WINTER 2016 www.bdo.com

THE NEWSLETTER OF THE BDO TECHNOLOGY & LIFE SCIENCES PRACTICE

DID YOU KNOW...

Gartner estimates worldwide IT spending will increase by just .6 percent to $3.54 trillion in 2016, following a year with the largest U.S. dollar drop in IT spending since the research firm began tracking this statistic.

The software market, however, is a bright spot, expected to grow by 5.3 percent in 2016.

By 2019, the cloud software market will grow to surpass THE INTERNET OF THINGS: $112.8 billion, and the cloud software model will account ALL ABOUT SOFTWARE for $1 of every $4.59 spent on software, according to IDC.

By Hank Galligan According to Cisco’s fourth annual Global Cloud Index, the “Smart devices” that capture Major technology players are pushing cloud will account for 83 percent and deliver data to end users software platforms for IoT. In October, of total data center traffic by 2019. are everywhere, sparking the Amazon Web Services launched a new platform for building IoT-intended so‑called “Internet of Things” applications at its annual cloud expo, as its According to Synergy Research (IoT) phenomenon. CTO commented that “everything that used Group, the U.S. accounts for to be hardware is now software.” Earlier in 44 percent of major cloud But while McKinsey & Company puts IoT’s the year, IBM said it would invest $3 billion and Internet data center sites, potential economic impact at $3.9 trillion over the next four years in a new business followed by China at 10 percent. to $11.1 trillion by 2025, organizations must unit—a collection of online software called develop the right systems and processes to IoT Foundation—that will enable customers The global Internet of Things maximize IoT’s real value. The accelerated to gather and analyze the influx of data from market is expected to grow at a collection of “machine data,” as connected IoT technology. Twitter, meanwhile, has been compound annual growth rate devices become increasingly interconnected, piloting IoT for years by enabling sensors to of 31.72 percent, according to is adding to the Big Data deluge. At the record and share data via tweets through its TechNavio. same time, wearable technology, smart open API. With the launch of Twitter’s Fabric home automation devices, machine-to- modular mobile development platform, machine communications and related IoT developers can now create applications for applications promise to unlock new business inanimate objects or things that integrate opportunities. Software plays a key role in with Twitter, or relay information between bringing it all together. existing IoT apps. 2 BDO TECH

