The Best Tech Startups

April 20, 2009

InformationWeekanalytics.com

Analytics Alerts The Best Tech Startups

Contents The vendors that made our first-ever InformationWeek

2 Five Engines Of Innovation: Startup 50 list solve critical IT problems, cut costs, and Paglo, Altor, Nirvanix, Ocarina, improve operations. Our finalists address a range of busi- And Spigit 3 The Complete Startup 50 List ness technology challenges, but the biggest concentration 9 Profiles Of Other Notable of entrepreneurial energy falls into three areas: virtualiza- Startup 50 Vendors tion, cloud computing, and software as a service. Each of 43 How To Vet Startups these companies makes a strong case that now is the time to try something new, with proper vetting. InformationWeekanalytics.com

Analytics Alerts

Engines Of Innovation By Andrew Conry-Murray

$601.8 MILLION. That’s how much venture capital has been invested in the InformationWeek Startup 50, a group of up-and-coming technology vendors chosen through a three-step process of nomination, online voting, and editorial vetting. The companies that made our list were assessed on the following criteria: innovation in technology or business model; value, delivered in lower costs, increased sales, higher productivity, or improved customer loyalty; and enterprise readiness, meaning a product that scales and is ready for deployment. What follows is the full Startup 50 list, along with profiles of five companies from the list that represent the innovative ways these startups solve critical IT problems, cut costs, and improve operations.

To be considered, the newbies could be no more than 5 years old. Our finalists address a range of business technology challenges, but the biggest concentration of entrepreneurial energy falls into three areas: virtualization, cloud computing, and software as a service.

The inevitable shakeout that will come to those red-hot markets points to two things. One, startups can offer competitive advantage in the form of emerging technologies. And two, tech’s leading edge entails risk, as some startups won’t make it. This list narrows the field to help IT pros better assess that trade-off.

Search, SaaS Unite For IT Management By Andrew Conry-Murray PAGLO Brian de Haaff,CEO THE MARKET FOR IT MANAGEMENT TOOLS is crowd- Chris Waters,CTO ed, so a startup had better bring something unique. Paglo’s Customers: Anaheim schools,GeoVario bid: combining search with software as a service to make IT Big idea: SaaS-based IT search and management easier to set up and use. management The heart of its product is the Paglo Crawler, software that an IT team can download and install on a network. Crawler discovers the network and connected assets, and reports that information to Paglo’s data center. IT administrators can then access the information from a Web browser.

Analytics Alerts

That sounds a lot like Company Tech Focus Funding 0 Aerohive Networks WLAN access points $24 million

standard SaaS, but Paglo 5 Agito Networks Fixed-mobile convergence $20 million search capabilities stand

P Altor Networks Virtualization security $6.5 million out. In addition to dis- Appirio Cloud integration and app dev $16.7 million U covering information Arista Networks 10 Gigabit Ethernet switches Undisclosed T about a network, Paglo Aster Data Systems Data warehousing $27 million R Aternity App performance and availability $14 million Crawler creates a search-

A Attivio Information access $18 million

able index. IT pros can T AutoVirt Data migration and file virtualization $8.5 million

query it to find informa- S Bluenog ECM and BI software $4 million BlueStripe Software Application service management $5 million

tion, such as whether E Central Desktop SaaS collaboration $7 million Skype is installed on any H Cleversafe Dispersed storage and retrieval $15 million

PCs on the network or T Dataupia Data warehouse appliances Undisclosed how much free disk Digital Reef Information management $20 million space is available on a Egnyte Cloud file server $2.1 million server. Many queries can Elastra Cloud application design $14.6 million Embotics Virtual machine management $4 million use plain English, Expresso SaaS Excel collaboration $4 million although complex ones FireEye Web malware security $21 million might require the soft- InstallFree App and desktop virtualization $10.2 million ware’s SQL-like language, Mi5 Networks Secure Web gateways $4 million MokaFive Desktop virtualization $18 million called PQL. Searches can Neocleus Desktop virtualization $16 million be saved and shared. Nirvanix Cloud storage $18 million Ocarina Networks Storage optimization $31 million The platform’s dash- Paglo IT search and management Undisclosed Palo Alto Networks Application-aware firewalls $64 million boards also can be used Pano Logic Desktop virtualization $24 million to monitor vital statistics ParaScale Grid storage software $11.3 million such as system memory, Pentaho Open source BI software $25 million CPU usage, and asset in- RightScale Cloud management platform $17.5 million Sailpoint Technologies Identity management software $20.5 million ventory. The crawler runs Skytap Cloud virtual software testing $6 million continuously, and dash- SnapLogic Application integration $2.5 million boards are updated auto- Spiceworks IT management software $13 million matically with fresh in- Spigit SaaS innovation management $2 million formation. E-mail or SpringCM SaaS content management $14 million 10Gen Grid management software $1.5 million Twitter alerts can be set 3Tera Public/private cloud services Undisclosed up for events such as low Truviso Data analysis and BI Undisclosed disk space or new de- Tufin Technologies Firewall management and reporting $3 million vices joining the net- uTest Crowd-source software testing $7.3 million Virtual Computer PC life-cycle management $21 million work. VKernel Virtualization management $4.6 million WorkLight Web 2.0 tools Undisclosed Paglo recently upgraded Xangati Application management $18 million its crawler to take in Xkoto Database load balancing $13 million Yammer Enterprise microblogging $5 million Cisco NetFlow data, pro- Zscaler SaaS Web security Undisclosed

Analytics Alerts

viding a clearer picture of bandwidth use and interdevice communications on Cisco networks.

Paglo charges $1 per device per month. There’s plenty of competition—including Splunk, which offers its own IT search tool—and Zenoss and Kace, which also target the midmarket with low-cost IT management.

In addition to its competition, Paglo must get potential customers comfortable with storing sensitive network information in a startup’s data center. CEO Brian de Haaff believes this won’t be a high bar, pointing to the success of SaaS companies such as Salesforce.com, which store customer information that’s every bit as sensitive as IT system data.

Virtual Firewall For VMs By Andrew Conry-Murray

SERVER VIRTUALIZATION may be transforming the data ALTOR NETWORKS center, but it’s introducing a host of headaches along the way. Amir Ben-Efraim,CEO Key among them are security and visibility. Ulrich Stern,CTO Customers: Hearst,Nielsen Virtual machines on the same server can communicate with Big idea: Securing and managing virtual one another without touching the physical network, possibly machines bypassing security and monitoring controls you’ve carefully constructed. VMs also can move from one physical server to another, which may disrupt security policies if they’re moving from a more-secure to a less- secure physical host.

Enter Altor Networks. Founded by Check Point Software veterans, Altor builds virtual firewalls to control inter-VM communication and enforce security policies. Its product, Altor VF, is a virtual appliance that, when installed on a physical server, discovers the VMs on the host by communicating with VMware’s vCenter Server (formerly Virtual Center). From there, IT teams create policies for each virtual machine on the host, such as restricting or allowing inter-VM communications, or routing VM traffic elsewhere, such as to an intrusion-detection system that scans traffic for attacks.

Policies can also move with a VM as it travels from one physical host to another, though only for hosts running the Altor VF virtual appliance. In addi- Ben-Efraim faces tion to the firewall, Altor Networks offers a Web-based management console [plenty of rivals

Analytics Alerts

where administrators can create policies and monitor the status of VMs controlled by firewall. It provides traffic information such as protocols in use, shows bandwidth consumption, and tracks changes to firewall policies. The company has partnerships with established security vendors, including ArcSight. For example, an Altor virtual firewall can export firewall logs to ArcSight’s security event management platform for real-time and historical analysis of security events.

Altor VF is priced at $2,000 per VMware ESX hypervisor, regardless of the number of virtual machines.

Virtualization security is still an immature market, so Altor has an opportunity to establish itself. But booming markets draw competition, and that’s what’s happening here. VMware acquired Blue Lane, which is primarily focused on intrusion detection, but which also provides inter-VM visibility. Plus, VMware has released an API, called VMsafe, that may let established security vendors build their own virtual machine security products for the VMware platform.

Finally, Altor must compete with alternative approaches. In one example, startup Montego Networks’ virtual switch includes security capabilities such as policy enforcement and secure inter-VM communication. This Storage Cloud Won’t Break The Bank By John Foley

NIRVANIX CHARGES 25 cents to store a gigabyte of your NIRVANIX company’s data. What’s the business model in such pocket Jim Zierick,CEO change? It requires moving lots of data into Nirvanix’s storage Geoff Tudor,Co-founder and senior VP cloud. Customers: City Talent,JellyBarn,WizzDrive Big idea: Storage as a service for 25 cents With its Storage Delivery Network, Nirvanix is one of the early per gigabyte leaders in the storage-as-a-service market. Founded in 2007, Nirvanix competes with Amazon’s Simple Storage Service and a growing number of other on-demand storage services. The 25 cents per gigabyte per month is for a single node on NirvanixSDN; it’s 48 cents per gigabyte for two nodes.

Customers can sign up for Nirvanix’s service in a few minutes with a credit card, e-mail address, and other basic information. Or they can go through a salesperson and sign an enterprise contract at a negotiated rate. Many customers start with the self-service, pay-as-you-go option as a way of getting experience, then transition to an enterprise account once their com-

Analytics Alerts

fort level—and storage usage—grows. About two-thirds of the company’s customers have self- service accounts and one-third have enterprise accounts. Storage workload helps determine the starting point. If companies have more than 2 TB to manage, Nirvanix steers them toward direct sales rather than self-service.

Nirvanix finds first-time enterprise customers may take 12 to 18 weeks to get up and running, factoring in the time it takes to meet, write up a contact and service-level agreement, and get vendor approval through the customer’s internal procurement process.

In general, companies use Nirvanix as an alternative to on-premises systems for data backup and to store files—documents, audio, video, and other data—that are large and accessed relatively infrequently.

Nirvanix is only 2 years old, but already it has lived through some of the ups and downs of being a startup. The company was forced into damage control after MediaMax—also known as the Linkup and spun off from Nirvanix’s parent company, Streamload—closed last August, leaving some consumers without access to their data. Nirvanix is a separate company, focused on businesses rather than consumers, but it still had to fend off guilt by association for having been spun off from the same parent.

And Nirvanix started off this year with a change at the top. In January, Nirvanix founder Patrick Harr was replaced as CEO by Jim Zierick, the former CEO of Aspyra, a specialist in the health care industry. Change in management isn’t unusual at startups, but it does underscore the inherent risks.

