The complexities created by security “tool sprawl” are a major headache for a lot of businesses. But with many vendors and buyers expecting a broader economic slowdown, a wave of security industry acquisitions looks to be on the way.
A wave of acquisitions in the security industry may be on the way.
Thanks to the tumultuous first six months of 2022, the forces driving cybersecurity “tool sprawl” might be slowing down, which could be a case of a good outcome arising from a bad situation.
The cybersecurity industry is poised for a surge in acquisition activity in the coming months, spurred by the likelihood of a slowing economic environment. Certain venture-backed security startups will no doubt have some tough decisions ahead. But industry experts say that such consolidation is welcome news for many customers, who’ve been grappling with an overload in options for security tools and a related phenomenon known as “tool sprawl.”
“The market is crying out for it,” said Ryan LaSalle, a senior managing director and head of the North America practice for consulting giant Accenture Security. “Many of our clients talk about how many tools are in their portfolio — our back-of-the-envelope math is around 60 to 80 in a security architecture. Some companies are as high as 140, which is an untenable amount of sprawl.”
The reasons why the cybersecurity industry got to this point are numerous, as are the factors behind the reversal that is likely to come soon. But the bottom line for many businesses is that consolidation in the cybersecurity market should have a positive effect on their ability to protect against cyber attacks, industry experts told Protocol.
The complexity of configuring and using so many security tools is a huge problem for businesses, especially at a time when almost no one has enough skilled people to go around, said Frank Dickson, group vice president for security and trust at IDC.
In many cases, customers have adopted new security tools in an effort to support rapid digital transformation and the move to the cloud, according to Dickson. However, while such moves have created new complexities for businesses, he said the act of adding more security tools will often “exacerbate the complexity problem” even further. Every new tool must be learned, configured, maintained and used properly by security teams that are increasingly stretched too thin.
Security tools also usually work together more effectively when they’re owned by a single vendor, as opposed to needing to be stitched together by a customer or service provider, Dickson said. “It’s probably a shortcoming in human nature: We tend to support and offer true integrated offerings best if we’ve got a profit motive,” he said.
Many of the chief information security officers LaSalle speaks with “know that their tools aren’t working well together,” and are largely not getting them closer to achieving the biggest goals of their security strategies. For instance, “If you’re trying to go to zero-trust architecture, stitching it together yourself is really, really hard,” he said.
Meanwhile, CISOs and other buyers are frankly overwhelmed by all the options out there right now, LaSalle said. With so many choices in the security market, he said “it’s really hard to wade through all the marketing hype to find the things that really work.”
For all these reasons and more, Dickson said consolidation in security is not just a good thing for businesses at this point; it’s actually “necessary.” The various dynamics at work for security teams in 2022 “almost mandate that we ask our security vendors to offer more comprehensive, integrated solutions, instead of offering best-of-breed point products,” he said.
For years, the cybersecurity industry has seemingly defied the forces of consolidation: For every security vendor that got acquired, several new ones would spring up, said Kevin Lynch, CEO at Optiv, a major managed security services firm.
This was never more true than in 2021, when venture capital and private equity investors funneled nearly $30 billion into cybersecurity startups, more than double the amount invested the year before, according to advisory firm Momentum Cyber. Meanwhile, the number of security acquisitions last year remained similar to previous years, Lynch said.
The combination of these factors helped create widespread proliferation of available security tools; at the RSA Conference in San Francisco last week, more than 400 security vendors took part as exhibitors — which represented just a fraction of the industry.
Tool sprawl also exists in part because, for a long time, the role of the CISO revolved around buying new security tools, Lynch said. “If you were a CISO 10 years ago, a lot of the way that you were evaluated was on [whether] you were acquiring and deploying the right technology.”
By contrast, today the security organization is “no longer a quiet function off in the corner,” but instead is a top priority for the company’s board and C-suite, Lynch said. And as a result, the CISO in 2022 is evaluated more on the outcomes they deliver for security, rather than which tools they deploy.
Many other forces have led to security tool sprawl, as well. The growing attack surface and intensifying threat landscape have led to an array of new types of tools, from cloud security to third-party risk management to AI-powered detection and response.
While innovation and competition are critical in security, like in any industry, many agree that customers would benefit from a cooling-off period for privately held security vendors.
2022 RSA Conference Photo: RSA Conference
However, security startups that depend on VC funding to sustain their businesses are expected to have fewer options in the changing economic environment. Some are already instituting layoffs, and the situation will lead many to be acquired, according to Dave DeWalt, the former CEO of FireEye and McAfee, and now founder and managing director of venture firm NightDragon.
The security industry is “heading towards a consolidation window,” DeWalt said in an interview with Protocol. “I really think we’re going to enter into the second half of 2022 with one [acquisition] after another.”
Some cybersecurity startups are welcoming the changing environment. At IT asset security firm Armis, Co-founder and CTO Nadir Izrael contends that the large number of security startups — many of which he said have achieved “over-inflated” valuations without much in the way of revenue — has been unhelpful in terms of improving overall security.