CONTINUED FROM PAGE 1 THE INTERNET OF THINGS

EVERYBODY’S TALKING Software will have a critical role in supporting What is being done with all of the data ABOUT IoT the data analysis needed to turn the being collected by connected devices and massive amounts of IoT-generated data analyzed via software programs? How is it IoT is fueling innovation, with IoT-related into something meaningful that can lead to stored, shared, protected and deleted? Each products stealing the spotlight at the greater efficiencies, improved productivity of these categories is deserving of serious International Consumer Electronics Show and other key benefits. When thinking about consideration. However, up to this point, (CES) in Las Vegas in early January. The the industrial IOT landscape, per a recent data privacy and regulatory compliance have markets for smart home automation devices Wired article, software could boost the largely been afterthoughts. The Economist and wearable devices are expected to surge reliability of major infrastructure through argues that these “missing puzzle pieces” are over the next few years, as new mobile asset performance diagnostics. Consider, blunting the transformative potential of IoT, apps and technologies enable consumers to for example, a piece of manufacturing particularly as it relates to consumer-facing control more through their mobile devices. equipment that can report on its own innovations. The CES show featured an abundance of new operability and health. smart home gadgets, like smart refrigerators, Some of the big corporations are taking that are linked to Apple’s HomeKit, Google’s As companies embrace more connected action—for example, Samsung and Panasonic Brillo and Nest platforms and Amazon’s devices, the urgency grows for better ways are both investing in IoT security efforts, Echo and Alexa voice-recognition platform. to manage and analyze data streams coming and AT&T has pledged to do the same, but Connected cars offer another huge area from many different directions. Data analysis movement across the industry is slow-going. of promise for IoT, with Ford recently software is improving to help enterprises announcing a partnership with Amazon and make sense of the data influx. However, to be In the meantime, regulators are just starting IoT platform Wink to give drivers the ability a true value add, software developers must to poke their heads around. Congress to use voice commands to open a garage have a keen understanding of where data can held several hearings over the last year door or turn on lights in their house. provide actionable insights and intelligence focused on IoT and will continue to monitor to advance the business. developments to ensure there is a proper There is no shortage of innovation on the balance between innovation and consumer enterprise side of IoT either; in fact, there protection. The Federal Trade Commission is some argument that the bigger IoT IoT SOFTWARE CONCERNS (FTC) is taking more active measures, opportunity is in business, manufacturing and Despite all that IoT promises, lack of recently appointing a leading privacy and healthcare. General Electric projects that the interoperability and integration complexities security expert as its new chief technologist, market for connected industrial machinery, pose significant challenges to making this specifically citing growing concerns around which it calls the industrial Internet, will add new collected data useful, due in large part to IoT. The FTC also issued consumer protection $10 to $15 trillion to the global GDP within incompatible or outdated operating systems. recommendations for Internet-connected the next 20 years. Huge bandwidth, cheap Further complicating matters is the lack of devices last year, requiring customer consent processing and cloud technologies seem to a common set of standards. As a result, an for how companies use their data. Further offer endless possibilities for how we interact enormous amount of data being generated developments are certain to follow this year. with machines and how they interact with isn’t analyzed at all and is thus largely each other. But the key to unlocking real useless. McKinsey reports that its $11.1 trillion value lies in what is done with the data that estimate for IoT’s potential economic impact PUTTING IoT ALL TOGETHER is generated and how it’s used to make factors in interoperability at an average of 40 Software developers hold the key to the improvements—that’s where software comes percent, or more in some cases. Information so-called “missing puzzle pieces” of IoT. into play. from sensors in smart devices typically Ultimately, the challenges of data analysis, helps to detect and control anomalies, but interoperability, integration and security THE SOFTWARE OPPORTUNITY McKinsey found that the data often isn’t are potential billion-dollar software being put toward higher value activities like opportunities. Global spending on IoT devices and services optimization or prediction. will grow to $1.7 trillion by 2020, from $656 billion in 2014, according to research firm Hank Galligan is the Software practice In addition, there are an abundance of IDC. It projects nearly one-third of that leader for BDO’s Technology & Life privacy and security concerns that companies Sciences Practice. growth will be tied to devices, which will must address as they gather more data and boost demand of IoT platforms, application embrace new technology platforms. Part software and cloud-based “as a service” of the IoT software conversation needs to solutions. Research and Markets reported be focused on improving data governance that revenue from IoT-related software policies and processes, especially in light totaled $197 billion in 2015, through of the frequency of data breaches and the platforms, APIs, applications, controlling increasing sophistication of cyber attacks. systems, security solutions, management and operations. BDO TECH 3

FIVE STEPS TO A SMARTER SaaS SECURITY

By Shahryar Shaghaghi

Cybersecurity and software-as-a- service (SaaS) companies have a complicated relationship.

On one hand, increasing need for cybersecurity is fueling growth for SaaS companies and security solutions. On the other, SaaS companies are targets of would- be hackers, looking to steal sensitive data or use the cloud as a platform to hide behind.