So far, so good. Earlier this month, Nirvanix announced a partnership with Ocarina Networks—another InformationWeek Startup 50 company—to join their technologies to create a compression-in-the-cloud combo. Ocarina’s technology compresses a variety of file types by 50% or more. Together, the products can be used to optimize the transfer and storage of large files in the cloud.

It’s that type of innovation that will cause IT professionals to take a look. And the cost of entry—the price of a gumball—is one that even cash-strapped companies can afford.

Analytics Alerts

Squeeze Data Early, Save More Storage By Andrew Conry-Murray

OCARINA NETWORKS has built a shrink ray for storage. OCARINA NETWORKS The company’s algorithms can reduce the size of files written Murli Thirumale,CEO to disk enough to save 50% to 75% of the space on primary Goutham Rao,CTO storage systems—the most expensive, high-quality disk that IT Customers: Kodak Gallery,Cornell departments buy. As information volumes explode, companies University stand to save a lot if they’re able to buy less storage. Big idea: Shrinking files on primary storage The startup applies compression and deduplication techniques to a variety of file types, including Microsoft Office, PDFs, and photos and videos. Deduplica- tion is common for archives and backups of data that rarely change, but Ocarina is one of only a few vendors using it for primary and nearline storage, where files are accessed often.

Ocarina requires two products—its Optimizer appliance and its Reader software—be used in tandem. The appliance runs the compression and deduplication algorithms. When a file is written to storage, Optimizer pulls the file off disk, compresses it, and rewrites the compressed version to the storage system. Administrators can set policies on when to shrink files (say, if not accessed for 24 hours) and how aggressively (for example, dedupe only or dedupe plus light compression). The appliance is deployed out of band in order to avoid slowing down the primary storage system. However, because the appliance doesn’t shrink files in real time, IT teams must ensure that they have sufficient storage capacity to meet current demand. Ocarina says a pair of Optimizer 2400s can compress around 5 TB a day.

The Reader, which can be deployed as software or as an appliance, intercepts requests for a file that has been compressed by the Optimizer and reconstitutes the file before delivering it. Re- constitution slows user access to files, depending on how much the file has been compressed.

Ocarina targets major corporations and Web 2.0 companies that deal with scads of user-gener- ated content. Photo-sharing site Kodak Gallery is a customer. One potential market: life sci- ences, particularly genomics, where gene-sequencing produces reams of data. Companies can buy Ocarina products directly, or integrated on storage hardware from BlueArc, EMC, Hewlett- Packard, Hitachi Data Systems, and Isilon.

Ocarina charges $50,000 per Optimizer, plus Reader licensing fees. Its system won’t show re- turns until a company has had time to recoup storage capacity. That depends on how aggressively storage administrators shrink files and end-user tolerance for slowdowns.

Analytics Alerts

A Smarter Suggestion Box By Andrew Conry Murray

SINCE ITS FOUNDING THREE YEARS AGO, Spigit has SPIGIT racked up an impressive customer list, including IBM, Paul Pluschkell,CEO Southwest Airlines, and Sun Microsystems. What’s its big Padmanabh Dabke,CTO idea? Just that—big ideas. Customers: Southwest Airlines,IBM Big idea: A digital suggestion box—with Spigit’s Web software helps companies solicit ideas from em- analytics ployees and customers. But it’s more than an online suggestion box, marrying social networking and analytics to give good ideas a better chance at rising to the top of the pile.

The company’s offerings include InnovationSpigit, for employees, and IdeaSpigit, which lets customers pitch ideas. Both have capabilities for blogs, wikis, forums, and idea generation, and let users rank and evaluate what others post. Built-in analytics software tracks the frequency of posts and feedback gen- erated to build a reputation on each contributor, so companies can identify the best content and leading idea genera- tors.

Companies also can set up prediction markets using PredictionSpigit, which gives people “shares” they can buy or sell in an attempt to anticipate business outcomes.

Good results aren’t a sure thing, warns CEO Paul Pluschkell. Companies must seed the way with incentives. “People need some motivation, such as funding for a project or attention from executives,” he says.

And in companies with entrenched hierarchies, middle managers probably won’t be thrilled about a system in which employees could subvert their roles as information gatekeepers. [ Rewards needed, Pluschkell says

Analytics Alerts

Other Notable Startup 50 Vendors Agito Networks By Andrew Conry-Murray

IF YOU BELIEVE you pay too much for cellular phone service, Agito Networks wants a word with you. The company’s fixed-mobile convergence (FMC) appliance lets enterprises save minutes by routing cell calls across wireless networks, both public and private, through the corporate PBX rather than a nearby cell tower.

AGITO NETWORKS HEADQUARTERS Santa Clara, Calif PRODUCT RoamAnywhere Mobility Router PRINCIPALS Pejman Roshan, co-founder and interim CEO; Tim Olson, co-founder and CTO; Bill Miskovetz, VP of engineering INVESTORS Battery Ventures, Castile Ventures, ITX International Roshan Holdings leverages WLANs to EARLY CUSTOMERS Dartmouth College, Anthony Marano route calls

THE BIG IDEA “Enterprises adopt mobile devices to be more responsive and available,” says CEO Pejman Roshan. Agito’s fixed-mobile convergence product lets users make cell calls on a Wi-Fi network, bypassing cellular charges, which can be especially high on international calls. FMC also provides connectivity when cell service is poor or unavailable.

CONTROL KNOBS Agito Networks’ RoamAnywhere Mobility Router plugs into an existing corporate telephony network. It directs cell calls across wireless access points and through the

Analytics Alerts

PBX when employees are within range of the corporate network, and can hand calls back to the cellular network based on performance criteria. Agito’s newest release, Secure Remote Voice, also lets cell phone users connect to personal or public wireless hotspots, such as a home office or hotel, via an SSL tunnel to the corporate network.

THE COMPETITION Avaya and Cisco Systems have partnered with Agito Networks. Direct competitors include CounterPath, DiVitas Networks, Tango Networks, and Ascendent Systems, which was acquired by RIM.

OUR TAKE FMC technology can help enterprises cut cellular expenses. By extending access to personal and public hotspots, Agito can help companies further control costs. Its partnerships with Cisco and Avaya help validate the company’s technology. However, corporate WLANs must be robust to carry voice, and integration of FMC technology with the PBX is far from plug-and-play. Companies supporting various cell phone manufac- turers also may run into compatibility issues with an FMC deployment.

TIMELINE

Company Raises is founded $13 million 2006 2008

Raises $7 million in funding Launches Secure Remote Voice

Analytics Alerts

3Tera By John Foley

IN THE EMERGING WORLD OF CLOUD COMPUTING, some vendors deliver cloud services and others enable them. 3Tera, with its grid operating system, is among the latter. 3Tera’s AppLogic is being used by Layered Technologies and Nirvanix to offer on-demand services. Increasingly, 3Tera is selling its software directly to corporate customers.

3TERA HEADQUARTERS Aliso Viejo, Calif. PRODUCT AppLogic, a grid operating system PRINCIPALS Barry Lynn, chairman and CEO; Peter Nickolov, co-founder, president, and COO; Bert Armijo, co-founder and senior VP

Lynn: Data INVESTORS $3.7 million in funding, led by distribution partner centers can Net One Systems be run like utilities EARLY CUSTOMERS BT, Nexplore, Woopra

A SHORT HISTORY 3Tera’s AppLogic grid OS runs on commodity servers connected via Gigabit Ethernet. The company introduced AppLogic nearly two years ago, and global telecom provider BT became an early adopter last year when it decided to use AppLogic to offer on-demand computing services. 3Tera’s newest push is a suite of virtual appliances for disaster recovery.

Analytics Alerts

KEY COMPONENTS AppLogic is comprised of three subsystems. A distributed kernel provides core system services and abstracts the underlying hardware; a “disposable infrastructure” manager manages the software and hardware associated with each application; and a grid controller manages and monitors the grid. AppLogic runs on Linux, Solaris 10, and OpenSolaris servers, and support for Windows Server goes into beta testing this month. AppLogic taps into direct attached storage. AppLogic 2.3 is in beta release.

EPITAPH 3Tera co-founder and the company’s original CEO, Vladimir Miloushev, died in August 2007 of a brain aneurysm. He was 45 years old. Lynn called him a “brilliant, extraor- dinary visionary.”

VIRTUALIZATION AppLogic employs virtualization to package the various software components needed to assemble a full-fledged application—operating system, database, Web server, and gateways, for example. Those resources can be configured and managed from AppLogic’s browser-based interface. Customers also can embed agent software from enterprise management systems such as IBM Tivoli or CA Unicenter into hosted applications, so they can be managed from a central management console.

TIMELINE

BT discloses plans 3Tera is founded to use AppLogic

2004 2006 2007 2008

AppLogic goes into Partner Net One Systems beta testing invests in 3Tera

Analytics Alerts

Arista Networks By John Foley

CLOUD COMPUTING PROMISES SIMPLICITY IN DELIVERY, but it requires highly reliable networks built for on-demand access. Arista Networks targets this market with its line of 10 Gigabit Ethernet switches. It recently named Cisco veteran Jayshree Ullal as CEO, while co- founder Andy Bechtolsheim took on an expanded role as chairman and chief development officer.

ARISTA NETWORKS HEADQUARTERS Menlo Park, Calif. PRODUCT 10 Gigabit Ethernet switches and Arista EOS software PRINCIPALS Jayshree Ullal, president and CEO; Andy Bechtolsheim, co-founder, chairman, and chief development officer INVESTORS Privately held EARLY CUSTOMERS BitGravity, Lawrence Livermore National Ullal gets back to her Laboratory “entrepreneurial roots”

WHAT’S IN A NAME Until a few weeks ago, Arista Networks was known by its original name, Arastra. About the time it changed its moniker, Arista trademarked the term “cloud networking,” in reference to the network fabrics required to support data centers with 10,000 or more servers. Cloud networks must be self-healing and have latency measured in microseconds, says Ullal.

THE PLATFORM Arista makes a line of 10 Gigabit Ethernet switches, a software layer called the Extensible Operating System, or EOS, and transceivers and cables. Its 7100 series switches are available with 24 or 48 ports in a 1U design for rack installation, and they support Layers 2, 3, and 4 switching in the IP stack. Performance ranges to 960 Gbps and 720 million packets per second. EOS supports in-service software upgrades, configuration, and service provisioning across switches.

BRAIN TRUST Co-founders include chief scientist David Cheriton, a Stanford University professor, and VP of software engineering Ken Duda. Both worked with Bechtolsheim at Granite Systems, acquired by Cisco.

Analytics Alerts

OUR TAKE With Ullal and Bechtolsheim (co-founder of Sun Microsystems and, until recently, its chief system architect) leading the management team and with Lawrence Livermore as a new customer, Arista takes a big step toward viability. Yet the networking market is crowded with established competitors, cloud computing is in the early stages, and Arista’s platform is relatively new. Also, IT spending is tightening. The startup’s window of opportunity is open, but significant challenges remain.

