Peter Bauer on Charting Mimecast's New Course Under PermiraMimecast CEO on How the New X1 Platform Converts Ingested Data Into Security Intel
Most M&A deals are predicated on how quickly the acquisition can show a return on investment, but Permira's $5.8 billion acquisition of Mimecast has allowed the email security vendor to make investments in products and technology that don't provide an immediate financial return.
A number of financial buyers expressed interest in taking Mimecast private following Thoma Bravo's 2021 purchase of Proofpoint, and co-founder and CEO Peter Bauer is glad the company ended up with Permira given the organization's brainpower and collaboration on various initiatives. With Permira's backing, Mimecast rolled out the X1 Platform to turn the data the company ingests into security intelligence for customers (see: Black Hat: Web3 Defense, Open-Source Intel & Directory Hacks).
"All of our time so far together with Permira has been a very positive and very consistent experience," Bauer says. "That's allowed us to continue to focus on the business, and they've brought a lot of expertise."
In this video interview with Information Security Media Group, Bauer also discusses:
- How Mimecast's X1 Platform brings email and collaboration defense together;
- How existing customers have capitalized on Mimecast X1's new capabilities;
- What he sees as Mimecast's most significant market opportunity in 2023.
Bauer launched Mimecast in 2003 with fellow board member and co-founder Neil Murray. He was born and raised in South Africa, trained as a Microsoft systems engineer and began working with corporate messaging systems in the mid-1990s. Bauer moved to the United Kingdom, where Mimecast was founded, and then moved to Boston, Massachusetts in 2011 to lead the company's aggressive push into North America.
Michael Novinson: Hello, this is Michael Novinson with Information Security Media Group. I'm joined today by Mimecast CEO Peter Bauer to take a look back at 2022, as well as the look ahead to 2023. Good afternoon, Peter, how are you?
Peter Bauer: Good, Michael, thanks for having me.
Novinson: You're very welcome. One of the major milestones for Mimecast in 2022 was being acquired by Permira, back in May, for $5.8 billion. So at this point, a little over six months, since that acquisition was complete. I was wondering what that meant for the company being in private hands in general, and then specifically being having Permira's stewardship.
Bauer: Yeah, great question, Michael! It's something that I don't think we could have timed better, just in terms of an opportunity for a growing company like ours to avoid some of the turmoil of being in the public market. So, we agreed the deal, I think, because we announced it in December 2021. It closed in May of 2022. And that's allowed us just rather than to be distracted by any of the public market things, to focus on investing in the business, continuing to build our team, continuing to build exciting new technologies. And then also invest in some product and technology developments that have longer life cycles that perhaps as a public company, we might have been a little bit less bold in terms of leaning into. We've had a great opportunity during 2022, to invest in those things, and start talking to your customers and prospects and the market about them on the tail end of this year.
Novinson: Of course, and specifically in terms of Permira, I know, they also own McAfee and they have some good DNA in this space. How has their involvement impacted Mimecast and your strategy?
Bauer: Yeah. So, you know, we met, obviously, you don't exactly get to choose who acquires your company, when you're a public company, or probably have some influence or some perspective over it. And we'd met with a number of parties that had expressed interest in us, and particularly since Proofpoint got acquired, you probably remember that we had a lot of interest. So when we were meeting with various parties, we got a sense of the sort of the similarities and the differences in approach. Permira was very clear that they had a product first and growth first mantra. And we liked their approach. They're thinking about businesses aligned with our values. Now you say product first growth first, at the end of the day, these are people businesses, and we felt a real sense of empathy, and a real sense of value that they placed on talent and Mimecast as a talent destination. And so from that meeting, which was during 2021, and the way this all played out to ultimately the board not failed is agreeing an acquisition by Permira through to the deal closing in May, and all of our time, so far together with them. It's been a very positive and very consistent experience with some of those early signals that we were encouraged to see in our meeting with them. And that's allowed us to continue to focus on the business. And they brought a lot of expertise, they brought a lot of brain power to the business. And I would say I don't want to put a number on it, but maybe our IQ as a company internally has gone up by 10 points, just through the time we've spent with them. And through some of the initiatives that we've been crafting together with them.