When it comes to opportunity for SaaS companies, Research and Markets forecasts that the SaaS security market will grow sound cyber strategy requires sophisticated policies and procedures in place must be by almost 18 percent from 2013 to 2018. risk management and compliance evaluated. Next, core business functions Security SaaS startups have also been a technologies, an incident response team including software delivery, billing and hot investment. In July, Microsoft acquired and cyber insurance to cover any potential customer service should be mapped. Adallom, a SaaS cloud cybersecurity startup business interruption. Once the process flows are analyzed for $320 million. Silicon Angle reports that and categorized in connection with Adallom had previously been responsible for However, the recent BDO Board Survey established policies, proper controls can exposing a breach in Microsoft Office 365. revealed that companies are still playing be implemented to mitigate risks and catch up. Less than half of public company But then consider Dropbox, the most popular minimize their potential impact. boards (45 percent) have a cyber-breach cloud storage provider—and also among the response plan in place. And just one-third of u Don’t Overlook Third Parties: Risks most targeted: In 2014, hackers held 7 million directors (34 percent) report that they have are not confined within the walls of Dropbox passwords ransom and, in early documented and developed solutions to organization. In fact, more than 60 December, it was uncovered that hackers protect their business’s critical digital assets. percent of breaches come through third- were using the service to target Hong Kong party relationships. While SaaS companies journalists, according to SC Magazine. Still, our survey found that companies are often serve as a third-party relationship making progress in addressing this critical to other businesses, they have their own In the early days of cloud adoption, fear over issue. More than two-thirds of board external relationships to consider as well. security was rampant. While those fears have members (69 percent) said that their board is Whether it’s outsourced HR services largely been alleviated, and the benefits of more involved with cybersecurity than it was or other external service providers and scalability have triumphed, data storage off- 12 months ago. And while a majority may partners—particularly those that have premises inevitably adds an additional layer not have comprehensive systems and plans access to critical or sensitive data—SaaS of security complexity. in place, most are taking action to get there. companies must consider the risk third- parties pose to data integrity and evaluate In a time where growth and threats come Seventy percent say they have increased their vendors’ own security policies hand in hand, what do SaaS executives and investments over the past year to defend and controls. boards of directors need to know to help against cyber attacks, with an average budget mitigate their company from risk? increase of 22 percent. u Define a Security Strategy: SaaS companies need a formal security SETTING A SaaS SECURITY PLAN strategy and implementation plan to CYBERSECURITY IS A mitigate internal and external threats. MANAGEMENT AND As SaaS company leaders and boards seek to This includes the development of a BOARD ISSUE deploy those investments strategically, they complete enterprise security architecture should consider the following key steps to which includes detection, protection, The rise of security breaches across the minimizing the risk and impact of a breach: technology industry has made clear that response and recovery aspects of the investment in appropriate technologies u Perform a Risk Assessment: A risk cybersecurity program. Incident-response cannot be relegated to the back office assessment should be performed, plans must be fully developed and or implemented on a reactive basis in a beginning with identifying which of the tested and updated on a regular basis so time of crisis. Cybersecurity and IT risk critical assets—company IP, customer that an organization can efficiently and management should be treated as a key data, employee information—must be effectively recover and communicate up business priority of the C-suite and boards. A protected. Then, the adequacy of the and down all appropriate channels after 4 BDO TECH