TIMELINE

Founded as Arastra Products released

2004 2007 2008

Product testing Company renamed; begins Ullal becomes CEO

Attivio By John Foley

YOUR COMPANY COLLECTS TERABYTES OF DATA, yet finding the information that employees need is tricky because it’s scattered far and wide. IT pros have tried many techniques to solve this data management dilemma, including universal databases, data warehouses, and enterprise search. Newcomer Attivio is about to offer another alternative.

ATTIVIO HEADQUARTERS Newton, Mass. PRODUCT Active Intelligence Engine, an enterprise search engine that combs through structured and unstructured data “Search is not PRINCIPALS Ali Riaz, co-founder and CEO; Sid Probstein, co-founder enough,” says Riaz and CTO; Andrew McKay, co-founder and senior VP of products INVESTORS $6.2 million in private equity funding EARLY CUSTOMER Boldfacers

Analytics Alerts

SEARCHING FOR ANSWERS Businesses generate both structured data, that within the fields of databases and business applications, and unstructured data, the free-flowing content of e-mails and documents. However, database query tools and search algorithms generally don’t work across all data sources, so getting comprehensive, timely information can be nearly impossible.

THE MARKET Enterprise search is a fast-changing market in which Google, IBM, and Oracle compete with specialists like Autonomy, Endeca, and Vivisimo. In January, Microsoft announced plans to acquire Fast Search & Transfer, an enterprise search vendor in Norway, for $1.2 billion. At- tivio’s co-founders all worked at Fast, Riaz as COO and president. Does the world really need another enterprise search company? Try to find information you need inside your company, and you’ll know the answer.

WHAT’S NEXT Attivio is fine-tuning its software and signing its first customers. Early adopters are evaluating the product, with general availability planned for summer. Monthly license fees are expected to begin at $5,000.

HYBRID APPROACH Attivio’s Active Intelligence Engine is enterprise search software with characteristics of a business intelligence query tool. It works by creating a “universal index” of data from relational databases, Microsoft Office documents, PDFs, e-mail, and enterprise applications, including Salesforce.com. Among its features are a “fuzzy” query language, probabilistic relevancy model, real-time processing, and an alert system that notifies users when new results match a search request. There’s an API for custom development.

TIMELINE

AIE released Attivio founded to select companies

2007 2008

Active Intelligence AIE scheduled for Engine unveiled general availability

Analytics Alerts

Central Desktop By Andrew Conry-Murray

WITH MICROSOFT, IBM, AND GOOGLE stomping around the collaboration market, a startup has to be as nimble as Jackie Chan to compete. Central Desktop, which offers a suite of collaboration tools delivered via software as a service, moves quickly enough to snare market share among small and medium-size companies.

CENTRAL DESKTOP HEADQUARTERS Pasadena, Calif. PRODUCT Central Desktop collaboration software PRINCIPALS Isaac Garcia, CEO; Arnulf Hsu, CTO CEO Garcia collaborates INVESTORS Bootstrapped by Garcia and Hsu for fun and profit FOUNDED 2005 EARLY CUSTOMERS Webcor Builders, AlliedBarton

WHY WILL YOU BE HERE A YEAR FROM NOW? “Our sweet spot is the SMB. We believe it’s underserved,” says CEO Garcia. While other vendors chase Fortune 2000 companies, Central Desktop aims for profitability by appealing to a large population of small and midsize enterprises. The company has about 35,000 paying customers. Its free version also helps to grow a customer base.

OPPORTUNITY Companies are adopting collaboration software to improve productivity and make it easier for employees to share information. Central Desktop creates online project workspaces, so users have a single repository for shared content and mechanisms to control document versions. They also can enforce basic rights, such as who can edit or download information. Garcia says the ROI for customers comes from reducing the time it takes to roll out projects and cutting down on e-mail volumes.

Analytics Alerts

THE COMPETITION Basecamp offers a similar SaaS-based project management service. Google Docs provides limited Web collaboration. Microsoft SharePoint and IBM Lotus Quickr are the major licensed-software competitors.

BUSINESS MODEL Central Desktop offers a suite of tools for multiuser project management, including collabora- tive docs and spreadsheets, group discussion threads, e-mail notifications, and shared calendar- ing. Because it’s delivered as a service, the capital costs are low, deployment is a snap, and it’s easy to scale—three key concerns for the company’s target market. As with other SaaS applications, users access the product via a Web browser, and Central Desktop provides the hosting, storage, and other infrastructure.

TIMELINE

Reaches 60,000- user mark Company founded

2005 2006 2007

Available on AppExchange Enhances database capabilities

Cleversafe By John Foley DON'T PUT ALL YOUR EGGS IN ONE BASKET. Cleversafe’s “dispersed storage” grid software breaks data into pieces for archiving in a dozen or more servers, then reassembles it as needed. The concept isn’t new, but Cleversafe thinks its commercial, open source approach will give the technology wider appeal.

Analytics Alerts

CLEVERSAFE HEADQUARTERS Chicago PRODUCT Software that disperses data across a storage network PRINCIPALS Chris Gladwin, chairman and CTO; Jon Zakin, president Zakin stepped in and CEO; Jamie Bellanca, VP of development as CEO six months ago INVESTORS Alsop-Louie Partners, NEA, OCA Ventures, individual investors Casey Cowell and Chris Galvin EARLY CUSTOMERS Undisclosed

WHAT’S NEW? Version .74 of Cleversafe’s Dispersed Storage Network software comes with an iSCSI interface for easier integration with Linux, Solaris, and Windows. It incorporates the Cauchy Reed- Solomon information dispersal algorithms, providing control over how many servers are used to house data and how many are needed to reassemble it.

BUSINESS MODEL Cleversafe’s technology is available as open source for companies that have the resources to deploy it, and it will be available next year in commercial form for those that want help. Other vendors could use the technology to offer dispersed storage systems and services. Cleversafe’s commercial license will come with support and indemnification, while the open source license is offered “as is” without legal protection. Open source development efforts are centered at Cleversafe.org.

THE MARKET Information dispersal algorithms, or IDAs, have been used for years by government agencies to divvy data files into pieces for later reconstruction. Benefits include security (deconstructed data can’t be read) and reliability (dispersed data can be reassembled even if some storage nodes fail). Cleversafe developed its own IDAs and released them last year as open source under GPLv2. Cleversafe is working with partners to create a “dispersed storage network” that can be used to evaluate the technology.

Analytics Alerts

TOP DOGS Zakin, an original board member and former investor in the company, was named president and CEO in May. He replaced Gladwin, a Cleversafe founder, who continues as chairman and CTO.

TIMELINE

Zakin named Open source president and CEO project launched 2006 2007

Partner program Cleversafe version expanded .74 released

Embotics By Andrew Conry-Murray

VIRTUAL MACHINES are a lot like tribbles from Star Trek: If you aren’t careful, they can multiply quickly and end up in unexpected places. Embotics tackles VM sprawl by tagging virtual machines as they’re provisioned. It then tracks their movement around your company’s IT infrastructure, helping put you back in control.

EMBOTICS HEADQUARTERS Ottawa, Ontario PRODUCT V-Commander VM life-cycle management software PRINCIPALS Jay Litkey, founder, president, and CEO; Jean-Marc Seguin, chief architect; David Lynch, VP of marketing INVESTORS Tera Capital, private investors Litkey isn’t new FUNDING Undisclosed to the world of IT management EARLY CUSTOMERS AMD, financial services, health care companies

Analytics Alerts

THE BIG IDEA Virtual machines are easy to provision and move from one physical machine to another, making it difficult for IT to maintain administrative control. Embotics’ V-Commander tracks each authorized VM with a unique ID, allowing IT to better monitor VMs from creation until they are decommissioned. Embotics alerts IT when new VMs appear in the infrastructure.

BUSINESS CASE Existing virtualization management tools handle provisioning, resource usage, backup and storage, and availability. In tackling VM sprawl, Embotics carves a useful niche for itself while solv- ing a key problem. Unmanaged VMs are a security risk. They may miss OS and application patches or expose network services that leave them vulnerable to attack. They consume system resources, possibly degrading overall performance. Rogue VMs may also violate compliance mandates or regulations.

PEDIGREE Founder Litkey started Symbium, an IT automation company, and began his career at Nortel Networks. Chief architect Seguin, who also came to Embotics from Symbium, holds several patents.

CONTROL KNOBS V-Commander requires VirtualCenter, VMware’s provisioning and management system, to see when new ESX-based VMs are created. Support for Microsoft’s virtualization platform is planned, and Citrix support should follow. V-Commander scans each new VM to see if it’s a copy of an existing VM, which Embotics calls “lineage.” Tracking lineage enables interesting features. If one VM becomes unstable, administrators can proactively examine other VMs that are copies of the problematic one.

TIMELINE

Announces reseller Embotics founded program

2006 2007 2008

V-Commander Joins Microsoft is launched startup program

InformationWeekanalytics.com

Analytics Alerts

Expresso Andrew Conry-Murray

ESPRESSO OFFERS AN ONLINE SERVICE that lets users post and share Microsoft Excel files. Rather than reinvent the wheel, Expresso decided to set up its service around the world’s most-used spreadsheet program. And more Office apps are on the way.

EXPRESSO HEADQUARTERS Menlo Park, Calif. PRODUCT Online collaboration service for Excel spreadsheets CEO Langan PRINCIPALS Huy (Sam) Nguyen, founder; George Langan, CEO; makes it Julia O’Connor, CFO easy to share Excel files INVESTORS Individuals’ Venture Fund, Novus Ventures, Rocket Ventures EARLY CUSTOMERS Health Services, Gyrus ACMI, Lite-On Technology

ELEVATOR PITCH E-mail is a lousy way to collaborate on Excel spreadsheets. Expresso gets around that by letting customers post them on a secure online workspace, where they can invite others to collaborate. All it takes is a licensed copy of Office and an Expresso account. The software-as-a-service startup offers a free version and a corporate package at $79 per seat per year.

CONTROL KNOBS When a user uploads an Excel file to the company’s service, it’s loaded into an Oracle database. The spreadsheet owner controls access to the spreadsheet and can invite others to collaborate on it via e-mail. The owner controls edit privileges, such as who can read the file, make changes, or download it. Expresso allows control down to the cell level. The service maintains a detailed audit trail of every change made to the spreadsheet, including who made the change and when it happened.

