Serverless Stack raises $1M for open-source application framework

Open-source framework startup Serverless Stack announced Friday that it raised $1 million in seed funding from a group of investors that includes Greylock Partners, SV Angel and Y Combinator.

The company was founded in 2017 by Jay V and Frank Wang in San Francisco, and they were part of Y Combinator’s 2021 winter batch.

Serverless Stack’s technology enables engineers to more easily build full-stack serverless apps. CEO V said he and Wang were working in this space for years with the aim of exposing it to a broader group of people.

While tooling around in the space, they determined that the ability to build serverless apps was not getting better, so they joined Y Combinator to hone their idea on how to make the process easier.

Here’s how the technology works: The open-source framework allows developers to test and make changes to their applications by directly connecting their local machines to the cloud. The problem with what V called an “old-school process” is that developers would upload their apps to the cloud, wait for it to run and then make any changes. Instead, Serverless Stack connects directly to the cloud for the ability to debug applications locally, he added.

Since its launch six months ago, Serverless Stack has grown to over 2,000 stars on GitHub and was downloaded more than 60,000 times.

Dalton Caldwell, managing director of YC, met V and Wang at the cohort and said he was “super impressed” because the pair were working in the space for a long time.

“These folks are experts — there are probably just half a dozen people who know as much as they do, as there aren’t that many people working on this technology,” Caldwell told TechCrunch. “The proof is in the pudding, and if they can get people to adopt it, like they did on GitHub so far, and keep that community engagement, that is my strongest signal of staying power.”

V has earmarked the new funding to expand the team, including hiring engineers to support new use cases.

Serverless initially gravitated toward specific use cases — APIs are now allowing its community to chime in and it is using that as a guide, V said. It recently announced more of a full-stack use case for building out APIs with a database and also building out the front end frameworks.

Ultimately, V’s roadmap includes building out more tools with a vision of getting Serverless Stack to the point where a developer can come on with an idea and take it all the way to an IPO using his platform.

“That’s why we want the community to drive the roadmap,” V told TechCrunch. “We are focused on what they are building and when they are in production, how they are managing it. Eventually, we will build out a dashboard to make it easier for them to manage all of their applications.”

 

ServiceMax promises accelerating growth as key to $1.4B SPAC deal

ServiceMax, a company that builds software for the field-service industry, announced yesterday that it will go public via a special purpose acquisition company, or SPAC in a deal valued at $1.4 billion. The transaction comes after ServiceMax was sold to GE for $915 million in 2016, before being spun out in late 2018. The company most recently raised $80 million from Salesforce Ventures, a key partner.

ServiceMax competes in the growing field service industry primarily with ServiceNow, and interestingly enough given Salesforce Ventures’ recent investment, Salesforce Service Cloud. Other large enterprise vendors like Microsoft, SAP and Oracle also have similar products. The market looks at helping digitize traditional field service, but also touches on in-house service like IT and HR giving it a broader market in which to play.

GE originally bought the company as part of a growing industrial Internet of Things (IoT) strategy at the time, hoping to have a software service that could work hand-in-glove with the automated machine maintenance it was looking to implement. When that strategy failed to materialize, the company spun out ServiceMax and until now it remained part of Silver Lake Partners thanks to a deal deal that was finalized in 2019.

TechCrunch was curious why that was the case, so we dug into the company’s investor presentation for more hints about its financial performance. Broadly, ServiceMax’s business has a history of modest growth and cash consumption. It promises a big change to that storyline, though. Here’s how.

A look at the data

The company’s pitch to investors is that with new capital it can accelerate its growth rate and begin to generate free cash flow. To get there, the company will pursue organic (in-house) and inorganic (acquisition-based) growth. The company’s blank-check combination will provide what the company described as “$335 million of gross proceeds,” a hefty sum for the company compared to its most recent funding round.

Could Cloud PCs be Microsoft’s gateway to Chromebook-like hardware?

When Microsoft announced this morning that it was releasing a cloud PC service called Windows 365, it got me thinking. While Windows 365 is about packaging a virtual Windows business desktop in a cloud context, if you think about the announcement in a different way, perhaps it could herald the beginning of a lightweight, cloud-based version of Windows — something that has been talked about for some time.