With dozens of cybersecurity startups now boasting billion-dollar valuations, “it’s very unclear [for customers] who is a big, mature, sustainable company that can actually support you as an enterprise — and who is a startup that doesn’t necessarily have all of those things in place,” Izrael said. “It creates a lot of confusion in the markets.”
Larger security vendors haven’t liked the high valuations for security startups very much either, based on conversations with the CEOs of several major cybersecurity firms. In recent years, the “valuations were crazy” for venture-backed security startups, said Bryan Palma, CEO of Trellix, the company formed through the merger of McAfee Enterprise and FireEye.
Since being named the CEO of publicly traded Secureworks last September, Wendy Thomas has been out looking for acquisitions at reasonable valuations, and not finding them.
Valuations for privately held security companies have often been in the range of 15 to 20 times annual recurring revenue, Thomas said. And frequently this is for vendors that are “still consuming a good bit of cash to drive that growth,” she said, which effectively makes the acquisition price even higher.
The signs of a slowing economy and the dramatic reduction in public company valuations, however, appear to be changing the dynamic. Thomas said she’s already seeing some private company valuations in security that’ve come down more to the range of 10 to 15 times ARR — and this is just the beginning. When it comes to cybersecurity startup acquisitions, “For us, now is the time to look,” she said.
Zscaler founder and CEO Jay Chaudhry also said the company has not done as many acquisitions as it might have, as a result of the “unreasonable” valuations possessed by many security startups.
Chaudhry said, with valuations now coming back down, “it’s an opportunity. And we are getting a lot more inbound calls,” including from companies, investors and investment bankers. “These companies, who were trying to grow at any cost now have to worry about, ‘How much money do I have left? How many months can I survive, if I don’t get to raise the next round?'”
Ultimately, he said, “I think removing froth from time to time is healthy for the market.”
Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.
Everything going on at Twitter, PM (Post Musk).
We want to keep you in-the-know on all the chaos unfolding at the bird site.
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
Scrolling through Twitter is very meta right now as many of the posts are about the platform itself. Since Elon Musk bought the damn thing after a monthslong showdown he’s fired four of Twitter’s top executives, might lay off nearly 75% of its staff, and has planned to charge $20 for verification. And that was just the first three days.
Musk tried desperately to get out of the deal, but succumbed after legal pressures. Now he seems to have fully committed himself to making the most out of the $44 billion dollar deal, sink in hand. Musk continues to tweet cryptic messages about the future of moderation and deplatforming and has called for broader “free speech” on Twitter, which many worry could include hate speech, misinformation, calls for violence, and other harmful content on the site. While bare-bones moderation could be bad for users and democracy, advertisers hate it and it is the advertisers (and not the current or future paying subscribers) who fork over the money that makes the platform run at all. Musk addressed advertisers directly on Twitter on Oct. 27, attempting to assure them he means well.
“Twitter can obviously not become a free-for-all hellscape, where anything can be said with no consequences!” Musk wrote. “Fundamentally, Twitter aspires to be the most respected advertising platform in the world that strengthens your brand and grows your enterprise.”
As for the future of Twitter internally, Musk seems to want a leaner, meaner team, achieved through layoffs and a voluntary Twitter exodus.
We want to keep you in-the-know on all the chaos unfolding at the bird site. This page will update as the news keeps rolling in. Maybe someday this never-ending cycle will stop, but unfortunately the Musk-Twitter saga has burrowed into the collective tech brain for seven months now. So no promises.
Musk completes his Twitter purchase on Oct. 27.
He promptly fires CEO Parag Agrawal, CFO Ned Segal, Sean Edgett, general counsel, and Vijaya Gadde, head of legal, policy, trust, and safety. He dissolves the board of directors. Twitter files to pull its shares from the public market.
Musk tweets that Twitter will form a moderation council with “widely diverse viewpoints.” “No major content decisions or account reinstatements will happen before that council convenes,” he writes.
Engineers were told to print out their last 30 to 60 days of code to review with Musk, then told to shred it, Platformer reported.
General Motors, a Tesla rival, temporarily halts paid advertising on Twitter. “We are engaging with Twitter to understand the direction of the platform under their new ownership,” GM told CNBC.
Responding to a tweet from Hillary Clinton, Musk links to an opinion article on Sunday from the Santa Monica Observer containing misinformation about Paul Pelosi. He deletes it hours later.
Musk’s inner circle and the remaining Twitter executives meet to discuss content moderation and laying off 25% of Twitter’s workforce, The Washington Post reports. All departments will be impacted, but especially sales, product, engineering, legal, and trust and safety, according to The Post.
The Musk-Twitter brain trust appears to include longtime allies Jason Calacanis, VC, and David Sacks, political donor and founding chief operating officer of PayPal. Musk’s additional helpers include his personal lawyer, Alex Spiro, and Andreessen Horowitz partner Sriram Krishnan. Musk is bringing in talent from his other companies as well, apparently asking Tesla engineers to check out Twitter’s code and consulting with his relative and a Neuralink engineer Andrew Musk as well as Jehn Balajadia, COO of The Boring Company.