Analytics Alerts

BACKGROUND Founder Nguyen comes from a company called SmartDB, which made software tools for the Oracle database. He sold SmartDB’s IP to Rocket Software and used the proceeds to launch Expresso.

OUR TAKE Expresso’s use of Excel is a powerful differentiator versus Google Docs, Zoho, and other collaboration platforms, which offer alternatives to Office. Expresso plans to expand to Word and PowerPoint. The company was selected to join Microsoft’s Startup Accelerator Program, in which Microsoft offers assistance to new companies. I’ll wager Microsoft is interested because Expresso can keep Office customers from defecting to other systems while Microsoft develops its own SaaS offerings.

TIMELINE

Joins Microsoft Expresso is startup program founded 2007 2008

Raises $2 million Debuts on in funding AppExchange

FireEye By Andrew Conry-Murray

FIREEYE AIMS TO PROTECT ENTERPRISES from Web-based security threats, including malware and botnets. The company deploys an appliance on the customer premises that runs suspicious Web and network traffic against a set of virtual computers. It alerts administrators if a virtual computer gets compromised. It also can help IT find PCs that might have malware trying to contact a control server or botnet.

REAL-TIME DETECTION “The browser is the new target for malware,” says founder and CEO Ashar Aziz. “Legitimate

Analytics Alerts

FIREEYE HEADQUARTERS Milpitas, Calif. PRODUCT FireEye 4200 security appliance, Malware Analysis & Exchange Network PRINCIPALS Ashar Aziz, founder and CEO; Bahman Mahbod, VP of engineering; Zane M. Taylor, VP of operations INVESTORS Sequoia Capital, Norwest Venture Partners, Jafco, SVB Capi- tal, DAG Ventures, Juniper Networks Aziz brings the virtual EARLY CUSTOMERS University of California, Berkeley; Canaras Capital heat against Web-based BACKGROUND: Founder Aziz also founded Terraspring, a data center au- malware tomation and virtualization company. Terraspring was acquired by Sun Mi- crosystems and became Sun N1, with Aziz as the technology leader for N1.

Web sites are being compromised and downloading malware onto computers that come to visit them.” He also says malware is highly dynamic, making it hard for traditional signatures and URL databases to keep up with changing attacks and compromised Web sites. FireEye employs several technologies, including heuristics and virtual machines, to detect real-time attacks against PCs while also keeping false positives to a minimum.

HOW IT WORKS FireEye deploys an appliance at customer sites. The appliance sits out of band but monitors all inbound network traffic. The company combines signatures and heuristics to examine inbound traffic for evidence of suspicious behavior. “We have tuned these algorithms to be highly sensitive, which increases the rate of potential false positives,” says Aziz.

To counteract false positives, it captures and replays suspect traffic against a set of virtual machines that run inside the appliance. These VMs imitate full PCs, including operating systems and applications. If a virtual victim gets compromised, the system knows there was an attack on the wire and will alert administrators.

Administrators can share information with FireEye’s Malware Analysis & Exchange Network. This network automatically updates other FireEye appliances so that they can identify exploit code without having to run traffic through a virtual machine.

The FireEye system can’t block attacks.

Analytics Alerts

OUR TAKE FireEye combines concepts from intrusion detection, honeypots, and virtualization to create a new wrinkle for protecting against dynamic malware.

The product’s inability to stop attacks may appeal to customers that don’t want a startup to be responsible for blocking traffic. However, companies must be prepared to invest the resources into chasing down alerts and remediating exploits. The 4200 isn’t a set-it-and-forget-it product.

We’d like to see FireEye more tightly integrate with URL-blocking technology and trouble-tick- et systems.

TIMELINE

Company is founded Launches 4200 2.0 appliance

2004 2006 2007 2008

Raises $6.45 million Raises $14.5 million

Mi5 Networks By Andrew Conry-Murray

THE WEB IS A COMMON SOURCE OF MALWARE INFECTIONS. It’s also a place where employees goof off, or worse—invite lawsuits by browsing porn sites at the office. Mi5 Net- works’ appliances play virtual vice cop, stopping viruses and spyware at the gateway and keeping employees’ browsers clean.

WHY TAKE A CHANCE ON YOU? Mi5’s engineering team has previously built networking technology for carrier networks, so “we have a heritage of developing high-performance and high-reliability products,” says CEO Doug Camplejohn. He notes the company has been recognized by Gartner and other experts for hav-

Analytics Alerts

Mi5 NETWORKS HEADQUARTERS Sunnyvale, Calif. PRODUCT Mi5 Webgate, Mi5 SpyWash PRINCIPALS Doug Camplejohn, CEO and co-founder; Ofer Doitel, VP of engineering and co-founder INVESTORS Labrador Ventures, First Round Capital

Camplejohn EARLY CUSTOMERS Boston Celtics, E-Loan, Fenwick & West, aims to tame Santa Clara University the wicked Web

ing a modular platform that addresses a host of Web threats in a single appliance.

OPPORTUNITY Attackers have become increasingly sophisticated in using the Web to get viruses and spyware onto end users’ systems. And a URL filtering system is essential to ensure appropriate Web use in the office. Mi5 combines both technologies into a single platform to serve as a one-stop Web security offering. The company is adding new features, such as a downloadable agent that cleans infected machines and then uninstalls itself and the ability to block file uploads and downloads.

BUSINESS MODEL Mi5’s appliances offer easy deployment and reduced management headaches for its customers. The company makes use of OEM agreements; it licenses a URL database from IBM ISS and malware signatures from Sophos and Sunbelt Software. Mi5 develops some of its own signatures and concentrates on building a low-latency platform that won’t hinder Web traffic. It blocks infections from the Internet and stops malware on compromised PCs from phoning home.

THE COMPETITION Websense is the market leader in URL filtering. Secure Computing’s Webwasher offers robust malware and URL filtering. Blue Coat, eSoft, and St. Bernard Software also are strong competitors in this space.

Analytics Alerts

TIMELINE

Adds URL filtering capability Company founded

2005 2006 2007

Launches WebGate Appoints new VP appliance

Neocleus By Andrew Conry-Murray

NEOCLEUS HAS DEVELOPED A HYPERVISOR that runs on PCs and laptops. It can run multiple operating systems, such as Windows and Mac OS. It also can create distinct environments, such as a work environment that only runs business applications and a personal one for Web browsing.

NEOCLEUS HEADQUARTERS Jersey City, N.J. PRODUCTS Desktop Hypervisor Framework, Trusted Edge PRINCIPALS Ariel Gorfung, co-founder, president, and CEO; Etay Bogner, co-founder and CTO; Yoav Weiss, chief security architect INVESTORS Battery Ventures, Gemini Israel Funds Gorfung and Bogner bring FUNDING $16.4 million virtualization to PCs EARLY ADOPTERS Standard Charter Bank is evaluating Trusted Edge

WHAT’S DIFFERENT? Neocleus’ hypervisor is Type 1, meaning it runs directly on hardware and doesn’t need an operating system. Many PC-based hypervisors are Type 2, which means they run inside an existing

Analytics Alerts

operating system. Type 1 provides superior protection because malware that corrupts an OS won’t affect the underlying hypervisor or any other virtual machines hosted by the hypervisor.

CONTROL KNOBS Trusted Edge lets users connect to Citrix Presentation Server via Independent Computing Ar- chitecture, Citrix’s proprietary protocol for connecting remote computers to an application server. Users also can access Web applications via HTML and Ajax. In addition, Trusted Edge supports the Remote Desktop Protocol, so users can connect to another computer that runs Microsoft Terminal Services. The company aims to support a variety of Windows applications as well.

PEDIGREE Co-founder Ariel Gorfung was CEO of Intuwave, which provides connectivity middleware for the Symbian platform. Co-founder Etay Bogner also helped found SofaWare, which was acquired by Check Point Software.

BACKGROUND Neocleus has two technology offerings. The first is the Desktop Hypervisor Framework, a hypervisor based on the Xen open source hypervisor. Neocleus has modified the server-oriented Xen to run on PCs and laptops. The company plans to contribute its modifications to the open source community. Neocleus also is building virtual appliances to run on its hypervisor. Trusted Edge is the first. It creates a virtual environment that lets users remotely connect to corporate applications.

TIMELINE

$11.4 million raised Neocleus founded

2006 2008

Trusted Edge announced

Analytics Alerts

Pano Logic By Andrew Conry-Murray

TIRED OF MANAGING DESKTOPS? Pano Logic’s desktop virtualization approach may be for you. The company replaces high-powered desktop PCs with the Pano Device, a small silver cube that has no memory, CPU, or operating system. Instead, a user plugs a USB-based keyboard, monitor, and mouse into the device, which connects to a virtual machine in a data center. This VM runs the operating system and apps the user requires.

PANO LOGIC HEADQUARTERS Menlo Park, Calif PRODUCT EchoSign 4.0, a service for signing contracts electronically PRINCIPALS Aly Orady, co-founder and CTO; Nils Bunger, co-founder and VP of engineering; John Kish, president and CEO INVESTORS Goldman Sachs, Foundation Capital EARLY CUSTOMERS BroMenn Healthcare, SanDisk BACKGROUND Orady and Bunger worked together at a previous startup, Kealia, which was acquired by Sun Microsystems. Both hold master's degrees in electrical engineering from Stanford University. Kish formerly led thin-client vendor Wyse Technology.

VIRTUAL APPROACH Pano aims to help customers cut desktop hassles and costs through virtualization. For instance, if an application gets buggy or a user downloads malware onto a machine, IT typically has to dispatch an administrator to diagnose and fix the problem. With virtualization, the admin sim- ply kills the existing VM and spins up a new one. On the power front, Pano Logic says its device Orady consumes around 3 watts—significantly lower than a typical desktop computer, which can reach makes big, expensive over 100 watts depending on hardware and usage. A Pano Device costs around $300. PCs disap- pear

HOW IT WORKS The Pano Device connects over a corporate LAN to a virtualized instance of Windows XP run-

Analytics Alerts

ning on VMware’s ESX and Server software. Because the device has no processor, memory, or operating system, it essentially acts like a green screen, displaying the apps on the monitor and sending keystrokes back to the VM. All data and files are stored either in the VM or on a separate file system connected to the data center.

Pano Manager software discovers when a Pano Device connects to the network, presents a login screen to users, and connects them to the appropriate VMs. The software integrates with Active Directory for user account management. The company says a typical server can support 30 to 50 VMs.

Pano Desktop Service, a Windows service, runs inside each VM. The service mediates between the Windows drivers in the operating system and the USB ports on the Pano Device. In addition to monitor, mouse, and keyboard, the Pano Device supports USB-based printers, flash drives, and other peripherals.