To be clear, the cloud PC announcement wasn’t related to hardware at all. It’s taking a Windows desktop and moving it fully virtualized to the cloud, where you can run it from anywhere, giving you a replica of your Windows desktop PC in the cloud. But what if you stretched that idea a bit by taking Microsoft 365 with Office apps and threw it onto a low-cost PC and used the Edge browser as your primary way of interacting with the computer? Now you have something that could compete directly with a Chromebook-style computer.

That’s exactly what Google has done with Chrome and Chromebooks for over a decade, working with partners to deliver low-cost hardware with most required compute work taking place in the cloud. The Chrome browser is the primary desktop environment; Google Workspace (aka G Suite) is the default set of office suite apps with word processor, spreadsheet and presentation software along with email and calendar and other services. In fact, you can run any software service you wish in Chrome, including Microsoft’s cloud office tools. Regardless, the end-result of this is a low-end business (or personal) laptop that gets most of its power from the cloud.

Most people don’t need a modern notebook computer, and the hardware required to run full-strength operating systems contributes to the high cost of the underlying machine, something Google discovered long ago. If you simplified everything to a browser, an office suite and web access to your favorite tools, you would have just about everything you need without all of the management headaches associated with owning a PC with a traditional OS sitting on it.

Think about the person who just uses email, office tools and watches a little Netflix. This kind of machine would be perfect for them without blowing their budget out of the water or being overly complex.

Last year when the pandemic hit and everyone had to hunker down and work on a PC, including children, people went looking for a low-cost option. They voted for Chromebook in droves, accounting for more than 30 million units sold, including over 11 million in the fourth quarter alone, according to Canalys data.

While growth slowed a bit in the first quarter of this year, Canalys found Chromebook shipments still grew by 275%. Brian Lynch, an analyst at Canalys, wrote in the report that “Chromebooks are well and truly a mainstream computing product now,” adding that “while the education sector still accounts for the majority of shipments, their popularity with consumers and traditional commercial customers has reached new heights over the course of the last year.”

Windows did well too, but given the number of Chromebooks flying off the shelves — led by Lenovo and HP, two companies that also make machines running Microsoft software — a Windows-based cloud PC could give Chromebook a run for its money.

It’s worth noting that, yes, there are low-cost Windows PCs out there — you can get one at Walmart for $149, which competes price-wise with any Chromebook computer out there. But these lower-end Windows machines are still a full-fledged Windows PC and you still have to deal with all the management. From an IT (or personal use) perspective, Chromebooks are much easier to manage than Windows PCs.

Since Satya Nadella came on board as CEO at Microsoft in 2014, the company has shown a strong willingness to shift its focus away from the PC where it made its name (and its money) and move toward the cloud. So far, Redmond has done well moving in that direction, with its market cap recently breaking the $2 trillion threshold.

What’s more, Microsoft’s cloud infrastructure market share sits at around 20%, more than doubling where it was in 2014 when Nadella took over. Even more, the company had around 16% of cloud office suite market share in 2014, a figure that has grown to 40% today. Google’s office suite is the fairest of them all, though, with almost 60%, according to Statista. That is due at least in part to its Chromebook sales pushing users toward its suite.

If Microsoft wants to dent that number, a good way to do that would be to create a cloud-based notebook that looks a lot like Chromebook, but with a Windows bent. It would mean eating into their traditional desktop PC OS dominance, but much like in 2014, it could be about trading a past with diminishing returns for a future with much more promising ones.

Microsoft launches Windows 365

Microsoft today launched Windows 365, a service that gives businesses the option to easily let their employees access a Windows 10 desktop from the cloud (with Windows 11 coming once it’s generally available). Think game streaming, but for your desktop. It’ll be available for business users (and only business users), on August 2, 2021.

Announced through a somewhat inscrutable press release, Windows 365 has been long expected and is really just an evolution of existing remote desktop services.

But hey, you may say, doesn’t Microsoft already offer Azure Virtual Desktop that gives businesses the option to let their employees access a Windows PC in the cloud? Yes, but the difference seems to be that Windows 365 is far easier to use and involves none of the complexity of setting up a full Azure Virtual Desktop environment in the Azure cloud.