Musk wants Twitter to charge $20 per month for verification, The Verge reported. He tweeted on Sunday that “The whole verification process is being revamped right now.” Calacanis recently asked his followers how much they would pay for a blue check mark. As of Oct. 31, the answer is overwhelmingly nothing.The plan is to change premium subscription Twitter Blue into a more expensive service that also verifies users. Musk apparently told employees to figure out how to implement the feature by Nov. 7 or he will fire them.
Musk wants to bring back Vine. Is Periscope next?
This story is developing.
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
Jason Zins is a Partner at SkyBridge Capital where he leads the firm’s venture and growth equity investing with a focus on crypto and fintech companies. Prior to joining SkyBridge in 2014, Mr. Zins worked at Bloomberg L.P. Mr. Zins received his B.A. in Government from Dartmouth College.
The flow of capital and talent into Web3 startups continues, pulled through this crypto winter by conviction in the generational technology transition it represents. Capital is in place and looking for an early-stage home. Valuations and expectations have normalized, and that is facilitating rational, purposeful engagement with Web3 startups. We believe the Web3 investment environment is riper than ever.
At SkyBridge, we have invested over $400 million in leading crypto and fintech startups since 2020. We expect to accelerate our efforts following our partnership with FTX Ventures, which recently bought a 30% stake in SkyBridge. Our collective goal is to grow the ecosystem, and we’re here for the long term.
SkyBridge Capital’s Anthony Scaramucci and FTX’s Sam Bankman-Fried at Crypto Bahamas
To founders and operators, now is the time to invest in Web3 builders who are focusing on real-world impact. Investors are looking for tangible use cases, including in the physical world. The recent SALT New York conference, for instance, featured two projects that are interesting to investors at the moment:
As an investor at SkyBridge, I have seen countless pitches, read my fair share of term sheets, and developed a good sense for what makes Web3 founders more likely to succeed — and more likely to fail.
If you are a Web3 entrepreneur, here is our advice for you:
1. Focus on the product.
Demonstrate economic value. The crypto winter is proving once again that token price is the last thing we should care about. The VC correction is proving once again that valuations are not an indicator of success. While money continues to flow, the crypto winter and VC slowdown have forced even the most committed Web3 venture capitalists (and their investors) to proceed with more caution.
Valuations have become less hype-driven and more realistic; the amount of time spent on due diligence has increased substantially; and every founder needs to directly, clearly, and concisely answer the question, “Does this project have any real-world utility, and does it create economic value?”
Just as you would with any other tech product, focus on the fundamentals: user growth, customer acquisition cost, burn rate, and all the rest of that really boring stuff that drives return on investment and really matters.
2. Embrace transparency.
Our LPs want to know that their money is safe with us — and we need to know it is safe with the companies we invest in. That means a couple things for you.
Be as transparent as you can be about custody and security, especially if tokens are part of the deal structure. Where are the assets held? What measures are in place to protect them? We have a long history of operational due diligence, and we place a premium on careful control over the assets.
Don’t underestimate the business impact of regulation. Incorporate its advent into your thinking. We believe, as many investors do, that regulation is coming — it’s just a matter of time — and that it will have a positive impact on the industry. Embrace it; don’t try to hide or operate in the gray area.
3. Play the long game.
Believe it or not, we’re still early in the age of Web3. That has several implications for founders.
Keep your nose clean. Good character is hard to find and selling at a premium in this space (see: 3AC). The majority of Web3 founders are unfamiliar to most investors. That means a clean track record, references, and being able to demonstrate trustworthiness are more important than ever.
Play nice. Whether it’s an investor who rejects you or a competitor you feel like you’re racing against, don’t sling mud or burn bridges. The landscape is constantly shifting, people move around in this industry all the time, and your paths will almost certainly cross again. The borderless economy isn’t a zero-sum game. Don’t treat it like one.
Protect your culture. Make sure your employees share the same values and standards of conduct. The talent pool is deep right now, but remember that, for startups, every single hire has an outsize impact on the culture (and chances of survival). If you make one bad hire in a company with 10,000 employees, you won’t feel it. But make one bad hire in a company with 10, and it’ll probably kill you.
*****
Projects built on financial engineering are a thing of the past. The excess and easy capital has left the system. This is a good thing. Focus on building great products or protocols, and the valuation will take care of itself over time. Obsess over valuation, and you may find yourself a zombie without access to capital.
We want you to succeed, whether that translates to capital investment or not. Because every win in this space, no matter where it comes from, pushes the tide a little higher.
Jason Zins is a Partner at SkyBridge Capital where he leads the firm’s venture and growth equity investing with a focus on crypto and fintech companies. Prior to joining SkyBridge in 2014, Mr. Zins worked at Bloomberg L.P. Mr. Zins received his B.A. in Government from Dartmouth College.
TikTok was a blip in 2018, and still growing in 2020. How will it handle misinformation around the 2022 midterms, especially with high turnover in its trust and safety teams?