OUR TAKE Pano Logic is targeting organizations such as hospitals, call centers, and educational institu- tions, which appreciate centralized control and may prefer that sensitive data doesn’t get stored to local devices.

The company competes against Sun Microsystems and its Sun Ray thin client, which carries a similar price point and a strong brand.

Wyse is another major player in the thin client market. Pano Logic also will be competing with other desktop virtualization approaches.

TIMELINE

Company is founded Announces new president and CEO

2006 2007 2008 2009

Launches first Pano Device Raises $18 Million in Series B funding

Analytics Alerts

Pentaho By John Foley

CONSOLIDATION IN THE BUSINESS INTELLIGENCE MARKET has pushed Business Objects into the arms of SAP and Cognos into IBM’s fold, but there are other options. Pentaho is gaining traction with its open source alternative, a BI suite that includes reporting and analysis tools, data mining, and dashboards.

PENTAHO HEADQUARTERS Orlando, Fla. PRODUCT Pentaho Open BI Suite, open source business intelligence applications Daley and co-founders are on their third startup PRINCIPALS Richard Daley, co-founder and CEO; Marc Batchelor, co-founder and chief engineer; James Dixon, co-founder and chief geek INVESTORS Benchmark Capital, Index Ventures, New Enterprise CUSTOMERS Close Premium Finance, Lifetime Networks, ZipRealty

BUSINESS MODEL A commercial open source company, Pentaho “leads and sponsors” the open source projects that are core to its suite, giving it direct influence over software development. The developer community involved in those projects is around 8,000 members. Pentaho generates revenue via technical support and management services for enterprise customers.

PEDIGREE Co-founders Richard Daley, Marc Batchelor, and VP Doug Moran previously co-found-

Analytics Alerts

ed AppSource (acquired by Arbor Software, later merged into Hyperion Solutions) and Keyola (acquired by Lawson Software).

THE PIECES Development centers on five projects: architecture, data integration, analysis services, data mining, and reporting. The architecture (called Pentaho BI Platform) includes a workflow engine and integrates reporting, analysis, and the other apps. The data integration project (called Kettle) focuses on extract-transform-load tools. Analysis services (Mondrian) are manifest as an OLAP database written in Java. Data mining (Weka) comprises classification, clustering, and other algorithms.

ROAD MAP The next major release of the Pentaho Open BI Suite, version 2.0, will include a metadata services layer that lets administrators map relational data sources into so- called business views. The goal is to make it easier for users to run queries or select from predefined subjects without having to know database programming. Pentaho plans to integrate with content management systems as a way of storing and managing reports. New wizards will make it easier for admins to deploy OLAP cubes.

TIMELINE

$12 million in series Pentaho founded C funding

2005 2006 2007 2008

Professional edition Pentaho Open BI introduced Suite 2.0 due

Analytics Alerts

RightScale By John Foley

AS CLOUD COMPUTING MOVES FROM EARLY ADOPTERS TO THE MAINSTREAM, it’s becoming clear that IT pros need full-featured management tools to get it right. RightScale’s platform can be used to deploy and manage virtual servers in Amazon’s EC2 and other cloud services. Founded in 2006, RightScale closed $13 million in second-round funding last year.

RIGHTSCALE HEADQUARTERS Santa Barbara, Calif. PRODUCT RightScale Platform, a management system and dashboard for cloud computing services PRINCIPALS Michael Crandell, co-founder, CEO; Thorsten von Eicken, co-founder, CTO; Rafael Saavedra, co-founder, VP of engineering

RightScale INVESTORS Benchmark Capital, Index Ventures is Crandell’s third startup EARLY CUSTOMERS Animoto, Dada Entertainment, MindTouch

MULTIPLE CLOUDS RightScale got its start specializing in the management of virtualized IT resources in Amazon Web Services, giving customers more fine-grained control than they could get from Amazon. Amazon plans to expand its own cloud management capabilities in 2009. Meantime, RightScale is broadening its reach to Eucalyptus, FlexiScale, GoGrid, and Rackspace clouds.

THE PLATFORM RightScale’s dashboard in˚terface lets developers and IT administrators launch servers using templates (for Apache, MySQL, Rails, or Mephisto servers, for example), using scripting to do so, then monitor and manage those resources. When used with Amazon’s Elastic Compute Cloud, Simple Storage Service, or Simple Queue Service, server instances can be configured with Amazon’s optional availability zones and elastic IP addresses. Other capabilities include multiserver deployments, auto-scaling, and batch processing.

Analytics Alerts

BACKGROUND Thorsten Von Eicken and Rafael Saavedra worked together at ExpertCity, which developed the GoToMyPC service and was acquired by Citrix. Von Eicken was a colleague of Amazon CTO Werner Vogels at Cornell University.

OUR TAKE As one of the first vendors to provide a cloud management platform, RightScale has more experience than most in this market. Its platform has been used to launch nearly 250,000 virtual servers. As Amazon beefs up its own functions, users will have to decide whether to use Ama- zon’s improved tools for day-to-day management or those from a specialist like RightScale. For IT pros that want the option of managing resources across clouds from various service providers, RightScale should be evaluated.

TIMELINE

Partners with RightScale is FlexiScale, GoGrid founded 2007 2008

Receives $4.5 million in funding $13 million in new funding

SnapLogic By John Foley

DATA INTEGRATION IS THE IT REQUIREMENT—some say headache—that never goes away. As fast as one new data source gets tied into the business environment, another one comes along. SnapLogic’s open source data-integration tools can be used to create enterprise mashups and rich Internet apps, tie into service-oriented architectures, and more.

Analytics Alerts

SNAPLOGIC HEADQUARTERS San Mateo, Calif. PRODUCT SnapLogic open source data-integration framework with de- signer, repository, server, and connectors PRINCIPALS Gaurav Dhillon, co-founder and chairman; Chris Marino, CEO; Mike Pittaro, co-founder and chief community officer Marino and crew aim to INVESTORS Dhillon Capital cure data integration EARLY CUSTOMERS KQED Public Broadcasting headaches

LIFE ON THE EDGE SnapLogic's forte is data integration at the "edge" of business computing. What's that? It's files, spreadsheets, documents, and anything on the Web--Web pages, Web services, hosted applications. Using SnapLogic's framework, developers can interconnect these data sources, create mashups from them, or distribute centralized corporate data out to them.

COMPONENTS The framework consists of a design tool for mapping data from one source to another, programming interfaces, a metadata repository, a server to run data connections, and connectors to a variety of sources, including Apache, Oracle, QuickBooks, Salesforce.com, and SugarCRM. The framework runs on Windows or Linux, and it comes with components that support common data transformations such as join, sort, filter, and merge. SnapLogic 2.0 was released in May as a VMware virtual appliance.

BUSINESS MODEL The startup has adopted a commercial open source model. Its framework is available in a free community version (based on GPLv2) or via annual subscription for those needing professional support. A $9,000 developer subscription includes six server licenses and three days of training for two developers. An enterprise subscription covers 25 server licenses and starts at $25,000 for varying levels of support. SnapLogic is fostering a community of developers at www.snaplogic.org.

BACKGROUND Co-founder and investor Dhillon founded data-integration software company Informatica in

Analytics Alerts

1992 and served as its CEO for 12 years. Marino was founder and CEO of load-balancing specialist Resonate.

TIMELINE

Teamed with Wave Maker SnapLogic founded on mashups

2006 2007 2008

Framework went into beta testing SnapLogic 2.0 released as virtual appliance

Spiceworks By Andrew Conry-Murray

ANOTHER IT MANAGEMENT TOOL? BORING—until you realize it’s free. Spiceworks IT Desktop is network monitoring and management software that’s entirely supported by adver- tisements. Customers download the software for free in exchange for ads on the management screen.

SPICEWORKS PRODUCT Spiceworks IT Desktop PRINCIPALS Scott Abel, CEO; Greg Kattawar, VP of development; Francis Sullivan, CTO; Jay Hallberg, VP of marketing FUNDING $13 million INVESTORS Austin Ventures, Shasta Ventures CUSTOMERS London Symphony Orchestra; Master, Sidlow & Associ- ates; Fort Maier Homes; Pioneers Medical Center; Intelligent Decision Systems MARKETS Spiceworks targets businesses of up to 250 employees with IT staffs of one to five people. Free is a good business model for Abel

Analytics Alerts

BUSINESS MODEL Spiceworks uses Google’s AdSense to display ads on the right-hand side of the management console, which is a Web browser. The ads are text-only and take up about 15% of screen real estate. The company has established advertising relationships with tech vendors such as Netgear and Symantec. No information about their customers’ networks is sent to Spiceworks. Instead, ads are presented in general categories, such as servers, printers, security, and software.

OPPORTUNITY Small businesses weren’t being well-served by existing IT management products, which can be expensive and hard to use. “We thought we’d do the Salesforce.com of IT,” says Hallberg. “But what if someone came up with a cheaper alternative to our SaaS model?” The company decided “free” would be hard to beat. Spiceworks runs on Windows, which helps differentiate it from low-cost, open source options such as Zenoss and Nagios that require some Linux experience.

EXIT STRATEGY Given the regulatory mandates that have been piled on public companies in recent years, Spiceworks is less inclined to run for an IPO. “We’d be more inclined to being acquired than going public,” Hallberg says.

TIMELINE

Spiceworks Version 1.0 is released is launched

2006 2007

Gets $5 million Hits 100,000 users and snags in Series A funding $8 million in Series B funding

Analytics Alerts

Truviso By John Foley DATA WAREHOUSES ACCUMULATE TERABYTES OF DATA or deep analysis. That’s one way to create business intelligence; Truviso offers another. Its software performs continuous, real-time analysis on incoming data. Truviso got its start selling to financial firms. It views retail, RFID, IT infrastructure, and Web operations as ripe for its approach, too.

TRUVISO HEADQUARTERS Foster City, Calif. PRODUCT Complex event processing software PRINCIPALS Boyd Pearce, president and CEO; Michael Franklin, co- founder and CTO; Sailesh Krishnamurthy, co-founder and chief architect Real-time analysis INVESTORS Onset Ventures, Diamondhead Ventures, UPS Strategic is the way Enterprise Fund to go, says Pearce EARLY CUSTOMERS FX Concepts

SQUEEZING LATENCY Truviso’s adaptive query processor makes it possible to run dozens, even hundreds, of SQL queries against data as it comes in from a variety of sources. Truviso’s algorithms can comb through historical data, but the real advantage is on-the-fly analysis of stock price, sales, or clickstream data, so actionable information can be revealed immediately.