But couldn’t Microsoft have made Azure Virtual Desktop easier to use instead of launching yet another virtual desktop service? Yes, but Azure Virtual Desktop is very much an enterprise service and by default, that means it must play nicely with the rest of the complexities of a company’s existing infrastructure. The pandemic pressed it into service in smaller companies because they had few alternatives, but in many ways, today’s launch is Microsoft admitting that it was far too difficult to manage for them. Windows 365, on the other hand, is somewhat of a fresh slate. It’s also available through a basic subscription service.

“Microsoft also continues to innovate in Azure Virtual Desktop for those organizations with deep virtualization experience that want more customization and flexibility options,” the company says. At least we know why the company renamed Windows Virtual Desktop to Azure Virtual desktop now. That would’ve gotten quite confusing.

Image Credits: Microsoft

This also gives Microsoft the opportunity to talk about “a new hybrid personal computing category” its CEO Satya Nadella calls a ‘Cloud PC.’ It’s a bit unclear what exactly that’s supposed to be, but it’s a new category.

“Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location,” Nadella explains in today’s press release.

But isn’t that just a thin client? Maybe? But we’re not talking hardware here. It’s really just a virtualized operating system in the cloud that you can access from anywhere — and that’s a category that’s been around for a long time.

“Hybrid work has fundamentally changed the role of technology in organizations today,” said Jared Spataro, corporate vice president, Microsoft 365. “With workforces more disparate than ever before, organizations need a new way to deliver a great productivity experience with increased versatility, simplicity and security. Cloud PC is an exciting new category of hybrid personal computing that turns any device into a personalized, productive and secure digital workspace. Today’s announcement of Windows 365 is just the beginning of what will be possible as we blur the lines between the device and the cloud.”

 

 

Former Nutanix execs launch new startup with $50M seed round

Today a new software company from two former Nutanix executives called DevRev emerged from stealth with a $50 million seed round from Mayfield Fund, Khosla Ventures and several industry luminaries. The company, which aims to bring the coding and revenue processes closer together, already has 75 employees working on the new software platform, which they hope to have ready to launch later this year.

It’s not every day you see a $50 million seed round, but perhaps the fact that former Nutanix co-founder and CEO Dheeraj Pandey and his former SVP of engineering Manoj Agarwal are involved, could help explain the investor enthusiasm for the new project.

Pandey says that he has seen a gap between developers and the revenue the applications they create are supposed to generate. The idea behind the new company is to break down the silos that exist between the front of the office and the back of the office and give developers a deeper understanding of the customers using their products, or at least that’s the theory.

“Dev and Rev are Yin and Yang to each other. In today’s world they are really far apart with tons of bureaucracy between these two parties. Our goal to bring dev and rev to get rid of the bureaucracy,” Pandey told me

The company intends to build an API to help developers pull this information from existing systems for companies already working with a CRM tool like Salesforce, while helping gather that customer information for younger companies who might lack a tool. Regardless, the idea is to bring that info where the developer can see it to help build better products.

The way it works in most companies is customer service or sales hears complaints or suggestions about the product, and tickets get generated, but putting these issues in front of the people building the software isn’t always easy or direct. DevRev hopes to change that.

Navin Chaddha, managing director at Mayfield, whose firm is investing in DevRev, sees a need to bring these different parts of the company together in a more direct way. “The code that developers work on today is used by support as well as marketing and sales. By bringing the world of issues and tickets closer to the world of revenue and growth, DevRev’s unified platform bridges the gap between developer and customer and elevates the developer to a business leader,” Chaddha said.

With 75 employees working on the problem, DevRev is already a substantial startup. As experienced founders Pandey and Agarwal certainly understand the importance of building a diverse and inclusive company. Pandey sees the top of the employment funnel really being focused on engineering, design and business schools and the company is working to bring in a diverse group of young employees.