Novinson: Very interesting. In terms of things that have happened since the acquisition by Permira at back in August, you debuted the X1 platform bringing events email security and collaboration together. And now it's been nearly four months since the debut of that. What's the impact then for both existing customers as well as prospects of X1?
Bauer: Yeah, great question. So just to provide some context here, we built the business, we built the company on an underlying technology philosophy. And I know you, Michael, you and I've discussed this going back a little bit. And our underlying technology philosophy was around the idea that we were back in 2003, when we founded the company, we created a cloud first platform, which was novel at the time, nobody used the term cloud, but it was a multi-tenant, multi-product suite built on sort of microservices type concepts. And the approach that we put a name to that at a point in time, we call that Mime OS, which was our SaaS operating system. And that took us quite far. But what we found was that there were certain limitations there were certain kinds of designs around Mime OS that weren't going to take us fully into the future. And so we recast Mime OS with a few new characteristics, we recast that as the X1 platform. And that has involved building some new technology components and new capabilities into the platform like an extensive data platform to handle the vast amounts of telemetry that we get and turn that into security intelligence for customers. It's involved looking at the way we build UI capabilities, and how that makes things simpler and better and faster for customers. It's also involved leveraging some more public cloud services. Whereas in prior iterations, Mime OS has been more of an internal one. And so in terms of what we've delivered from a customer perspective, we delivered a new suite and new methodology for delivering email security cut to customers, called Email Security Cloud Integrated. Now, what's remarkable about that is that a customer can go from finding us to full deployment and generating value in under four minutes. And that gives you an example of the type of power that we're building within the X1 platform and how responsive we are being to some of the needs that customers have, as well as some of the opportunities that our channel partners are interested in, in terms of how do they demonstrate value to customers, quickly.
Novinson: Interesting, and what are some of the primary ways you've seen customers capitalize and are taking advantage of these new capabilities?
Bauer: Well, I think if you think about the challenges that customers are plagued with, there's the threat landscape, and the great amount of interest that adversaries have in infiltrating the workplace. So one of the things that you saw us launch and we'll talk about this in a second is our new brand identity around work protected. See, I'm even wearing the sweatshirt today. , the digital workplace has become such a dynamic lens of work surface, because of hybrid work. And I know it's 2022, it's not news to point out how much remote work is going on, it's accelerated. But the opportunities for attackers to leverage the gaps between the verifications and the confidence that we used to have exploit human beings get in between different purported identities that people have on different communication systems, be that email or WhatsApp or LinkedIn identity, and get involved in social engineering, stealing credentials, deploying ransomware malware and other things. This digital workplace is a risky environment, and customers are looking for ways that can address that. But at the same time, do two other things. One is simplify the internal environments to avoid a proliferation of point solutions to do all sorts of things, security awareness, training, mail filtering, the incident response stuff, the data archiving and data recovery capability in the event of a ransomware situation. So they're looking at how do they simplify their lives? And then also, how do they integrate whatever they buy, with the rest of the systems that they have you that sort of advanced endpoint technology or thermal SOAR environments. And so that's where Minecraft comes into it is, is dealing with that risk, but at the same time reducing the complexity and strengthening the overall security ecosystem the customer has.
Novinson: Absolutely. Let's get to the crystal ball here for a minute, if we can look ahead to 2023. Off the top, I'd love to get a sense of what do you feel is the biggest market opportunity for Mimecast in the year ahead?
Bauer: You know, I think customers or the world is dealing with so much change and transition. We've come from an environment of high workforce turnover. And so you've got a lot of new people in companies and a lot of new people in companies that aren't necessarily solely well inducted because the induction process is all being done remotely. So they don't necessarily know the norms and the people and the methods for them to intuitively counteract cybersecurity threats and social engineering threats is much diminished. So it makes organizations because of this social fabric and the sort of internal security intelligence of other companies' workforce as unraveled. It makes them so much more vulnerable to being duped into doing things. They don't know what the norms are. They knew there's high, there's much less tenure in many aspects of the workforce. And at the same time that transparency into that for an attacker is high. And they can see on LinkedIn, exactly, who's the new people? What are the roles, they can build up the sort of social graph the chart of the organization, easily. So I think as we look into 2023, companies being able to work protected and know that their work is protected, is going to take a great deal more care and attention. And I dare say, if we don't get it right, there will be some pretty profound horror stories that come out of it.