“Platforms often tend to start the interventions too late, and then exit too early, and don’t recognize that election misinformation is an incredibly durable piece of information.”
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
As the midterm election nears, TikTok has faced unrelenting scrutiny about the role it plays in spreading misinformation and the way influencers and political operatives skirt its advertising rules. But according to seven former employees from TikTok’s trust and safety team, the company may have an even more basic problem inhibiting its efforts to secure the midterm election: High turnover among the employees who are supposed to carry out that work.
TikTok is still the new kid on the social media block. In 2018, the up-and-comer was barely a blip in the conversation about U.S. elections. By the 2020 election, it had built out its trust and safety team. But since that time, former employees told Protocol, members of that team have scattered, leaving TikTok with limited muscle memory just when it needs it most. “Since so many people are new, they don’t necessarily have the history or institutional knowledge,” one former employee said.
These former employees attributed the trust and safety team’s high attrition to TikTok’s grueling work culture and a lack of transparency from leadership about access to and policies around user data. “If they don’t stem the tide of all the people they’re losing, it’s going to be hard for them to be effective,” another former employee told Protocol.
TikTok refused to say exactly how many employees have left its trust and safety teams, or how many are employed now. The company also declined to specify exactly how the U.S. trust and safety team is structured, and if that structure has changed since 2020. In September, chief operating officer Vanessa Pappas told Congress that trust and safety is “our largest labor expense for TikTok’s U.S. operations,” with “thousands of people working across safety, privacy, and security on a daily basis.”
Protocol identified 239 people worldwide on LinkedIn who left TikTok’s trust and safety operations since 2021, with 94 of those leaving just this year and 67 based in the U.S. (LinkedIn member information may not fully represent staffing or attrition, due to the potential for fake accounts.) The company posted listings seeking to fill election misinformation roles as recently as October.
“We encourage a culture of transparency and feedback, and are committed to building an equitable platform and business that allows both our community and our employees to thrive,” a TikTok spokesperson told Protocol.
Civil rights groups have been sounding the alarm about election misinformation for weeks. The Leadership Conference on Civil and Human Rights recently addressed a letter to social media companies urging them to tamp down on the “Big Lie,” false claims that President Joe Biden lost the 2020 election to former President Donald Trump, in addition to new misinformation. Conspiracy theories about general fraud within the U.S. election system abound not only on social media but also among a majority of Republican candidates on the ballot this fall.
Every platform is working on ways to tackle mis- and disinformation related to elections, but there are a few factors that make it even harder on TikTok than elsewhere. For one, video can be a challenging medium to analyze: It’s harder to extract information and search for keywords in images and audio than in text. YouTube faces similar challenges, but it’s been around for far longer than TikTok.
And then, of course, there are the challenges that have nothing to do with technology and everything to do with humans. Karan Lala, a fellow at the Integrity Institute and former software engineer at Meta, noted that mass enforcement is difficult because people might tell the same lie in completely different ways.
“Let’s say you review one video and say, ‘oh the content of this video was a lie,’” Lala said. “How do you effectively link that decision to all the videos that might be coming from different creators that phrased the lie in a different way?”
TikTok’s algorithm also largely displays content from strangers, which means information spreads far beyond a person’s social circle. You don’t necessarily need a following to go viral, so any video might have infinite reach. Because of this — and the fact that researchers don’t have access to TikTok via an API, though TikTok promises to release one soon — it’s especially hard for outside researchers and experts to recreate what an average “For You” page might look like.
“How do you keep TikTok’s For You page from picking a relatively obscure video that is harmful and blasting it to millions of people?” Odanga Madung, a researcher with the Mozilla Foundation, asked. “Because that’s essentially what I was seeing on a consistent basis.”
Empowering trust and safety teams is critical in halting misinformation. TikTok is not very transparent internally, as it doesn’t provide an organizational chart to employees. Several former employees told Protocol they felt disconnected from the teams working on TikTok’s algorithm in China, often having to wait for engineers in China to respond to crises such as unflagging critical keywords.
“You need that team to have as much power and be as closely situated to the team that is building the algorithm in and of itself,” Lala said. “You need to be able to disrupt or slightly tweak the outcome of an algorithm based on integrity signals.”
TikTok’s ties to China have also led to heightened scrutiny of its content moderation decisions, even above and beyond accusations of “censorship” that routinely get leveled at other platforms. “TikTok has received a huge amount of criticism for both moderating too much and moderating too little,” said Casey Fiesler, an online communities professor at University of Colorado, Boulder.
All of this makes for a complex trust and safety landscape inside TikTok, which was just beginning to take shape during the 2020 election. Like other platforms at the time, TikTok’s employees had to decide how to handle videos discussing Hunter Biden’s laptop. “Do we just take it down and assume it’s all misinformation because it’s unverified?” a former employee told Protocol. “What do we do so that we’re not ‘big bad China’ and we’re not censoring everyone?” The team eventually decided not to fully take those videos down, unless they seemed egregious.