“[We are looking at ways] to search for talent and to promote talent, to make them into leaders. I think we have an empty canvas by the way, and we have this idea of COVID, and being able to do remote work has really grown the top of the funnel, the mouth of the funnel now can be anything and everything. […] [Colleges and universities] are I would say the real source of all diversity at the end of the day. We have seen how engineering schools, design schools and business schools are actually getting so diverse,” he said.

The company is working to build the product now and reaching out to developer communities on Discord, GitHub and other places that developers gather online to get their input, while testing and improving the product in-house and with design partners.

Nutanix, the founders’ previous company, launched in 2009 and raised over a $1 billion before going public in 2016. Pandey and Agarwal left Nutanix at the end of last year to launch the new company.

Cloud security platform Netskope boosts valuation to $7.5B following $300M raise

Netskope, focused on Secure Access Service Edge architecture, announced Friday a $300 million investment round on a post-money valuation of $7.5 billion.

The oversubscribed insider investment was led by ICONIQ Growth, which was joined by other existing investors, including Lightspeed Venture Partners, Accel, Sequoia Capital Global Equities, Base Partners, Sapphire Ventures and Geodesic Capital.

Netskope co-founder and CEO Sanjay Beri told TechCrunch that since its founding in 2012, the company’s mission has been to guide companies through their digital transformation by finding what is most valuable to them — sensitive data — and protecting it.

“What we had before in the market didn’t work for that world,” he said. “The theory is that digital transformation is inevitable, so our vision is to transform that market so people could do that, and that is what we are building nearly a decade later.”

With this new round, Netskope continues to rack up large rounds: it raised $340 million last February, which gave it a valuation of nearly $3 billion. Prior to that, it was a $168.7 million round at the end of 2018.

Similar to other rounds, the company was not actively seeking new capital, but that it was “an inside round with people who know everything about us,” Beri said.

“The reality is we could have raised $1 billion, but we don’t need more capital,” he added. “However, having a continued strong balance sheet isn’t a bad thing. We are fortunate to be in that situation, and our destination is to be the most impactful cybersecurity company in the world.

Beri said the company just completed a “three-year journey building the largest cloud network that is 15 milliseconds from anyone in the world,” and intends to invest the new funds into continued R&D, expanding its platform and Netskope’s go-to-market strategy to meet demand for a market it estimated would be valued at $30 billion by 2024, he said.

Even pre-pandemic the company had strong hypergrowth over the past year, surpassing the market average annual growth of 50%, he added.

Today’s investment brings the total raised by Santa Clara-based Netskope to just over $1 billion, according to Crunchbase data.

With the company racking up that kind of capital, the next natural step would be to become a public company. Beri admits that Netskope could be public now, though it doesn’t have to do it for the traditional reasons of raising capital or marketing.

“Going public is one day on our path, but you probably won’t see us raise another private round,” Beri said.

 

Rootly nabs $3.2M seed to build SRE incident management solution inside Slack

As companies look for ways to respond to incidents in their complex microservices-driven software stacks, SREs — site reliability engineers — are left to deal with the issues involved in making everything work and keeping the application up and running. Rootly, a new early-stage startup wants to help by building an incident-response solution inside of Slack.

Today the company emerged from stealth with a $3.2 million seed investment. XYZ Venture Capital led the round with participation from 8VC, Y Combinator and several individual tech executives.

Rootly co-founder and CEO Quentin Rousseau says that he cut his SRE teeth working at Instacart. When he joined in 2015, the company was processing hundreds of orders a day, and when he left in 2018 it was processing thousands. It was his job to make sure the app was up and running for shoppers, consumers and stores even as it scaled.

He said that while he was at Instacart, he learned to see patterns in the way people responded to an issue and he had begun working on a side project after he left looking to bring the incident response process under control inside of Slack. He connected with co-founder JJ Tang, who had started at Instacart after Rousseau left in 2018, and the two of them decided to start Rootly to help solve these unique problems that SREs face around incident response.

“Basically we want people to manage and resolve incidents directly in Slack. We don’t want to add another layer of complexity on top of that. We feel like there are already so many tools out there and when things are chaotic and things are on fire, you really want to focus quickly on the resolution part of it. So we’re really trying to be focused on the Slack experience,” Rousseau explained.

