hired former Hearsay Social co-founder and CEO Clara Shih to run Salesforce Service Cloud.

Salesforce names Vlocity founder David Schmaier CEO of new Salesforce Industries division

U.K. Arrest in ‘SMS Bandits’ Phishing Service

/0 Comments/in /by

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

The U.K.’s National Crime Agency (NCA) declined to name the suspect, but confirmed that the Metropolitan Police Service’s cyber crime unit had detained an individual from Birmingham in connection to a business that supplied “criminal services related to phishing offenses.”

The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, “Gmuni,” “Bamit9,” and “Uncle Munis.” SMS Bandits offered an SMS phishing (a.k.a. “smishing”) service for the mass sending of text messages designed to phish account credentials for different popular websites and steal personal and financial data for resale.

Image: osint.fans

Sasha Angus is a partner at Scylla Intel, a cyber intelligence startup that did a great deal of research into the SMS Bandits leading up to the arrest. Angus said the phishing lures sent by the SMS Bandits were unusually well-done and free of grammar and spelling mistakes that often make it easy to spot a phony message.

“Just by virtue of these guys being native English speakers, the quality of their phishing kits and lures were considerably better than most,” Angus said.

According to Scylla, the SMS Bandits made a number of operational security (or “opsec”) mistakes that made it relatively easy to find out who they were in real life, but the technical side SMS Bandits’ operation was rather advanced.

“They were launching fairly high-volume smishing campaigns from SMS gateways, but overall their opsec was fairly lousy,” Angus said. “But on the telecom front they were using fairly sophisticated tactics.”

The proprietor of the SMS Bandits, telling the world he lives in Birmingham.

For example, the SMS Bandits automated systems to check whether the phone number list provided by their customers was indeed tied to actual mobile numbers, and not landlines that might tip off telecommunications companies about mass spam campaigns.

“The telcos are monitoring for malicious SMS messages on a number of fronts,” Angus said. “One way to tip off an SMS gateway or wireless provider is to start blasting text messages to phone numbers that can’t receive them.”

Scylla gathered reams of evidence showing the SMS Bandits used email addresses and passwords stolen through its services to validate a variety of account credentials — from PayPal to bank accounts and utilities providers. They would then offload the working credentials onto marketplaces they controlled, and to third-party vendors. One of SMS Bandits’ key offerings: An “auto-shop” web panel for selling stolen account credentials.

SMS Bandits also provided their own “bulletproof hosting” service advertised as a platform that supported “freedom of speach” [sic] where customers could “host any content without restriction.” Invariably, that content constituted sites designed to phish credentials from users of various online services.

The “bulletproof” offerings of Muni Hosting (pronounced “Money Hosting”).

The SMS Bandits phishing service is tied to another crime-friendly service called “OTP Agency,” a bulk SMS provider that appears catered to phishers: The service’s administrator stated on multiple forums that he worked directly with the SMS Bandits.

Otp[.]agency advertises a service designed to help intercept one-time passwords needed to log in to various websites. The customer enters the target’s phone number and name, and OTP Agency will initiate an automated phone call to the target that alerts them about unauthorized activity on their account.

The call prompts the target to enter a one-time password generated by their phone’s mobile app, and that code is then relayed back to the scammer’s user panel at the OTP Agency website.

“We call the holder with an automatic calling bot, with a very believable script, they enter the OTP on the phone, and you’ll see it in real time,” OTP Agency explained on their Telegram channel. The service, which costs anywhere from $40 to $125 per week, advertises unlimited international calling, as well as multiple call scripts and voice accents.

One of the pricing plans available to OTP Agency users.

The volume of SMS-based phishing skyrocketed in 2020 — by more than 328 percent — according to a recent report from Proofpoint, a security firm that processes more than 80 percent of North America’s mobile messages [Full disclosure: Proofpoint is currently an advertiser on this site].