Another challenge during the 2020 election: handling political party-based hype houses. The former employee told Protocol that the Republican Hype House was especially difficult to deal with. The house members kept referencing unsubstantiated QAnon-related claims, but TikTok didn’t want to be accused of suppressing partisan speech. TikTok employees warned the house several times, but never took the account down.
Several told Protocol they were worried about the company’s ability to handle these types of issues with high turnover. One former TikTok employee said only one of the U.S.-based employees currently working on the threat analyst side worked at TikTok during the 2020 election. TikTok declined to comment on this claim.
David Polgar, founder of All Tech is Human, said one of the reasons for high trust and safety attrition more broadly is the explosion of the field. Every tech company worth its salt is looking for quality trust and safety employees, he said: “If you’re doing trust and safety for a major platform that is on the up-and-up like TikTok, you are also a really hot commodity for any startup.”
Burnout is common among trust and safety professionals and may also be a factor in high churn. Even if you’re not a direct content moderator, you’re working in a constant flow of disturbing content.
That type of turnover isn’t always a bad thing, said Katie Harbath, founder of Anchor Change and former public policy director at Facebook. “You are seeing people that were incubated in some of these other platforms, particularly your Metas and Googles, and also your Twitters and TikToks,” Harbath said. “They’re able to take that experience to other companies that may actually have nothing.”
TikTok, for its part, says it’s learned a lot from 2020 and is putting that knowledge to use this year. The company has already publicly released some of the lessons it learned after the 2020 election, including the need to improve its disinformation detection systems and educate creators on TikTok’s zero political ads policy. TikTok released its in-app election center six weeks earlier this year than in 2020 and is labeling content related to the 2022 midterms with a button leading to the information center. Hashtags like #elections2022 will also lead to the center and TikTok’s community guidelines. While content is in the process of being fact checked, it will be excluded from For You feeds.
Around the world, TikTok has hired more trust and safety employees, opening a Europe, Middle East, and Africa hub in Dublin and expanding its hub in San Francisco. It also launched content advisory councils in the U.S., Asia, and Europe. But former employees fear none of that will be enough without a battle-tested team in place.
Two years since the 2020 election, misinformation about the process and outcome still abounds. Mozilla’s Madung said TikTok will need to remain vigilant in the weeks following the midterms. The overarching goal is to avoid violence on or around election day, but Madung said TikTok needs to think about the deeper, pervasive damage caused by misinformation. Lies are persistent.
“Platforms often tend to start the interventions too late, and then exit too early, and don’t recognize that election misinformation is an incredibly durable piece of information,” Madung said.
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
Many crypto industries quietly depend on oracles, the data feeds that smart contracts tap into. Startups are challenging dominant player Chainlink, saying they can do it cheaper, more transparently, and with less centralized control.
As institutional players get deeper into crypto and regulators dig in, critical pieces of infrastructure like oracles are certain to get more scrutiny.
Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. He was also as a staff writer at Forbes covering social media and venture capital, and edited the Midas List of top tech investors. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.
Data oracles, the automated feeds that provide crucial price data to smart contracts and enable trading on blockchains, are drawing increasing scrutiny over their roles in recent hacks and the vulnerabilities the industry’s reliance on them creates. They’re also attracting more investment from VCs and larger crypto players who see an opportunity amid these fears.
Two hacks this month illustrated the crucial role oracles play in crypto. A $114 million hack of Solana trading service Mango Markets took place after an attacker caused the price of a token reported on an oracle to triple. A smaller attack, on Moola Market, also centered on oracle price manipulation.
Oracles provide data that is not on the blockchain — off-chain data — in order for the blockchain to perform some action. Even crypto price data comes from oracles: Blockchains can’t execute or record trades without the market prices provided by oracles. They’re a critical piece of infrastructure, in other words, though it’s rare for anyone besides smart contract developers to pay attention to their value or dig into their vulnerabilities.
Virtually every crypto application needs data to operate but it has to get it from a trusted source, and ideally fast and cheap. Many DeFi protocols rely on Chainlink, an open-source technology, to provide prices. Oracles, which aren’t a new concept in computer science, are named that because they “know things that the system can’t know,” said Sergey Nazarov, co-founder of Chainlink Labs.
Founded in 2017, Chainlink uses a network of interlinked oracles to provide 60% to 90% of market data across all of DeFi, according to Nazarov. This year it has helped process more than $6.4 trillion in transactions, he said. Chainlink started on Ethereum but is now on more than 15 blockchains.
Chainlink is hoping to extend this approach to other types of data and other financial applications, like insurance. Some new insurance providers such as the Lemonade Foundation and Arbol are using weather data provided by Chainlink to pay out insurance claims, dispensing with the need for traditional inspections. In blockchain gaming, Chainlink also offers a type of oracle that provides randomly generated numbers used for generating awards, characters, maps, or other parts of games.
Crypto applications such as derivatives protocol Synthetix, DeFi lending protocol Aave, and decentralized exchange PancakeSwap also use Chainlink for price feeds, automation, and random number generation, among other services.