The Rootly solution helps SREs connect quickly to their various tools inside Slack, whether that’s Jira or Zendesk or DataDog or PagerDuty, and it compiles an incident report in the background based on the conversation that’s happening inside of Slack around resolving the incident. That will help when the team meets for an incident post-mortem after the issue is resolved.

The company is small at the moment with fewer than 10 employees, but it plans to hire some engineers and sales people over the next year as they put this capital to work.

Tang says that they have built diversity as a core component of the company culture, and it helps that they are working with investor Ross Fubini, managing partner at lead investor XYZ Venture Capital. “That’s also one of the reasons why we picked Ross as our lead investor. [His firm] has probably one of the deepest focuses around [diversity], not only as a fund, but also how they influence their portfolio companies,” he said.

Fubini says there are two main focuses in building diverse companies including building a system to look for diverse pools of talent, and then building an environment to help people from underrepresented groups feel welcome once they are hired.
“One of our early conversations we had with Rootly was how do we both bring a diverse group in and benefit from a diverse set of people, and what’s going to both attract them, and when they come in make them feel like this is a place that they belong,” Fubini explained.

The company is fully remote right now with Rousseau in San Francisco and Tang in Toronto, and the plan is to remain remote whenever offices can fully reopen. It’s worth noting that Rousseau and Tang are members of the current Y Combinator batch.

 

Dropbox is reimagining the workplace with Dropbox Studios

The pandemic has been a time for a lot of reflection on both a personal and business level. Tech companies in particular are assessing whether they will ever again return to a full time, in-office approach. Some are considering a hybrid approach and some may not go back to a building at all. Amidst all this, Dropbox has decided to reimagine the office with a new concept they are introducing this week called Dropbox Studios.

Dropbox CEO and co-founder Drew Houston sees the pandemic as a forcing event, one that pushes companies to rethink work through a distributed lens. He doesn’t think that many businesses will simply go back to the old way of working. As a result, he wanted his company to rethink the office design with one that did away with cube farms with workers spread across a landscape of cubicles. Instead, he wants to create a new approach that takes into account that people don’t necessarily need a permanent space in the building.

“We’re soft launching or opening our Dropbox Studios [this] week in the U.S., including the one in San Francisco. And we took the opportunity as part of our focus to reimagine the office into a collaborative space that we call a studio,” Houston told me.

Houston says that the company really wanted to think about how to incorporate the best of working at home with the best of working at the office collaborating with colleagues. “We focused on having really great curated in-person experiences, some of which we coordinate at the company level and then some of which you can go into our studios, which have been refitted to support more collaboration,” he said.

Dropbox Studio coffee shop

Dropbox Studio coffee shop Image Credit: Dropbox

To that end, they have created a lot of soft spaces with a coffee shop to create a casual feel, conference rooms for teams to have what Houston called “on-site off-sites” and classrooms for organized group learning. The idea is to create purpose-built spaces for what would work best in an office environment and what people have been missing from in-person interactions since they were forced to work at home by the pandemic, while letting people accomplish more individual work at home.

The company is planning on dedicated studios in major cities like San Francisco, Seattle, Tokyo and Tel Aviv with smaller on demand spaces operated by partners like WeWork in other locations.

Dropbox Studio Classroom

Dropbox Studio classroom space Image Credits: Dropbox

As Houston said when he appeared at TechCrunch Disrupt last year, his company sees this as an opportunity to be on the forefront of distributed work and act as an example and a guide to help other companies as they undertake similar journeys.

“When you think more broadly about the effects of the shift to distributed work, it will be felt well beyond when we go back to the office. So we’ve gone through a one-way door. This is maybe one of the biggest changes to knowledge work since that term was invented in 1959,” Houston said last year.

He recognizes that they have to evaluate how this is going to work and iterate on the design as needed, just as the company iterates on its products and they will be evaluating the new spaces and the impact on collaborative work and making adjustments when needed. To help others, Dropbox is releasing an open source project plan called the Virtual First Toolkit.

The company is going all in with this approach and will be subletting much of its existing office space as it moves to this new way of working and its space requirements change dramatically. It’s a bold step, but one that Houston believes his company is uniquely positioned to undertake, and he wants Dropbox to be an example to others on how to reinvent the way we work.