Novinson: Of course, what are the some of the key technology investments that you're hoping to make in the year ahead?
Bauer: Yeah, so if you think about what we've launched with Email Security Cloud Integrated, it's a new format for delivering email security technology. With Mimecast success has been built. Yes, email security is a very important and it's a flagship use case. But it forms part of an overall value equation that aims to reduce complexity and drawdown risk for customers. So there are many other capabilities around that we have security awareness training, archiving and compliance, email encryption, business continuity, data recovery, there are many other components to it. And so on the one hand, from a technology investment point of view, we're going to be building out our cloud integrated suite, to be able to incorporate more of those things in new formats that are easier to use, and address, I think, a whole exciting new segment, or additional segments of the market for us. But I think one thing we've had to continue to work on is the range of attacks and threats, the creativity of adversaries, is somewhat boundless. And so working on technologies that can continue to identify risks, can I continue to look deeper and deeper and deeper into not just individual messages, but chains of communication, and understanding sort of social graphs and metadata and kind of enriching the algorithm to catch risky things, and rely, firstly, on the computer or on our technology to block those things and keep those away. But we can't interrupt work, we can't break workflow processes, we can't unplug the machines to make the company more secure, we have to keep communications flowing. So it's also about working and making human beings smarter, giving them guidance, so that they can make smart decisions, and also allowing them to be part of the feedback loop, if you see something, say something, opportunity for each employee to be able to report things, and then have intelligent ways to process that and add that to the collective intelligence and response to the organization.
Novinson: Absolutely, and from the standpoint of the customer, what do you feel is the biggest challenge that they're going to have to grapple with in 2023?
Bauer: Well, it's a tough budgetary environment. So I think, customers are having to think about where are the greatest risks? And where is the best investment of dollars in a cybersecurity program? So I think we've gone through a time of grip of heightened awareness around cybersecurity risks. And, no board or no CEO wanted to be the one that constrained the security program from being able to spend money or make investments, unless something went wrong. And the security team says, we've been asking for better this or better that for a long time. And they always say no, and that's why things have blown up. So I think there's been a loosening of strings over time. And that's also created some level of tool bloat inside organization. So I think now with economic pressure, there's a little bit more CFO scrutiny to say, well, what is the strategy? How are you going to use this money? Tell me where the biggest risks are? Don't just give me a long flat list of risks and say, well, we got to buy something to deal with all of this stuff. Let's have a conversation around where the biggest risks are, and where are the intersections between those risks. And that's where we're quite focused in saying, there's a people, there is a communications and there's a data intersection, around email and collaboration technology. Here's a solution that can help you address that acute point there. And if we do that well, we draw down risks cost effectively for an organization.
Novinson: Of course, finally, here, what's your top priority for 2023?
Bauer: I think so many CEOs today are all thinking about how the social fabrics that we built in our businesses, the communities that we built, the people and employees that we built within our businesses, in the years prior to the pandemic helped us to succeed and to continue innovating and working during the pandemic. But obviously, over the years of remote working, some of that loosened and some of that unraveled. So, what I'm spending time thinking about for 2023 is, what's the format that people opt back into willingly to say, we want to be a vibrant organization with a strong social culture, and that's not going to happen by itself. That's going to happen if we all show up for each other. And we turn up and we make that happen, and how do we encourage that? How do we support that? Because that's such an important part of the learning and the problem solving. And we spoke at the start of the call about the IQ of the organization. I think organizations that get to spend some more in person time together, I think that raises the IQ of the organization, too. So that's a big focus for me is bringing people back together and whether that's gatherings or whether that's a day or two a week in the office. That's a big focus for me and my team as we go into next year.
Novinson: Of course, nothing beats face to face time together. Peter, thank you so much for the time.
Bauer: Great, thanks, Michael. Have a good one.
Novinson: We've been speaking with Peter Bauer. He is the co-founder, CEO and board member at Mimecast. For Information Security Media Group, this is Michael Novinson. Have a nice day.