CONTINUED FROM PAGE 3 SaaS SECURITY PLAN SPOTLIGHT ON VALUATION: a breach occurs. Applying a multilayered Monte Carlo Simulation for Software approach to security infrastructure, using multifactor authentication and authorization security controls, helps By Anthony Alfonso to guard against unauthorized access to security data. When it comes to valuation, was established, the varying assumptions u Plan for an Empowered Customer: software startups tend to think were introduced. As boards, executives and consumers they are what the market says become increasingly sophisticated about To help visualize the future uncertainty, security issues, SaaS providers can expect they are, but a dynamic valuation imagine a classic hurricane path prediction to receive more questions from their model may reveal otherwise. model that pinpoints where the eye of customers during the buying process: the hurricane is currently located. As the How will you store our data? Are your Our Valuation & Business Analytics meteorologist starts to introduce predictions data centers in a secure location? Are you (VBA) practice was recently approached of where the eye of the hurricane will monitoring for traffic hijacking? Do you by a software developer to help create be during certain hours and days in the encrypt your backups? By considering a business case and potential range of future, the predictive path widens as time these customer concerns as a part of their values for a startup stock option trading progresses, resembling a widening cone security strategy, SaaS companies will be software program. This was a typical case that expands to reflect the estimate of better positioned to allay concerns and of a developer with a working program, uncertainty. earn trust. but without the additional startup funding needed to bring the program to market. u Avoid Complacency: The new world of cyberattacks means that even as To develop the business case, the VBA SaaS companies catch up with current practice spent a significant amount of 1 AM Fri risks, they must also prepare for future time interviewing the client and building environments. New product and service an understanding of the potential market development should consider and share, adoption rate, distribution networks, incorporate security components during subscriber base and cost structure of the R&D phase. In addition, employees the product. 1 AM Thu must be aware of security risks in order for risk management to be effective. After speaking with the software developer, Employees should be made aware of risks it became evident that a dynamic valuation specific to a particular job function as well model was necessary to capture as many as the company overall. of the permutations and correlations of the assumptions as possible. It was clear that Across all industries, there is still much to 1 AM Wed a Monte Carlo simulation would be the be done to ensure formal strategies are in best approach. A Monte Carlo simulation place to combat cyber attacks. But, there is a computerized mathematical technique will likely continue to be a spotlight on 4 AM Mon that runs multiple, randomized iterations, SaaS companies, in particular—both as or simulations, of possible outcomes using 1AM Tue secure service providers and as protectors of real-world variables to probabilistically test sensitive customer information in the cloud. 4 AM Mon concepts. The results are better predictions SaaS boards and leaders should ensure they with a greater degree of accuracy. remain proactive about risk assessment, as advanced preparation can make a world of The goal of using a Monte Carlo simulation is to reduce the size of the cone, or uncertainty. difference for companies if a data breach BDO’S TAILORED APPROACH: occurs. Detailed plans can minimize reaction When applying Monte Carlo in this instance, times and keep issues from escalating The VBA team first identified the startup’s the following sales channel assumptions were into a situation that could be potentially target markets — the United States, Europe evaluated under minimum, maximum and damaging to a company’s reputation and and the Asia Pacific — and then developed most-likely scenarios: competitive edge. a base case forecast. From the base case forecast, a consolidated forecast was u Dropout rate (attrition rate) developed, calculating the internal rate u Third-party advertising conversion rate Shahryar Shaghaghi is National Practice of return and payback period assuming u Web marketing conversion rate Leader for BDO’s Technology Advisory a predetermined fixed funding price of u practice. He can be reached at Educator’s conversion rate [email protected]. $15 million. Once the base case scenario BDO TECH 5