Swiss Post acquires e2e encrypted cloud services provider, Tresorit

Swiss Post, the former state-owned mail delivery firm which became a private limited company in 2013, diversifying into logistics, finance, transport and more (including dabbling in drone delivery) while retaining its role as Switzerland’s national postal service, has acquired a majority stake in Swiss-Hungarian startup Tresorit, an early European pioneer in end-to-end-encrypted cloud services.

Terms of the acquisition are not being disclosed. But Swiss Post’s income has been falling in recent years, as (snailmail) letter volumes continue to decline. And a 2019 missive warned its business needed to find new sources of income.

Tresorit, meanwhile, last raised back in 2018 — when it announced an €11.5M Series B round, with investors including 3TS Capital Partners and PortfoLion. Other backers of the startup include business angels and serial entrepreneurs like Márton Szőke, Balázs Fejes and Andreas Kemi. According to Crunchbase Tresorit had raised less than $18M over its decade+ run.

It looks like a measure of the rising store being put on data security that a veteran ‘household’ brand like Swiss Post sees strategic value in extending its suite of digital services with the help of a trusted startup in the e2e encryption space.

‘Zero access’ encryption was still pretty niche back when Tresorit got going over a decade ago but it’s essentially become the gold standard for trusted information security, with a variety of players now offering e2e encrypted services — to businesses and consumers.

Announcing the acquisition in a press release today, the pair said they will “collaborate to further develop privacy-friendly and secure digital services that enable people and businesses to easily exchange information while keeping their data secure and private”.

Tresorit will remain an independent company within Swiss Post Group, continuing to serve its global target regions of EU countries, the UK and the US, with the current management (founders), brand and service also slated to remain unchanged, per the announcement.

The 2011-founded startup sells what it brands as “ultra secure” cloud services — such as storage, file syncing and collaboration — targeted at business users (it has 10,000+ customers globally); all zipped up with a ‘zero access’ promise courtesy of a technical architecture that means Tresorit literally can’t decrypt customer data because it does not hold the encryption keys.

It said today that the acquisition will strengthen its business by supporting further expansion in core markets — including Germany, Austria and Switzerland. (The Swiss Post brand should obviously be a help there.)

The pair also said they see potential for Tresorit’s tech to expand Swiss Post’s existing digital product portfolio — which includes services like a “digital letter box” app (ePost) and an encrypted email offering. So it’s not starting from scratch here.

Commenting on the acquisition in a statement, Istvan Lam, co-founder and CEO of Tresorit, said: “From the very beginning, our mission has been to empower everyone to stay in control of their digital valuables. We are proud to have found a partner in Swiss Post who shares our values on security and privacy and makes us even stronger. We are convinced that this collaboration strengthens both companies and opens up new opportunities for us and our customers.”

Asked why the startup decided to sell at this point in its business development — rather than taking another path, such as an IPO and going public — Lam flagged Swiss Post’s ‘trusted’ brand and what he dubbed a “100% fit” on values and mission.

“Tresorit’s latest investment, our biggest funding round, happened in 2018. As usual with venture capital-backed companies, the lifecycle of this investment round is now beginning to come to an end,” he told TechCrunch.

“Going public via an IPO has also been on our roadmap and could have been a realistic scenario within the next 3-4 years. The reason we have decided to partner now with a strategic investor and collaborate with Swiss Post is that their core values and vision on data privacy is a 100% fit with our values and mission of protecting privacy. With the acquisition, we entered a long-term strategic partnership and are convinced that with Tresorit’s end-to-end encryption technology and the trusted brand of Swiss Post we will further develop services that help individuals and businesses exchange information securely and privately.”

“Tresorit has paved the way for true end-to-end encryption across the software industry over the past decade. With the acquisition of Tresorit, we are strategically expanding our competencies in digital data security and digital privacy, allowing us to further develop existing offers,” added Nicole Burth, a member of the Swiss Post Group executive board and head of communication services, in a supporting statement.

Switzerland remains a bit of a hub for pro-privacy startups and services, owing to a historical reputation for strong privacy laws.