EVENT PROCESSING Truviso’s architecture consists of three subsystems. A core engine, based on the open source PostgresSQL relational database, manages queries and other data management tasks, while an integration framework provides connectors to data feeds and source systems. The third subsys- tem, with graphing and charting templates, is used to create browser-based front ends to view query results. Truviso segments data by time or number of records, then runs queries against those data sets.

Analytics Alerts

THE MARKET Financial firms are early adopters of complex event processing, and Truviso is going after that market with an algorithmic trading version of its platform. Logistics, inventory, network monitoring, and RFID networks are other environments where the company sees potential for up- to-the-minute business intelligence. Competitors include Coral8, Progress Software, and StreamBase Systems. Truviso has struck go-to-market partnerships with GoldenGate Software, Hotspot FX, and Reuters.

BRAIN TRUST Franklin is a computer science professor at UC Berkeley, and Krishnamurthy has a Ph.D. from the school. Pearce was previously with ANTs Software, Hitachi Data Systems, Pyramid Technology, and Teradata.

TIMELINE

Truviso founded Pearce named CEO

2005 2006 2007 2008

Series A funding Algorithmic trading secured software shipped

WorkLight By Andrew Conry-Murray

DO YOU WISH YOUR BUSINESS APPLICATIONS were more like Facebook or a gadget? WorkLight brings Web 2.0 inside the enterprise by letting users mash up information from CRM and ERP systems with consumer apps such as RSS feeds, Facebook, and iGoogle—while also maintaining IT security controls.

THE BIG IDEA Rather than rejigger business apps to behave like Web 2.0 tools, WorkLight combines con-

Analytics Alerts

WORKLIGHT HEADQUARTERS Yakum, Israel PRODUCT WorkLight 2.1 PRINCIPALS Shahar Kaminitz, founder and CEO; Yuval Tarsi, founder and CTO Kaminitz INVESTORS harnesses Genesis Partners, Index Ventures, Shlomo Kramer consumer FUNDING innovation $5.1 million EARLY CUSTOMERS Ness Technologies, financial services companies

sumer apps with corporate data and security controls so companies can leverage that innovation while letting employees use familiar products. “Innovation comes from the consumer side of the Web,” says CEO Kaminitz. “You can’t catch up with Facebook and Google.”

BUSINESS CASE So where’s the business value in Facebook? Kaminitz says organizations can encourage users to create corporate profiles, which can then be used to search for knowledge-area experts. The key value is that WorkLight can get information out of application silos and let enterprises use it in new and inventive ways to boost productivity. For instance, employees can create gadgets that compare sales records with inventory levels. And user-created gadgets can be shared company-wide.

PEDIGREE Kaminitz and Tarsi both served in the Israeli army’s elite intelligence unit, which has produced other tech entrepreneurs. Kaminitz comes from Amdocs, where he built Web front ends for enterprise apps.

THE PIECES The foundation of the product is software that runs on a server inside the corporate firewall. The software includes adapters that extract data from ERP and CRM applications from vendors such as SAP and Oracle and from other data sources, and it uses common Web formats such as Ajax to expose the information to end users. It can integrate with Microsoft’s Active Directory

Analytics Alerts

to enforce existing authorization policies to ensure that information isn’t exposed to people who shouldn’t see it.

TIMELINE

Launches secure Company RSS reader founded 2006 2007 2008

Raises $5.1 million WorkLight 2.0 available

Xkoto By John Foley INCREASE THE AVAILABILITY AND SCALABILITY of your databases while significantly lowering costs. That proposition is helping Xkoto get its foot in the data center door at a growing number of companies, with 17 new customers signed in 2007. After targeting IBM’s DB2 initially, the newcomer aimed to offer a version of its product for Microsoft’s SQL Server by mid-2008.

XKOTO HEADQUARTERS Waltham, Mass. PRODUCT Gridscale load-balancing software supports multiple active copies of a database on commodity servers PRINCIPALS David Patrick, CEO; Albert Lee, co-founder and chief strategy officer CEO Patrick joined the INVESTORS GrandBanks Capital, GrowthWorks Canadian Fund company in November EARLY CUSTOMERS The Children’s Place, United Healthcare

Analytics Alerts

THE OPPORTUNITY Why load-balancing software? Increased database performance and scalability across servers are two reasons companies license Gridscale, but the No. 1 selling point is continuous availability, says CEO David Patrick. Early adopters in financial services, health care, and travel can’t afford the downtime associated with database glitches, maintenance, and upgrades.

HOW IT WORKS Gridscale supports three or more “active copies” of a relational database running across a cluster of low-cost servers. It sits between those database copies and the applications accessing them, managing multiple, concurrent data requests. If one database server fails, the remaining servers automatically pick up the workload. Gridscale 3.5, released in December, adds support for DB2 on Windows, a Web interface for administrators, and connection pooling for improved application performance.

THE MARKET Products from other vendors perform some of same functions as Gridscale. IBM’s High Avail- ability and Disaster Recovery, Oracle’s Real Application Clusters, and Symantec’s Veritas Cluster Server are examples. Xkoto officials say Gridscale’s strengths include ease of use, its “active copy” approach, and support for multiple databases. The company estimates one-time savings of $295,000 and recurring annual savings of $60,000. Says co-founder Lee, “Our solution does more and the cost is less.”

HERITAGE Xkoto was spun off from Halcyon Monitoring Solutions, and its co-founders worked together there. CEO Patrick was previously Novell’s general manager of Linux, open source, and platform services.

TIMELINE

Xkoto founded $7.5M in Series B funding; Patrick hired

2005 2006 2007 2008

Gridscale 2.0 SQL Server released support

Analytics Alerts

Zscaler By John Foley

CLOUD COMPUTING GETS KNOCKED for being inherently insecure—after all, your corporate data is stored outside the firewall—but serial entrepreneur Jay Chaudhry is turning that logic on its head. Chaudhry’s new company, Zscaler, has just launched security as a service, an alternative to on-premises security software and appliances.

ZSCALER HEADQUARTERS Santa Clara, Calif. PRODUCT Web filtering, antivirus, and other IT security functions offered as an online service PRINCIPALS Jay Chaudhry, founder and CEO; K. Kailash, founder and CTO Cloud security INVESTORS Private investors is at an “inflection point,” says EARLY CUSTOMERS Hinda Incentives, Weather Channel Chaudhry

BREAKING CONVENTION Enterprise security typically has involved a range of applications and appliances (firewalls, gateways, network access control, VPNs) for establishing a secure perimeter, with scanning tools (antivirus, anti-spyware) for any malware or intruders that get through. Zscaler eliminates the need for some of that gear by routing traffic through its own security infrastructure.

SECRET SAUCE Two key elements of Zscaler’s distributed, multitenant architecture are the company’s Single- Scan, Multi-Action gateways and NanoLog log-reduction technology. SSMA minimizes latency as Zscaler’s various applications filter traffic, while NanoLog compresses Web log size as much as 50 times. Together, they bring speed and scalability to the process of applying a company’s IT policies to incoming and outgoing Web traffic. Zscaler functionality comes in four modules: Secure, Manage, Comply, and Analyze.

Analytics Alerts

THE THREATS Zscaler’s service addresses threats posed by “user-initiated” Internet access, including viruses, spyware, bots, phishing, and peer-to-peer networks. It also offers URL filtering to block access to prohibited sites and manage access to social networking, blogging, and other Web 2.0 sites and applications. Zscaler protects against data leakage and supports IT policy compliance by monitoring HTTP traffic. Monthly subscription fees range from $1 to $5 per user, depending on services used.

BRAIN TRUST Chaudhry has started a half-dozen companies, including AirDefense, CipherTrust, and SecureIT. Founder K. Kailash, who also worked at AirDefense and CipherTrust, began his career at Wipro when it was a startup.

TIMELINE

Motorola acquires Research and AirDefense development begins 2006 2007 2008

Zscaler is founded Zscaler launches security as a service

How To Vet Startups (Originally published November 2008)

By John Foley

IN OCTOBER, THE CEO AND CFO OF ENTELLIUM, a CRM startup in Seattle, were arrested, and half the company’s U.S. staff was laid off amid an accounting scandal in which revenue was overstated. For weeks after the arrests, there was no mention of the company’s problems on its Web site, leaving unsuspecting potential customers one phone call away from a bad decision.

The lesson: IT must thoroughly vet startups before entrusting new tech vendors with their business.

Analytics Alerts

It’s worth noting why InformationWeek turned its attention to the process of vetting startups. It was at the request of our Editorial Advisory Board, a panel of influential CIOs who said that many of their peers are interested in working with startups, but don’t have the resources to meet with every new company that comes knocking on their doors. That anecdote is important because it shows that CIOs are willing to take a shot on startups; it’s the fact that overburdened IT staffs have little time to devote to the weeding-out process that leaves the impression they’re closed-minded or biased against newcomers.

Our poll of 335 business technology professionals, conducted August 2008, reinforces that reality. When we asked what best describes their attitudes toward startups, only 1% of respondents said, “I avoid them.” A majority, 69%, indicated that they were neutral toward startups and evaluate them on a case-by-case basis. Among other respondents, 21% described themselves as cautious, using startups only when there are no other options. Only 9% consider themselves aggressive in working with startups.

We were struck by the fact that neutral respondents outnumbered cautious respondents by three to one, reinforcing the point made by InformationWeek’s Editorial Advisory Board. In fact, we can take that a step further: Not only are IT departments open to startups, they’re more open than they were a few years ago, and some see themselves working even more with start-

Figure 1 Willing To Work With Startups To what extent does your company use products or services offered by technology startups?

Widespread use; we’ve deployed No use; products/services products/services from tech startups from tech startups are not across most or all of our company used at my company 8% 17% Moderate use; several departments/business units use products/services from 18% tech startups

57% Minimal use; products/services from tech startups are used on a limited basis

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

InformationWeekanalytics.com

Analytics Alerts

ups in the months ahead. When we asked if tech startups are a more viable option than they were a few years ago, 82% of respondents agreed. That was followed by a question on changing attitudes, to which 27% said they’re more likely to work with startups over the next 18 to 24 months.

Why the change in attitudes? That’s the million-dollar question—and we mean that literally. Startups can be a way to trim IT costs at a time when many companies are in belt-tightening mode. Take Alfresco, a three-year-old startup in the market for content management systems. Alfresco CEO John Powell says full-featured enterprise content management systems from EMC, IBM, Microsoft, or another market leader can cost millions of dollars for a big project. Although Alfresco doesn’t publish list prices for its open-source content management system,

Figure 2 Startups Offer Greater Innovation, Flexibility Do you agree or disagree that technology startups offer the following advantages over established technology companies?

