Cloudy with a Chance of Downtime
By: Robby
Breaches, downtime, and more in our Q1 2022 Software Infra Review
At the end of every quarter at Cowboy, we do an internal review of the most important things that happened in the areas we focus on, and their implications for our founders and future investments. One of those areas is software infrastructure.
Software infrastructure has been a focus for Cowboy since 2013 when we co-led the seed in cloud observability platform Lightstep (now part of ServiceNow). Since then, we’ve made many new investments, built our network, and analyzed trends in the category.
For software infrastructure, Q1 saw security breaches, downtime, public company share prices cut almost in half, and momentum in new tooling categories such as WebAssembly. Instead of focusing on everything that happened in the quarter, here are 5 of the most impactful events and why they matter to the work we do at Cowboy. Let’s dive in 👇
If you prefer to view our Q1’22 summary in slides, see the deck here.
1/ Okta Security Breach
In March, a customer support engineer working for Okta third-party contractor Sykes had their computer hacked. This granted hacker group Lapsus$ access to Okta’s internal network impacting 366 companies, or 3% of Okta’s customers.
Okta customers were notified of the breach 2 months after access was obtained. They found out about the breach when Lapsus$ posted screenshots of Okta’s admin view publicly.
Why it matters
In order to adopt SaaS tools, companies typically need to provide access to their data and systems. When large-scale public breaches happen, companies raise the bar for the vendors they’ll work with.
What that means is companies will care a lot about the security measures taken by their software vendors. This makes the adoption of compliance software such as Drata* even more important for SaaS companies trying to sell.
2/ Major Funding for Authorization Tools
On a related topic — in Q1 2022, authorization tools got a lot of investor interest. In January, password management company 1Password raised $620M at a $6.8B valuation on the back of over $150M ARR.
Other raises for the quarter included the $100M round for multi-factor authentication company Beyond Identity, the $100M round for identity verification provider Veriff, and the first round of funding for permissions-as-a-service company Permit.io.
We’ve also seen other tools emerge with interesting approaches to authorization, including AuthZed and Oso.
Why it matters
Authorization has become the new security perimeter, and authorization tools are now the first line of defense protecting company systems and data. Employees will continue to work from many locations, and companies will continue to adopt new SaaS tools that require access to their systems and data. In order to protect themselves in today’s world, companies need solutions that give the right individuals the right amount of access.
At Cowboy, we believe authorization will continue to grow as its own category of tooling. We’re interested in approaches that have a fast time to value, with new and effective ways of answering the question, “should this person have access to this?”
Security funding overall saw a record-breaking year in 2021, and 2022 is setting up to be the same. In addition to the authorization space, Q1 saw many significant security venture rounds and acquisitions:
- Google announced its $5.4B acquisition of threat intel company Mandiant
- Security analytics platform Securonix announced a $1B round
- Detection and response company eSentire announced a $325M round
- Integrated defense platform BlueVoyant announced a $250M round
- API security company Salt Security announced a $140M round
- Enterprise secure browser company Island announced a $115M round
- SMB cyber insurance company Cowbell Cyber announced a $100M round
3/ GitHub Service Disruptions
In March, code-sharing service GitHub experienced several service disruptions. There were 4 incidents from March 16–23 that lasted between 2–6 hours each. The cause was GitHub’s database. It was over capacity and had poorly structured queries which created the downtime across services (GitHub Actions, GitHub Codespaces, etc.). The impact was felt across GitHub’s 73M users who suddenly lost the ability to do much of anything on the platform.
Over the past few years, GitHub has taken actions to help its database scale, including partitioning its main database and adding clusters. However, it wasn’t enough to prevent the painful March 2022 downtime.
Why it matters
Cloud data is growing substantially. Snowflake, as a proxy, is still growing 100%+ year over year even at a $1B+ revenue scale. At the same time, users want to do more with their data — access it in real-time, move it across many systems, etc. As these two truths put pressure on each other, it will give rise to new data infrastructure solutions that address user needs at scale. We’re in the early innings of the development of the Modern Data Stack — whose promise is speed and advanced functionality at scale — and expect much more innovation in this category that we’re excited to invest in.
4/ WebAssembly Momentum: Tools & Use Cases
It was hard to ignore the buzz and activity around WebAssembly (or “WASM”) in Q1.
In its simplest description, WASM is a type of code with new features and major gains in performance. WASM’s best-known use case today enables the movement of compute-heavy desktop applications to the browser while delivering near-native speed (though WebAssembly can deploy code anywhere).
One of WASM’s early moments in the spotlight has been its use by Figma. The design platform uses WASM architecture to wow us with large and complex design files that render in the browser.
In Q1, a number of new infrastructure tools enabling WASM adoption received early-stage funding, emerged from stealth, or had major releases. These include Fermyon, Zaplib, Uno, and Suborbital.
We’re also seeing large companies adopt WASM architecture for core functionality or new solutions. A quick map of emerging WASM end-user applications:
Why it matters
Our team sees huge potential for WebAssembly to change what’s possible in the browser, and beyond. There’s a need to build new infrastructure tooling to support a generation of powerful WASM-based applications. This will span app frameworks, libraries, and tools.
Because WASM is an emerging framework, developers will need to be shown what’s possible. In order to be successful, founders of WASM infrastructure companies will need to be category evangelists.
5/ Underperformance of Q4’21 IPOs: HashiCorp + GitLab
Two open-source infrastructure companies, HashiCorp and GitLab, rang the bell on the NASDAQ in Q4’21. They were met with public market approval jumping 7% and 35%, respectively, on the first day of trading.
However, at the end of Q1’22, both were down ~40% vs. their IPO price.
Gitlab and HashiCorp were far from alone in their descents. The BVP cloud index was also down over 20% from the beginning of the year to the end of Q1’22.
Why it matters
When the market drops, companies need to perform at a higher level in order to keep their valuations up. For unprofitable public tech companies, that typically means more revenue.
The public market leads the private market. If public valuations and multiples stay where they are, private investors will look for stronger execution and revenue growth for high valuations. For example, if a company’s last round was raised at 100x revenue, they may expect the next round to get done at 20–30x, closer to current public company revenue multiples.
This doesn’t just impact software infrastructure companies, but one unique trend we’ve seen in this sector is around open source companies. Over the past couple of years, open-source companies have been able to raise a lot of capital ahead of figuring out their plan to generate revenue. Given current market conditions, investors may put pressure on these companies to figure out their revenue model earlier, and/or show steeper monetization growth.
We hope you enjoyed our Q1 software infrastructure review — and stay tuned for our Q2 review in a few months! If you have any thoughts or feedback please reach out to Robby on Team Cowboy 🤠 (amanda@cowboy.vc).
*Cowboy Ventures portfolio company