Despite — or because of — its ubiquity, there appears to be growing interest in alternatives to Chainlink. Binance launched a native oracle service last week for its BNB Smart Chain, taking in-house a system that had previously run on Chainlink, the largest oracle provider.
Protocols like API3 and Flux have first-party oracles, which provide more transparent data direct from the source, instead of data aggregated by nodes, which is the approach used by Chainlink and others, said Flux co-founder Jasper de Gooijer.
“The main advantage if you’re not using a third-party layer [is that] you remove a whole attack vector that’s intrinsic to basically every other oracle project,” said Dave Connor, co-founder and business development lead at API3. Connor also helped run an early Chainlink node.
API3 and Flux also argue they are more decentralized than Chainlink. While Chainlink’s oracles are spread out among various nodes, their selection is still controlled by Chainlink, Connor said. API3 is trying to address this by managing its oracles with a decentralized autonomous organization.
Connor pointed to an incident with Chainlink where the price of gold was substituted for the price of silver to derivatives outfit Synthetix, which could have led to massive losses. “The exploit didn’t really cause many people to lose anything,” Connor said. “But it’s an example of what happens when the governance isn’t out in the open.” Chainlink said this was due to human error, not a problem with the oracle.
“Chainlink Data Feeds are decentralized at the data source, oracle node, and oracle network levels, generating highly reliable and accurate market data with strong protections against downtime and tampering,” Nazarov said.
This debate between efficiency and decentralization is common in crypto. “The reality is, over time, everything gets more centralized,” said Boris Wertz, who invests in crypto at Version One Ventures, citing bitcoin mining and ether staking as examples. “The question is, then, what’s the right balance between something that is efficient versus something that is sufficiently decentralized? Every single validator network has a balance between decentralization and efficiency.”
Some insiders say having one major provider or a small number of providers undergirding the industry presents a risk for a new industry like crypto. “I think that that’s why there’s a lot of venture money that’s going after alternatives,” said Shawn Douglass, CEO of Amberdata, which provides data to oracle networks.
There’s always a “good news, bad news” debate when one big player in a category does well, Wertz said. “Obviously, that player is most likely stronger in terms of security and scale than others. At the same time, if it gets manipulated, then lots of people will get affected.”
The risk of that happening depends on what sort of back-up options oracle users have, but not all have enough redundancy, said Austin Campbell, head of portfolio management at crypto infrastructure firm Paxos. “It’s critical for protocols to have a resilient set of data providers in order to have multiple redundancy options in the case of outage or failure. This will reduce risk in DeFi, given most protocols do not have circuit-breaker-like technology that halts trading,” he said.
But Nazarov said Chainlink’s size isn’t a risk, because it can be customized to be as secure as developers want it to be. “Chainlink is actually an open-source framework for people to make their own oracle networks,” he said. “It’s actually a way for people to compose the degree of decentralization and risk management that they want.”
In the Mango Markets attack, Mango shouldn’t have allowed such a large withdrawal based on that oracle pricing. So the oracle, Pyth, wasn’t at fault, according to FTX CEO Sam Bankman-Fried. Still, the incident and similar hacks show that even if an oracle is correct, the way it is used can present “very significant risk,” Campbell said.
Nazarov pointed to the Mango incident as well, noting that Chainlink’s design prevents that type of price manipulation from happening. “I think it’s a larger risk to make a faulty oracle and get hacked,” he said.
These kinds of debates are likely to continue. As institutional players get deeper into crypto and regulators dig in, critical pieces of infrastructure like oracles are certain to get more scrutiny. Oracles may know things that aren’t on the blockchain. But their ultimate test may come in knowing themselves.
Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. He was also as a staff writer at Forbes covering social media and venture capital, and edited the Midas List of top tech investors. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.
After buying Figma for $20 billion, Adobe will have no clear competitor in its quest to dominate the design industry. But to succeed, the company will need to execute well and find sources of organic innovation.
“While there were questions perhaps about the purchase price, and questions upfront about what that said about our core business … it’s now about the excitement of what [we] can do together,” Adobe CEO Shantanu Narayen told investors.
Aisha Counts (@aishacounts) is a reporter at Protocol covering enterprise software. Formerly, she was a management consultant for EY. She’s based in Los Angeles and can be reached at acounts@protocol.com.
For decades Adobe has completely dominated the creative software industry. The company’s impressive community of designers, communications, developers, and artists have propelled the company to becoming a $14.6 billion giant with no clear rival.
Although discontent over pricey subscriptions, steep cancellation fees, hard-to-use software, and slow innovation hasn’t made Adobe’s customers the happiest in enterprise software, there weren’t many alternatives.
But one emerging alternative was Figma, the web-based product design startup with a cult following that Adobe acquired in September. The massive $20 billion acquisition reflects Adobe’s intent to revinent itself around collaborative web-based design.
Adobe still faces potential challenges in making the deal a success, including Federal Trade Commission scrutiny, pushback from designers wary about its history, and a challenging macroeconomic environment. But if Adobe can succeed, it will only further entrench the company’s unrivaled dominance among creative professionals.