Completely disagree Somewhat disagree Neither disagree or agree Somewhat agree Completely agree

1% 5% 22% 44% 28% Product/service innovation 1% 9% 23% 47% 20% More flexibility and responsiveness 1% 10% 36% 40% 13% New licensing and business models 3% 9% 44% 35% 9% Substantial cost savings

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

Powell says the cost of Alfresco’s platform is one-third to one-tenth that of a high-end system from one of those big name competitors. For a major deployment, Alfresco could be millions of dollars less expensive.

As is always the case, potential customers must do their own cost comparisons to see if the numbers bear out the claims. Generally speaking, however, IT pros see cost savings as one of

Figure 3 Startups Tapped For PC Software Do you use or would you consider using startup products or services in the following areas of your business or IT infrastructure?

Already use Would definitely consider using Would possibly consider using Would not use nor consider for use

29% 12% 32% 23% 31% 46% 8% 19% PC software Systems and network management 21% 12% 32% 18% 37% 40% 10% 30% Web-based applications, software as a service (SaaS) Servers and storage 20% 11% 30% 17% 39% 42% 11% 30% Software development Network infrastructure 20% 10% 44% 33% 26% 38% 10% 19% Web site Sales, marketing, CRM 14% 8% 39% 14% 35% 46% 12% 32% Mobile devices and applications Enterprise applications, ERP 13% 19% 37% 31% Security

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

the primary benefits to working with startups. In our survey, we asked business technology professionals to rate startups on a scale of 1 (low expectation) to 5 (high expectation) in eight categories, then asked the same question as it applied to established technology companies. In the category “lower costs,” respondents gave startups an average score of 3.88, compared with an average of 3.09 for established vendors. In other words, there’s a higher expectation that startups will cut costs.

How did startups and established technology companies compare in the other categories? Startups carry a higher level of expectation in the areas of product/service innovation and customer responsiveness, while established vendors garner higher expectations for quality and reliability, secure products, scalability, long-term viability, and enterprise readiness. In short, IT pros expect startups to be more innovative, responsive, and cheaper—in that order—than established technology companies. On the flip side, they expect established vendors to outper-

Figure 4 Financial Stability Primary Worry What are your top concerns about doing business with technology startups?

72% Financial stability 52% Lack of ability to support products/services 42% Acquisition may orphan the product 37% Poor product/service reliability 28% Lack of integration with existing IT infrastructure 16% Management team inexperience 15% Advantages aren’t worth the risk 13% Products aren’t secure enough 7% Management tools too rudimentary

Note: Three responses allowed Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

form startups in areas of data center performance where there’s no margin for error.

IT AS GATEKEEPER There are many ways startups get a foot in the door at companies, but IT pros clearly see themselves as the gatekeepers to that process. When we asked which approaches are most common- ly used to introduce startup technologies to their companies, “vetted by the IT department” was the top response, mentioned by 36% of survey respondents. That was followed by partnerships with established technology vendors (34%), recommendations from other companies (31%), and internal business units bringing them in (27%). That last choice might be called the “Salesforce.com effect,” as Marc Benioff’s one-time startup rose to prominence by gaining popularity in sales and marketing departments first, with IT being pulled along afterwards.

Working through established technology vendors can be a great way to meet startups at lower risk. IBM, Microsoft, Salesforce, and others have business units or programs aimed at bringing startups into their ecosystems. In the process, they do some of the screening for you, looking for new products that complement their own and for management teams and business models that are enterprise ready.

IBM, for example, has worked with more than 1,400 startups over the past few years, according to Drew Clark, director of strategy for IBM’s venture capital group. At any time, Clark, who travels to China, India, and other parts of the globe in search of emerging companies, works with a few dozen startups that complement IBM’s own business. The hot areas now are so- called clean technologies, wireless, and cloud computing. For example, IBM’s working with 3Tera and Elastra, startups with cloud computing platforms. “We take their technology and wrap it with value-added services,” Clark says. IBM also helps emerging tech vendors “scale up and harden their architectures,” Clark says, so that they’re better prepared to serve financial services and telecom companies.

Here too, though, partnerships between established vendors and startups come with no guar- antees. Remember Entellium, the Seattle startup whose top two executives were arrested in October for wire fraud? Entellium was a Microsoft’s “Gold Certified” partner. Yet, like Entellium’s customers, Microsoft apparently had no visibility into the company’s internal shenanigans.

One of the most promising ways for startups to get introduced to your company, and one of the most controversial, is when employees bring them in—a so-called grassroots adoption. On the plus side, when employees bring in a Web 2.0, desktop, or other new technology from a

Analytics Alerts

startup, that technology has already cleared the user-acceptance hurdle. Yet, IT managers need to guard against a Pandora’s box of startup technologies, where every new social networking application, search tool, and Web download becomes part of an ad hoc, untested, and poten- tially unsecured IT infrastructure. This is where good IT governance comes in. IT departments must give employees the flexibility they need to use innovative new tools from upstart technology providers, while exercising an appropriate level of oversight. The degree of centralized control will differ by company and industry. Some IT departments run a tight ship when it comes to the software and services they allow on company computers; others give end users more lee- way.

Two avenues in particular are a fast track to wider adoption of startup technologies in the enterprise. According to our survey respondents, technologies vetted by the IT department or those introduced through partnerships with established technology vendors are most likely to be deployed more broadly across a company, cited as likely by 45% and 44% of respondents, respectively. Grassroots adoption by end users, business unit pull in, and other methods lead to wider deployment about a quarter of the time.

Figure 5 Majority Open To Working With Startups Which of the following best describes your attitude it comes to working with startups?

Aggressive; I like to use them Opposed; I avoid 9% them, period 1%

Neutral; I’m willing to evaluate 69% use on a case-by-case basis 21% Cautious; only when there aren’t other options

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

DUE DILIGENCE Once IT has identified a startup worth considering, the next step is to put it to the test. Based on our research, IT pros have a few favorite methods of vetting startups—product testing and customer references, for example—but there’s more they can and should be doing. Following are seven steps that all IT departments should consider when evaluating startups.

> Hands-on product testing. This is an obvious starting point and, appropriately, the most frequently mentioned screening method in our survey, with 88% of respondents indicating that they review or test a startup’s products or services as part of their due diligence. Among the factors to look out for: how well the new technology fits with your company’s IT infrastructure and skills, whether enterprise-class management tools and security are baked in, scalability, performance, and ease of use.

> Customer references. There are few better ways of learning about a company than talking to its customers, and 72% of business technology professionals do just that as part of the background check. If a startup tells you it has customers, but can’t name any or put you in touch with them, that should be a caution flag. Keep in mind that a vendor’s reference accounts tend to get special treatment, and they’re sometimes coached in what to say, so their experience may not translate into your experience. That said, a frank assessment from a paying customer cuts right through the marketing veneer.

Figure 6 Company Perception Of Startups Changing How do you expect your company’s attitude toward technology startups to change over the next 18 to 24 months?

We’ll be more likely to work 27% with technology startups No change 68%

5% We’ll be less likely to work with technology startups

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

> Check its financial status. Since almost all startups are privately held, getting a clear picture into their finances is difficult, if not impossible, but any startup should be willing and able to answer a few basic questions. For example, startups can tell you if they’ve received venture funding, how much, and from whom. VC funding alone isn’t a great litmus test—good startups can be self-funded—but if a company just closed $10 million in Series B funding, it’s the clos- est you’re going to get to a warm and fuzzy feeling about that company’s financial health. Fifty- seven percent of IT pros say they investigate a startup’s funding and financial well being.

> Meet the company. One of the nice things about working with startups is that company founders, senior executives, and top engineers are more readily available than in larger companies. Take advantage of this, and ask to speak to the CEO, CTO, or other senior manager. Fifty-six percent of respondents to our survey do so.

> Inquire about exit strategy. IT managers tend to overlook how a company will advance from being a startup into the big leagues of the technology industry—only 30% check into it—but it’s a question you should ask. Some startups are on track to be acquired by IBM, Oracle, or another software heavyweight, while others are looking to grow into bigger, public companies themselves. Knowing the company’s strategy helps you make an informed decision that you don’t later regret.

> Check management background. Contrary to the stereotype of two guys in a garage, many Silicon Valley entrepreneurs targeting the enterprise market have been through the lifecycle of a startup before, sometimes two or three times. In just one example, Dave Duffield, the CEO of Workday, is now on his fourth startup. Past success is no guarantee of future performance, but it helps to know that an experienced hand is at the wheel of the new company; 27% of poll respondents say they meet with startup management or technical experts.

> Stage of development. Startups can range from stealth mode, where plans are under wraps, to six or seven years old. PricewaterhouseCoopers and the National Venture Capital Association divide startups into a few buckets: seed/early stage, expansion, and later stage. Knowing a startup’s stage of development can be helpful. Some IT departments shy away from the newbies and toward those with a few years of experience under their belts.

The above steps mitigate the risks associated with technology startups, but they don’t eliminate them. Things can still go wrong, and sometimes do. Following is a deeper dive into the dark side of working with startups.

Analytics Alerts

WHAT, ME WORRY? InformationWeek’s Vetting Startups survey was conducted in August 2008, two months before turmoil in the financial sector roiled the stock markets, dried up lending, and caused venture capital firms to fire off “batten down the hatches” memos to the startup companies in their portfolios. Even prior to the market meltdown, financial stability was the top concern voiced by business technology professionals about doing business with startups, cited by 72% of respondents to our survey.

Silicon Valley is right to be worried. VC funding in the third quarter of 2008 dropped to $7.1 billion, its lowest level in nearly two years, with funding to Internet startups dropping 36% compared with the previous quarter. The sentiment among VCs and startups is that the situa- tion is going to get worse before it gets better.

What’s the implication for startups? For one thing, it means funding will be harder to come by, so they will have to find ways to preserve capital. That could translate into a slowdown in hir- ing and, by extension, stretching out product development roadmaps, having fewer people available to take support calls, or both. That brings us to concern No. 2 on the IT pros’ worry

Figure 7 IT Most Frequently Approves Startup Approaches most often used as the means to introduce startup technologies into your company

36% They're vetted by the IT department 34% Through partnerships with established technology companies 31% Recommendations by other companies 27% Business departments bring them in 26% We meet them at industry events 24% Grassroots adoption from end users 18% Recommendation by a VAR or integrator

Note: Percentages based on a rating of 4 or 5 using a five-point scale where 1 is “never used” and 5 is “frequently used” Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

list: a startup’s inability to support its products or services, cited by 52% of survey respondents.