However, as Republik reported earlier this year, state surveillance activity in the country has been stepping up — following a 2018 amendment to legislative powers that expanded intercept capabilities to cover digital comms.

Such encroachments are worrying but may arguably make e2e encryption even more important — as it can offer a technical barrier against state-sanctioned privacy intrusions.

At the same time, there is a risk that legislators perceive rising use of robust encryption as a threat to national security interests and their associated surveillance powers — meaning they could seek to counter the trend by passing even more expansive legislation that directly targets and or even outlaws the use of e2e encryption. (Australia has passed an anti-encryption law, for instance, while the UK cemented its mass surveillance capabilities back in 2016 — passing legislation which includes powers to compel companies to limit the use of encryption.)

At the European Union level, lawmakers have also recently been pushing an agenda of ‘lawful access’ to encrypted data — while simultaneously claiming to support the use of encryption on data security and privacy grounds. Quite how the EU will circle that square in legislative terms remains to be seen.

But there are also some more positive legal headwinds for European encryption startups like Tresorit: A ruling last summer by Europe’s top court dialled up the complexity of taking users’ personal data out of the region — certainly when people’s information is flowing to third countries like the US where it’s at risk from state agencies’ mass surveillance.

Asked if Tresorit has seen a rise in interest in the wake of the ‘Schrems II’ ruling, Lam told us: “We see the demand for European-based SaaS cloud services growing in the future. Being a European-based company has already been an important competitive advantage for us, especially among our business and enterprise customers.”

EU law in this area contains a quirk whereby the national security powers of Member States are not so clearly factored in vs third countries. And while Switzerland is not an EU Member it remains a closely associated country, being part of the bloc’s single market.

Nevertheless, questions over the sustainability of Switzerland’s EU data adequacy decision persist, given concerns that its growing domestic surveillance regime does not provide individuals with adequate redress remedies — and may therefore be violating their fundamental rights.

If Switzerland loses EU data adequacy it could impact the compliance requirements of digital services based in the country — albeit, again, e2e encryption could offer Swiss companies a technical solution to circumvent such legal uncertainty. So that still looks like good news for companies like Tresorit.

 

The single vendor requirement ultimately doomed the DoD’s $10B JEDI cloud contract

When the Pentagon killed the JEDI cloud program yesterday, it was the end of a long and bitter road for a project that never seemed to have a chance. The question is why it didn’t work out in the end, and ultimately I think you can blame the DoD’s stubborn adherence to a single vendor requirement, a condition that never made sense to anyone, even the vendor that ostensibly won the deal.

In March 2018, the Pentagon announced a mega $10 billion, decade-long cloud contract to build the next generation of cloud infrastructure for the Department of Defense. It was dubbed JEDI, which aside from the Star Wars reference, was short for Joint Enterprise Defense Infrastructure.

The idea was a 10 year contract with a single vendor that started with an initial two year option. If all was going well, a five year option would kick in and finally a three year option would close things out with earnings of $1 billion a year.

While the total value of the contract had it been completed was quite large, a billion a year for companies the size of Amazon, Oracle or Microsoft is not a ton of money in the scheme of things. It was more about the prestige of winning such a high-profile contract and what it would mean for sales bragging rights. After all, if you passed muster with the DoD, you could probably handle just about anyone’s sensitive data, right?

Regardless, the idea of a single-vendor contract went against conventional wisdom that the cloud gives you the option of working with the best-in-class vendors. Microsoft, the eventual winner of the ill-fated deal acknowledged that the single vendor approach was flawed in an interview in April 2018:

Leigh Madden, who heads up Microsoft’s defense effort, says he believes Microsoft can win such a contract, but it isn’t necessarily the best approach for the DoD. “If the DoD goes with a single award path, we are in it to win, but having said that, it’s counter to what we are seeing across the globe where 80 percent of customers are adopting a multi-cloud solution,” Madden told TechCrunch.