It’s easy to forget that Adobe has been a major part of enterprise tech for decades. Founded in 1982, the company’s imaging, video, illustration, and 3D products have become the de facto standards for artists, illustrators, and designers all over the globe.
Throughout its history Adobe has acquired a number of smaller competitors to grow its reach, including Marketo, Behance, Frame.io, and others. Today Adobe’s portfolio includes products in imaging, video, photography, marketing, commerce, and others that sit across its three clouds: Document Cloud, Experience Cloud, and flagship Creative Cloud.
Adobe’s Document Cloud, which is the smallest, generates about $2 billion in revenue annually for the company, driven largely by PDF reader Acrobat and its e-signature product, Adobe Sign. Although Document Cloud delivers the lowest revenue of its three clouds, the product suite is integral to Adobe’s broader growth strategy, which hinges on bringing Acrobat to every user across every device, and then funneling them throughout Adobe’s broader product suite.
“The demand for PDFs has never been greater,” said digital media president David Wadhwani, who oversees Document and Creative Cloud, during the company’s financial analyst day earlier in October. “It’s a very productive engagement and up-sell motion for us.”
Experience Cloud comes in second, with $3.9 billion in revenue last fiscal year, propelled by digital marketing products for audience analytics and content management, and underpinned by its customer data platform.
But the true driving force of the company is Creative Cloud, which houses products such as Photoshop, Illustrator, Premiere, and XD; it generated $9.5 billion for the company last fiscal year, the majority of its overall revenue.
Over the past several years, Adobe has been focused on moving its creative suite into the cloud, launching web-based versions of Photosop, Acrobat, Illustrator, Premiere, and others, although the majority of its core applications are still desktop-only.
As an attempt to remedy that, and compete with startups such as Canva and Figma, the company launched Adobe Express in December of last year. The free app that lets users easily design graphics, edit photos, trim videos, and more.
Adobe Express is distinct from the company’s other Creative Cloud products because it doesn’t require a pricey subscription or years of expertise to use, making it more accessible to a wider swath of users. “Express has definitely expanded the top of the funnel,” Wadhwani told investors. “We’ve removed all barriers to adoption.”
Based on comments from CEO Shantanu Narayen, CFO Dan Durn, and others during the company’s annual MAX conference earlier in October, it’s clear Adobe believes its future hinges on web-based collaborative design. That’s why the acquisition of Figma, which has been both web-based and built around simultaneous multi-user collaboration from its debut, will be so central to Adobe’s success moving forward.
Figma was established in 2012, and found success by putting easy-to-use creative tools in a browser for low prices. Bolstered by a freemium model and an intuitive interface the company grew from $0 to $400 million in annual recurring revenue in only a few years.
“One of the things that I remind people is, Figma didn’t even start to monetize until I think very late 2017. So they’ve gone from zero to over 400 million in ARR in something like four years,” Adobe senior vice president of digital media Ashley Still told Protocol. “That is very unique. If you go look at Atlassian or Slack or others, it is just rare to have the type of growth rate that Figma has,” she said.
Now Adobe is hoping it can capture some of what makes Figma special, along with $400 million in additional recurring revenue.
Investors, analysts, and others in the tech community have questioned Figma’s massive purchase price. At $20 billion, the deal is 50 times Figma’s annual recurring revenue and would set a record as the largest private tech acquisition in history at the time of announcement.
If you go look at Atlassian or Slack or others, it is just rare to have the type of growth rate that Figma has.”
But Adobe executives remain confident about the purchase price and value of Figma. “If you went out 12 months you can easily get to discounted cash flow models that [justify that amount] over time,” said Still.
But some industry analysts aren’t buying that calculation.
“When you consider what Figma is adding as a percentage of Adobe’s total ARR and even factoring in an expectation of robust growth for another two, three years, it’s still in our view difficult to truly rationalize the amount that is being spent,” said Gregg Moskowitz, managing director of enterprise software research at Mizuho.
The real reason Adobe paid so much, of course, is because Figma was a serious competitive threat. While Moskowitz hadn’t necessarily seen enterprise customers leave Adobe entirely, “We were hearing on some occasions that customers were curbing the amount of growth in Adobe licenses and funneling more of their budget towards Figma,” he said.
Plus, if Adobe didn’t buy Figma now, it might never have been able to.
“Think about the opportunity cost of not getting Figma right now,” said Valoir research analyst Rebecca Wettemann. Sure, Adobe “spent a lot of money for it, but compared with what right? With missing out on the opportunity,” she said.
Adobe, of course, is aware of all this. “While there were questions perhaps about the purchase price, and questions upfront about what that said about our core business … it’s now about the excitement of what [we] can do together,” Narayen told investors.
That may be true. Adobe knows that it needs Figma to remain the software of choice for designers and creatives, and Figma will benefit from Adobe’s customer base and financial muscle.