The Good, the Bad and the Ugly in Cybersecurity – Week 5

/0 Comments/in /by

The Good

We are barely a month into 2021 and it is safe to say it has already started off with a bang. Emotet has been at the top of many ‘most wanted’ lists for several years. Initially launching in 2014 as a modest but functional banking trojan, Emotet has evolved into a complex, multi-tiered framework. The Emotet infrastructure is vast, fault tolerant, and has proven to be a power vector for the delivery of additional and equally problematic malware such as Trickbot, Ryuk, and Qakbot. However, all that appears to be changing.

This week, Europol executed on a long-term, collaborative, project to disrupt Emotet. Working with additional law enforcement agencies and industry partners, the Emotet infrastructure was disrupted from the inside. Traffic across all tiers of the Emotet infrastructure has been seized and redirected to systems controlled by law enforcement. Making this specific takedown even more unique, it appears that a custom module was introduced as part of Operation Ladybird that will force Emotet to automatically remove itself on April 25.

This takedown is more thorough than many others we have seen recently, including that of Trickbot. While it is possible that Emotet will eventually retool and bounce back, it will take much more time and a great deal of investment in new systems and infrastructure. Time will tell, but for now we should all take some comfort in the fact that one of, if not the, most problematic and prolific malware families has been dealt a serious blow.

The Bad

What kind of week would it be without some discussion of ransomware? By now we are all familiar with the double-whammy of modern ransomware families. That is, they hit you with both the encryption payload as well as the potential for your data to be leaked to the public in the event that you do not comply with the attackers’ demands. However, we are now seeing an increasing number of ransomware families adding the threat of DDoS (Distributed Denial of Service) attacks to the equation. In addition to the previously mentioned ‘double-whammy’, victims also face the possibility of their public websites being attacked directly through a denial of service attack.

Among those adopting this new tactic are Ragnar, Avaddon RaaS, and a small group of other families. Threatening victims with a DDoS attack is meant to encourage the victims to contact the attackers rather than attempt to quickly restore from backup or try some other means of circumventing the attacker’s demands.

There is no doubt that the continued adoption of this additional layer of extortion is both threatening and problematic. However, this does also serve to reinforce the importance of prevention. The only true defence, and the only way to ensure full and proper continuity of business is to prevent these attacks before they happen. Modern and forward-thinking endpoint security controls are a prerequisite, of course, but they must also be properly managed and configured.

The Ugly

This week, two worrisome bugs were revealed in relation to the venerable Unix sudo command. First up, sharp-eyed researcher Rich Mirch noticed that a fix for an earlier CVE in sudoedit, CVE-2021-23240, which had been patched in sudo v1.9.5, actually opened up a new privilege escalation vulnerability. After reversing the patch, Mirch was able to find and exploit a new bug that makes it possible for a low-privileged user to gain a root shell.

Mirch’s bug was promptly fixed in 1.9.5p1, but a research team from Qualys gave the developers and Unix admins further headaches by identifying another, long-standing but unnoticed critical flaw affecting that version and many earlier versions, too.

CVE-2021-3156 is a heap-based buffer overflow that, upon exploitation, allows any user (regardless of their presence in the sudoers file) to achieve root-level access. The flaw lies in improper handling of unescaped characters provided in the sudo command syntax.

According to the disclosure from Qualys, the flaw can be invoked “either through the -s option, which sets sudo’s MODE_SHELL flag” or “through the -i option, which sets Sudo’s MODE_SHELL and MODE_LOGIN_SHELL flags”.

What may be slightly more alarming is that this bug was introduced into the sudo program code in July of 2011. The flaw affects stable versions from 1.9.0 to 1.9.5p1 as well as all ‘legacy’ versions from 1.8.2 to 1.8.31p2. Needless to say, all users are advised to patch to v1.9.5p2 immediately.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Okta SaaS report finds Office 365 wins the cloud — sort of

/0 Comments/in /by

Each year Okta processes millions of SaaS logons via its authentication system. It kindly aggregates that data to find the most popular apps and publishes an annual report. This year it found that the most popular tool by far was Microsoft Office 365.

It’s worth noting that while app usage popularity varied by region, Office 365 was number one with a bullet across the board, whether globally or when the report broke it down by geographic area. That wasn’t true of any other product in this report, so Office 365 has extensive usage across the world (at least among companies that use Okta).