It’s worth noting that when business technologists think about what could possibly go wrong in dealing with startups, it’s business issues—financial stability, support, orphaned products— that make them more nervous than technical issues. Only 13% of survey respondents expressed concern about product security, and a mere 7% worried about management tools not being up to snuff. The unmistakable message is that IT pros feel they can cope with glitchy software or incomplete tools, but shaky business models make them sweat.

GOOD FIT IT departments have different levels of comfort in deciding where startups fit in the enterprise. They’re most accepting of young technologies on the desktop, with 29% of survey respondents saying they already use PC software from startups and an additional 32% saying they would definitely consider it.

Next in the comfort zone are Web-based applications and software as a service (21% already

Figure 8 IT, Tech Vendors Provide Best Avenues For Startup Evaluation Most likely approaches to introducing startup technologies for evaluation or deployment on a broader basis

45% They’re vetted by the IT department 44% Through partnerships with established technology companies 27% Grassroots adoption from end users 26% Recommendation by a VAR or integrator 26% Recommendations by other companies 25% Business departments bring them in 21% We meet them at industry events

Note: Percentages based on a rating of 4 or 5 using a five-point scale where 1 is “not at all likely” and 5 is “very likely” Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

use, 32% would definitely consider); Web site technologies (20% already use, 44% would definitely consider), software development tools (20% already use, 30% would definitely consider), and mobile devices and applications (14% use, 39% would definitely consider).

Not surprisingly, IT departments are most protective of their IT infrastructures and their data centers, which means they’re less likely to consider startup technologies into those places. Security, systems management, servers, storage, and network infrastructure are all lower on the lists of areas in which IT departments already use or would consider startup technologies. ERP and enterprise applications are at the bottom of the list, with less than a quarter of survey respondents saying they already use or would definitely consider startup technologies in those critical areas. Of course, the ERP and enterprise software market is already dominated by some of the biggest names in the industry—Oracle, Microsoft, and SAP—making it harder for startups to break into the market.

To be sure, startups are developing infrastructure, data center, and enterprise software products and services, so it’s not like this is a No Man’s Land for IT departments. Earlier this year, Infor- mationWeek invited readers to vote on their favorite startup companies, and the resulting top 10 list demonstrates not only that there’s a wide range of tech startups targeting the enterprise software and infrastructure markets, but that IT professionals recognize them as legitimate options. With more than 1,000 people voting on InformationWeek.com, here, in order, are the Top 10

Figure 9 Perception Of Viability Shows Improvement Do you agree or disagree that technology startups are a more viable option for enterprise use than they were a few years ago?

Completely agree 15%

Completely disagree 3% 67% Somewhat agree

15% Somewhat disagree

Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

vote getters: Firescope, business service management; Mi5 Networks, Web filtering appliance; Xkoto, database load-balancing software; Vyatta, open source router; Pentaho, open source business intelligence; SugarCRM, open source CRM; Attivio, enterprise search; Splunk, IT search engine; Azaleos, Exchange appliance; and Marketcetera, open source software for stock trading.

The first six companies on that list were invited to introduce their companies to an audience of CIOs at the annual InformationWeek 500 conference. Top executives from each company gave three-minute elevator pitches, followed by four minutes of grilling by a panel of three CIO judges. The judges then graded each company for its enterprise value and feasibility on a scale of 1 to 5.

Xkoto, which makes database load-balancing software, emerged the winner. The company’s software begins at $25,000, and its customers include Genworth Financial, a Fortune 500 company, and The Children’s Place, which operates more than 900 retail outlets. The evidence is clear: Companies will open their data centers to startups with compelling new technologies. The hurdle is high, but not insurmountable.

Figure 10 Product Testing, References Critical Steps In Due Diligence How does your IT department conduct due diligence on technology startups?

88% Review/test products 72% Contact customer references 57% Investigate their funding and financial health 56% Meet startup management or technical experts 30% Inquire about exit strategy 27% Check management team background 5 % Other

Note: Multiple responses allowed Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

HOW GETTY DID IT Let’s look at how the process worked when Getty Images went looking for a faster way to distribute photos, video, and other content from its digital archive to customers around the world. Through its Media Management Services, some 200 customers access files that are often giga- bytes in size. A 1-GB file, delivered from Getty Images’ London data center to a customer in Tokyo, would take up to 75 minutes to download. “We’re seeing increased demand for large file size management,” says Katey Schuyler, senior manager of Media Management Services. “We were looking for a way to improve the customer experience.”

Getty Images evaluated network acceleration products from vendors including Akamai, Aspera, and Radient Software, and in the process came across FastSoft, a startup founded in 2006 by Steven Low, a professor of computer science and electrical engineering with Caltech, and Cheng Jin, co-inventor of the FastTCP protocol. Low and Jin had impressive credentials in research and academia, but neither had started or run a company before. FastSoft’s short track record “did increase the onus on us to make sure we were comfortable with their product,” says Schuyler.

Getty Images’ business and technology managers liked what they heard about FastSoft—espe-

Figure 11 Expectations High For Innovative Products Where expectations are highest for technology startups

81% Product/service innovation 73% Customer responsiveness 67% Lower costs 54% Quality and reliability 48% Secure products 41% Long-term viability 40% Scalability 35% Enterprise readiness

Note: Percentages based on a rating of 4 or 5 using a five-point scale where 1 is “low” and 5 is “high” Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

cially that no client or server software was required on the customer’s end of the file transfer— but they couldn’t risk a mission-critical application on an unproven platform, so they installed a FastSoft appliance in the company’s London data center for testing across continents. “That validated the performance,” Schuyler says. The IT team involved included specialists in architecture, security, and networking.

FastSoft’s system accelerates file transfers by up to five times. That London-to-Tokyo video download that once took 75 minutes now takes 13 minutes. On top of that, the total cost of ownership was lower than alternatives, and implementation was straightforward, according to Schuyler. Getty Images is now planning to install a second FastSoft appliance in its Seattle data center, where it will be used to support distribution of Getty content to even more customers.

Schuyler acknowledges that Getty Images is taking a “calculated risk” in going with new technology from an upstart vendor, but says growing demand for digital content delivery over the Internet forces it to look for ways to innovate.

VENTURE A GUESS Some startups accept venture capital funding, some don’t, and both are viable approaches. From a potential customer’s point of view, the thing to know is that VC firms put startups through their own rigorous screening process before writing a check. In general, startups with VC backing have had to come up with a convincing business plan, and they’re under pressure to deliver.

Consider the winnowing process at Sierra Ventures, a Silicon Valley VC firm. Sierra tracks 5,000 companies a year, meets with 300 of them, and invests in only about 20. Before those companies receive funding, they are grilled for months on their business plans, team leadership, product roadmaps, customers, and partnerships. “It’s not unusual that we will have talked to a half dozen or more customers—good, bad, and ugly,” says Sierra Ventures VP Gamiel Gran.

Sierra Ventures also has its own advisory board of influential CIOs who help inform its deci- sions. Among the questions those CIOs get asked is whether there’s a real market demand for a startup’s product or service. “A lot of times we get a resounding ‘no,’” says Gran. Some of the companies in Sierra’s portfolio include Greenplum (data warehousing), Meru Networks (wireless networking), SourceFire (security threat management), and Steelbox Networks (video appliance).

Of course, the dot-com bust of 2000/2001 showed that VCs can seriously miscalculate the

Analytics Alerts

prospects for not just one startup, but bunches of them. VCs will tell you they have learned from those mistakes. We’re about to find out if that’s true.

There’s a widespread feeling in Silicon Valley and elsewhere in the business world that startups are going to be tested once again. A slow economy means that IT departments will have less money to spend on startups, while an anticipated slowdown in VC investment means funding will be harder to come by, too. Startups could get hit from both sides.

Figure 12 Startups Strong In Innovation, While Established Firms Offer Reliability

What is your level of expectation in the following categories for established and new technology companies?

Startups Established Tech Companies

4.16 3.59 Product/service innovation 3.94 3.76 Customer responsiveness 3.88 3.09 Lower costs 3.58 4.24 Quality and reliability 3.44 4.05 Secure products 3.31 3.97 Scalability 3.27 4.20 Long-term viability 3.14 4.13 Enterprise readiness

Note: Mean average ratings based on a five-point scale where 1 is “low” and 5 is “high” Data: InformationWeek Analytics Vetting Startups Survey of 335 business technology professionals

Analytics Alerts

There’s another way to read the tea leaves, however, and it’s not necessarily a bad thing for IT departments. Any slowdown in technology spending or VC funding could have a Darwinian effect, in which only the strongest survive. The trick will be to choose the survivors and not the tech industry equivalent of the broad-faced potoroo, a marsupial last seen in the 19th century.

There are certainly areas of innovation where startup companies seem well suited to compete, even as businesses around them cut costs. Software as a service and other cloud computing startups offer alternatives to capital-intensive IT projects, while virtualization startups are all about wringing new efficiencies from existing infrastructure.

Indeed, now could be an ideal time to identify a startup that lets your company do more with less, or do it better and faster, as Getty Images is doing with FastSoft. Don’t be reluctant; just be prepared.

9 QUESTIONS IT MUST ASK PROSPECTIVE STARTUP PARTNERS Our poll shows IT departments are exercising due diligence in evaluating technology startups. Here are some key questions to ask:

1. What’s your background? This applies to founders and key executives, as well as the company itself, since some are recast after initial failure. Look for people with deep technical expertise and past startup successes.

2. When was your company formed? Anything less than two years is cause for caution; beyond that, there should be signs of maturity in terms of management team, funding, and product development.

3. How are you funded? There’s no wrong answer to this question, but it helps to know if a company is bootstrapped or if it has received outside funding and, if so, how much. A company with $500,000 in angel funding isn’t as far along as one that has secured $20 million through two venture capital rounds.

4. Can I talk to an early customer? Fellow IT pros will almost always tell you things, good and bad, about a startup’s technology and customer support that you won’t hear from the company itself.

5. Who are your competitors? Some startups don’t like to answer this question, but the smart ones will be open and honest. Companies that acknowledge the alternatives can tell you why

Analytics Alerts

their approach is best.

6. What’s your roadmap? One of the benefits of working with a startup is that you should get ready access to the company’s top technical staff. As an early adopter, you’re in a position to influence what comes next.

7. How do you make money? It’s great that new business models let some startups share their products for little or nothing, but it’s worth knowing just how the company plans to grow into a viable long-term player. If you don’t get a clear answer, it’s a sign that the business model isn’t fully baked.

8. Do you expect to be acquired? Any startup with a business plan has an exit strategy. It helps to know what that is, so you’re not surprised if a large vendor comes swooping in for an acquisition.

9. Can we meet? You can learn a lot about a company in a face-to-face visit. Even early-stage companies should exude business savvy and give you a sense that they understand what your IT department is up against.