CONTINUED FROM PAGE 4 VALUATION

Once the conversion rates were detailed, PErspective in resulting in a baseline revenue starting point, TECHNOLOGY – SOFTWARE the year-over-year revenue growth rates and EBITDA margins were considered, along with a minimum, maximum and most-likely scenario. Software M&A cloud-based software. Chicago and San A Monte Carlo simulation was then activity—and Francisco-based PE firm Thoma Bravo performed, involving 100,000 random deal-making in has backed more than 25 companies iterations of the forecast, bound by the that use cloud technology, The Middle aforementioned parameters and assumed general—was robust in 2015, Market reports. distribution patterns. with Pitchbook reporting 2,375 software mergers PE-backed technology megadeals globally through the end of helped drive software deal values THE RESULTS: November. upward this year, including Carlyle Upon completion of the Monte Carlo Group’s $8 billion acquisition of simulation, the VBA group could share the Only a fraction of these deals (187) Symantec’s Veritas unit, Permira following insights with the software developer: were backed by private equity, reflective Funds’ $5.3 billion joint purchase of of a downturn in PE deal activity across Informatica and Vista Equity Partners’ u The assumption that produces the the board. High valuations—driven by buyout of Solera Holdings in a deal highest r-square (i.e., the most sensitive low interest rates, the stock market’s valued at $6.5 billion including debt. assumption); long bull run, increased competition Larger PE firms are generally dominating u A range of net present values (NPV); from cash-rich corporates and a such deals, thanks to their ability to u The estimated payback period within two strong private fundraising market— raise the necessary funds, Institutional standard deviations; and coupled with a regulatory crackdown Investor reports. u The internal rate of return within two on leveraged lending, left many PE standard deviations. firms sitting on significant amounts of Software companies have largely been dry powder. able to generate higher multiples than With this predictive information, the they would in the public markets by software developer was able to help quantify PE deal-making may be down, but deal tapping venture capital, corporate and the risk and reward of investing in the sizes are trending upwards. According mutual fund investors, so IPOs stalled software program. to Dealogic, PE deal numbers in general this year. There were 57 software IPOs are at a six-year low (1,527 so far in worldwide through 2015, of which 18 were PE-backed, according to To learn more about how BDO can help 2015 compared with 1,742 in 2014), but your company with valuations, contact values are at an eight-year high ($230.7 Pitchbook data. Anthony Alfonso, national leader of billion up from $223.4 billion in 2014). BDO’s Valuation and Business Analytics Since PE firms are paying top multiples, Will the public markets regain practice at [email protected]. they want to invest in firms with reliable popularity in 2016? Technology news revenue streams in attractive growth site Mashable predicts that many of sectors that are more recession-proof, Silicon Valley’s so-called unicorns Forbes reports. (private companies valued at over $1 billion) may be “taken down a notch” in That has many eyes turned toward the the coming months as their valuations software sector, and cloud technology come under increased scrutiny from the in particular. PE investors are drawn SEC and mutual fund investors. More by the non-cyclical nature of the realistic valuations could activate PE industry, its potential for large returns, deals, but a potential interest rate hike and the ever-increasing popularity of will make leveraged acquisitions more the cloud software delivery model. expensive for all buyers. Gartner projects that global spending PErspective in software is a feature examining the role of on enterprise application software will private equity in the software sector. grow from $149.9 billion in 2015 to $201 billion by 2019, with much of the focus centered on updating or replacing older business applications with 6 BDO TECH

MARK YOUR … CONTACT:

TIM CLACKETT The following is a list of conferences and seminars from the Los Angeles leading technology associations and business bureaus: 310-557-8201 / [email protected]

SLADE FESTER FEBRUARY 2016 March 11-15 Silicon Valley SXSW Interactive Festival 408-352-1951 / [email protected] Feb. 9-11 Austin Convention Center SaaStr 2016 Austin, Texas HANK GALLIGAN Nob Hill Masonic Center Boston San Francisco March 30 - April 6 617-422-7521 / [email protected] 2016 Data Compression Conference PAUL HEISELMANN Feb. 12-18 Cliff Lodge Convention Center Chicago DeveloperWeek Snowbird, Utah 312-233-1876 / [email protected] Pier 27 San Francisco APRIL 2016 AFTAB JAMIL Silicon Valley Feb. 21-25 408-352-1999 / [email protected] IBM Interconnect 2016 April 4-6 Microsoft Envision 2016 MGM Grand & Mandalay Bay RYAN STARKES Las Vegas Ernest N. Morial Convention Center Woodbridge New Orleans 732-734-1011 / [email protected] April 26-28 MARCH 2016 DAVID YASUKOCHI Collision Orange County March 6-7 Ernest N. Morial Convention Center 714-913-2597 / [email protected] Forbes CIO Summit New Orleans The Ritz-Carlton Half Moon Bay, Calif.

March 8-9 The Montgomery Summit Fairmont Miramar Hotel & Bungalows Santa Monica, Calif.

BDO TECHNOLOGY & LIFE SCIENCES PRACTICE BDO is a national professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. Guided by core values including competence, honesty and integrity, professionalism, dedication, responsibility and accountability for 100 years, we have provided quality service and leadership through the active involvement of our most experienced and committed professionals. BDO works with a wide variety of technology clients, ranging from multinational Fortune 500 corporations to more entrepreneurial businesses, on myriad accounting, tax and other financial issues. BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through 63 offices and more than 450 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multi-national clients through a global network of 1,408 offices in 154 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com. Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your firm’s individual needs.

© 2016 BDO USA, LLP. All rights reserved.