But as with everything cloud, it’s not a simple matter to say that because lots of people signed onto Office 365, Microsoft is the clear winner in a broader sense. In reality, the cloud is a complex marketplace, and just because people use one tool doesn’t preclude them from using tools that compete directly with it.

As a case in point, consider that the report found that 36% of Microsoft 365 customers were also using Google Workspace (formerly known as G Suite), which offers a similar set of office productivity tools. Further, Okta found that 42% of Office 365 customers were using Zoom and 32% were using Slack.

How should SaaS companies deliver and price professional services?

This is pretty remarkable when you consider that Office 365 bundles Teams with similar functionality for free. What’s more, so does Google with Google Hangouts, so people use the tool they want when they want, and sometimes it seems they use competing versions of the same tool. The report also found that of those Office 365 users, 44% are using Salesforce, 41% AWS, 15% Smartsheet and 14% Tableau (which is owned by Salesforce). Microsoft has products in all those categories.

Microsoft is clearly a big company with a lot of products, but the report blows a hole in the idea that because people like Office 365, they are going to be big fans of other Microsoft products, or that they can count on any kind of brand loyalty across the range of products or even exclusivity within the same product category.

All of this, and much of the other data in this report makes tremendously interesting reading as far as it goes. It’s not a definitive window on the state of SaaS. It’s a definitive reading on the state of Okta customers’ use of SaaS, on the Okta Integration Network (OIN), a point the company readily acknowledges in the report’s methodology section.

“As you read this report, keep in mind that this data is representative of Okta’s customers, the applications and integrations we connect to through the OIN, and the ways in which users access these tools through our service,” the report stated.

But it is a way to look at the state of SaaS taking advantage of the 9400 Okta customers using the network and the 6,500 integrations to the world’s most popular SaaS tools. That gives the company a unique view into the world of SaaS. What you can conclude is that the cloud is complicated, and it’s not a zero-sum game by any means. In fact, being a winner in one area is not a guarantee of winning across the board.

Should your SaaS startup embrace a bottom-up GTM strategy?

Subscription-based pricing is dead: Smart SaaS companies are shifting to usage-based models

/0 Comments/in /by
Kyle Poyar
Contributor

Kyle Poyar is VP of Growth at OpenView.

Software buying has evolved. The days of executives choosing software for their employees based on IT compatibility or KPIs are gone. Employees now tell their boss what to buy. This is why we’re seeing more and more SaaS companies — Datadog, Twilio, AWS, Snowflake and Stripe, to name a few — find success with a usage-based pricing model.

The usage-based model allows a customer to start at a low cost, while still preserving the ability to monetize a customer over time.

The usage-based model allows a customer to start at a low cost, minimizing friction to getting started while still preserving the ability to monetize a customer over time because the price is directly tied with the value a customer receives. Not limiting the number of users who can access the software, customers are able to find new use cases — which leads to more long-term success and higher lifetime value.

While we aren’t going 100% usage-based overnight, looking at some of the megatrends in software —  automation, AI and APIs — the value of a product normally doesn’t scale with more logins. Usage-based pricing will be the key to successful monetization in the future. Here are four top tips to help companies scale to $100+ million ARR with this model.

1. Land-and-expand is real

Usage-based pricing is in all layers of the tech stack. Though it was pioneered in the infrastructure layer (think: AWS and Azure), it’s becoming increasingly popular for API-based products and application software — across infrastructure, middleware and applications.

API-based products and appliacation software – across infrastructure, middleware and applications.

Image Credits: Kyle Poyar / OpenView

Some fear that investors will hate usage-based pricing because customers aren’t locked into a subscription. But, investors actually see it as a sign that customers are seeing value from a product and there’s no shelf-ware.

In fact, investors are increasingly rewarding usage-based companies in the market. Usage-based companies are trading at a 50% revenue multiple premium over their peers.

Investors especially love how the usage-based pricing model pairs with the land-and-expand business model. And of the IPOs over the last three years, seven of the nine that had the best net dollar retention all have a usage-based model. Snowflake in particular is off the charts with a 158% net dollar retention.