Perhaps it was doomed from the start because of that. Yet even before the requirements were fully known there were complaints that it would favor Amazon, the market share leader in the cloud infrastructure market. Oracle was particularly vocal, taking its complaints directly to the former president before the RFP was even published. It would later file a complaint with the Government Accountability Office and file a couple of lawsuits alleging that the entire process was unfair and designed to favor Amazon. It lost every time — and of course, Amazon wasn’t ultimately the winner.

While there was a lot of drama along the way, in April 2019 the Pentagon named two finalists, and it was probably not too surprising that they were the two cloud infrastructure market leaders: Microsoft and Amazon. Game on.

The former president interjected himself directly in the process in August that year, when he ordered the Defense Secretary to review the matter over concerns that the process favored Amazon, a complaint which to that point had been refuted several times over by the DoD, the Government Accountability Office and the courts. To further complicate matters, a book by former defense secretary Jim Mattis claimed the president told him to “screw Amazon out of the $10 billion contract.” His goal appeared to be to get back at Bezos, who also owns the Washington Post newspaper.

In spite of all these claims that the process favored Amazon, when the winner was finally announced in October 2019, late on a Friday afternoon no less, the winner was not in fact Amazon. Instead, Microsoft won the deal, or at least it seemed that way. It wouldn’t be long before Amazon would dispute the decision in court.

By the time AWS re:Invent hit a couple of months after the announcement, former AWS CEO Andy Jassy was already pushing the idea that the president had unduly influenced the process.

“I think that we ended up with a situation where there was political interference. When you have a sitting president, who has shared openly his disdain for a company, and the leader of that company, it makes it really difficult for government agencies, including the DoD, to make objective decisions without fear of reprisal,” Jassy said at that time.

Then came the litigation. In November the company indicated it would be challenging the decision to choose Microsoft charging that it was was driven by politics and not technical merit. In January 2020, Amazon filed a request with the court that the project should stop until the legal challenges were settled. In February, a federal judge agreed with Amazon and stopped the project. It would never restart.

In April the DoD completed its own internal investigation of the contract procurement process and found no wrong-doing. As I wrote at the time:

While controversy has dogged the $10 billion, decade-long JEDI contract since its earliest days, a report by the DoD’s Inspector General’s Office concluded today that, while there were some funky bits and potential conflicts, overall the contract procurement process was fair and legal and the president did not unduly influence the process in spite of public comments.

Last September the DoD completed a review of the selection process and it once again concluded that Microsoft was the winner, but it didn’t really matter as the litigation was still in motion and the project remained stalled.

The legal wrangling continued into this year, and yesterday The Pentagon finally pulled the plug on the project once and for all, saying it was time to move on as times have changed since 2018 when it announced its vision for JEDI.

The DoD finally came to the conclusion that a single vendor approach wasn’t the best way to go, and not because it could never get the project off the ground, but because it makes more sense from a technology and business perspective to work with multiple vendors and not get locked into any particular one.

“JEDI was developed at a time when the Department’s needs were different and both the CSPs’ (cloud service providers) technology and our cloud conversancy was less mature. In light of new initiatives like JADC2 (the Pentagon’s initiative to build a network of connected sensors) and AI and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute mission, our landscape has advanced and a new way-ahead is warranted to achieve dominance in both traditional and non-traditional warfighting domains,” said John Sherman, acting DoD Chief Information Officer in a statement.

In other words, the DoD would benefit more from adopting a multi-cloud, multi-vendor approach like pretty much the rest of the world. That said, the department also indicated it would limit the vendor selection to Microsoft and Amazon.

“The Department intends to seek proposals from a limited number of sources, namely the Microsoft Corporation (Microsoft) and Amazon Web Services (AWS), as available market research indicates that these two vendors are the only Cloud Service Providers (CSPs) capable of meeting the Department’s requirements,” the department said in a statement.

That’s not going to sit well with Google, Oracle or IBM, but the department further indicated it would continue to monitor the market to see if other CSPs had the chops to handle their requirements in the future.

In the end, the single vendor requirement contributed greatly to an overly competitive and politically charged atmosphere that resulted in the project never coming to fruition. Now the DoD has to play technology catch-up, having lost three years to the histrionics of the entire JEDI procurement process and that could be the most lamentable part of this long, sordid technology tale.