Already, Adobe is taking a number of steps to become more like Figma. During Adobe’s annual MAX conference, the company announced a number of new product features with Figma-like flavoring, including new collaboration features for Photoshop, Illustrator, and PDF reader Acrobat. Adobe also expects that Figma is going to help make real-time co-editing a reality across its product suite.
Adobe still faces some challenges in propelling itself into its next stage with Figma’s help.
Since Adobe largely dominates the design field, the FTC will probably keep a close eye on the proposed Figma acquisition. Earlier this year the FTC sued to block Meta’s acquisition of VR company Within, which was arguably more tangential to the company than Figma is to Adobe.
But Adobe executives don’t agree. “We’re confident that the businesses and the products are really adjacent,” said Adobe’s Still. That sentiment was echoed by Narayen to investors, even though Adobe has products that compete directly with Figma.
For example, Adobe XD, which is a desktop product for user experience design, essentially does the same thing as Figma. Case in point: When Figma built similar functionality but offered it collaboratively over the web, Adobe slowed down its investment in XD.
“[Figma] totally reframed the whole industry to the point where XD became a company that was just not growing or working, frankly, and we started to wind down our focus on that,” chief product officer Scott Belsky admitted during a press conference at Adobe MAX.
We were hearing on some occasions that customers were curbing the amount of growth in Adobe licenses and funneling more of their budget towards Figma.”
Designers are also broadly opposed to the Adobe-Figma deal, because many viewed Figma as a cheaper and easier-to-use alternative than Adobe. Designers have voiced concerns about everything from pricing changes and high cancellation fees to fears over losing the vibrant Figma community.
Those fears aren’t entirely unfounded. “Adobe is not great to do business with,” said Valoir’s Wettemann. Since Adobe has been “ostensibly the only game in town for professional designers and developers, they’ve been able to dictate terms to a certain extent,” she said.
Although Adobe is committed to maintaining a free tier for Figma and other products, some investors and analysts are convinced the price will go up anyway.
As much as designers don’t like price increases, it probably won’t lead to much customer churn. For example, after Adobe raised prices on its Creative Cloud suite about six months ago, there was some customer pushback, but not enough to cause concern for Adobe, said Moskowitz. He also pointed out that price increases in this environment aren’t uncommon, and that companies like Microsoft have raised prices on some products by 10% or more.
Adobe has also tried to convince designers that it intends to preserve the sense of innovation and community Figma has thrived on. But large-scale integrations always present challenges to corporate culture, and corporate red tape and bureaucracy slow down innovation.
Allowing Figma’s Dylan Field will remain CEO, he will still have to squeeze into Adobe’s culture. “I wouldn’t say autonomous,” Adobe’s Still said of Figma’s operating structure. “There are definitely very specific areas of synergy that we’re excited to drive together.”
Adobe is not great to do business with.”
Stitching together acquisitions is never easy, but Adobe executives have pointed to the company’s track record of helping startups in the past. For example, Behance, the social media platform for creatives founded by Adobe chief product officer Scott Belsky, grew its community from 1 million to 31 million members since its acquisition by Adobe.
“The product is better and tighter and faster-growing than it’s ever been before right now,” said Belsky during a press conference. “So Behance has not only benefited its community from the acquisition, but it’s also a better product.”
Adobe also has a history of installing the leaders from those acquisitions as key executives. “You’re talking to someone who came in through an acquisition,” said Belsky. “David Wadhwani, president of our digital media business, came in through Macromedia. A number of our leaders came in through acquisitions. And so in some ways, we have that playbook.”
Some analysts agree that Adobe has done well in its past M&A strategy, but still think Figma is a different story. “You’d have to look at Marketo as the most expensive, but even that was less than one-fourth the size of what Figma is costing them,” said Mizuho’s Moskowitz. “Any way you slice it, this is a different animal, there’s going to be more complexity with respect to integration,” he said.
Despite the challenges Adobe will face moving forward, the company has several key advantages. The company still has a large community of designers, artists, and developers; a dominant market position; a sprawling product suite; a strong cash position; and healthy revenue.
After acquiring Figma, Adobe will have no serious contender, aside from startup Canva, which is used primarily by average consumers and not professional designers. It has both the ambition and resources to define the next generation of creativity and design.
Adobe started supporting NFTs last year, and at Adobe MAX it announced a slew of product features and enhancements intended to power the metaverse. Those include new additions to its generative AI product, Adobe Sensei, partnerships to help authenticate digital content, and updates to 3D design product Substance, which will integrate some apps directly into Meta’s Quest platform.
Although analysts know the enterprise software industry is tougher to navigate today than in the past, they remain optimistic about Adobe’s future.
“Overall we didn’t [see] that there are any deep concerns. I still think that Adobe carries unrivaled breadth [and] unrivaled brand awareness in the markets in which they play,” said Moskowitz.
Still, while ideas are easy, execution is hard. The good news for Adobe is that the only true barrier the company faces is itself.
Aisha Counts (@aishacounts) is a reporter at Protocol covering enterprise software. Formerly, she was a management consultant for EY. She’s based in Los Angeles and can be reached at acounts@protocol.com.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.