Cisco’s $2.35 billion Duo acquisition front and center at earnings call

When Cisco bought Ann Arbor, Michigan security company, Duo for a whopping $2.35 billion earlier this month, it showed the growing value of security and security startups in the view of traditional tech companies like Cisco.

In yesterday’s earnings report, even before the ink had dried on the Duo acquisition contract, Cisco was reporting that its security business grew 12 percent year over year to $627 million. Given those numbers, the acquisition was top of mind in CEO Chuck Robbins’ comments to analysts.

“We recently announced our intent to acquire Duo Security to extend our intent-based networking portfolio into multi- cloud environments. Duo’s SaaS delivered solution will expand our cloud security capabilities to help enable any user on any device to securely connect to any application on any network,” he told analysts.

Indeed, security is going to continue to take center stage moving forward. “Security continues to be our customers number one concern and it is a top priority for us. Our strategy is to simplify and increase security efficacy through an architectural approach with products that work together and share analytics and actionable threat intelligence,” Robbins said.

That fits neatly with the Duo acquisition, whose guiding philosophy has been to simplify security. It is perhaps best known for its two-factor authentication tool. Often companies send a text with a code number to your phone after you change a password to prove it’s you, but even that method has proven vulnerable to attack.

What Duo does is send a message through its app to your phone asking if you are trying to sign on. You can approve if it’s you or deny if it’s not, and if you can’t get the message for some reason you can call instead to get approval. It can also verify the health of the app before granting access to a user. It’s a fairly painless and secure way to implement two-factor authentication, while making sure employees keep their software up-to-date.

Duo Approve/Deny tool in action on smartphone.

While Cisco’s security revenue accounted for a fraction of the company’s overall $12.8 billion for the quarter, the company clearly sees security as an area that could continue to grow.

Cisco hasn’t been shy about using its substantial cash holdings to expand in areas like security beyond pure networking hardware to provide a more diverse recurring revenue stream. The company currently has over $54 billion in cash on hand, according to Y Charts.

Cisco spent a fair amount money on Duo, which according to reports has $100 million in annual recurring revenue, a number that is expected to continue to grow substantially. It had raised over $121 million in venture investment since inception. In its last funding round in September 2017, the company raised $70 million on a valuation of $1.19 billion.

The acquisition price ended up more than doubling that valuation. That could be because it’s a security company with recurring revenue, and Cisco clearly wanted it badly as another piece in its security solutions portfolio, one it hopes can help keep pushing that security revenue needle ever higher.

Coinbase acquires Distributed Systems to build ‘Login with Coinbase’

Coinbase wants to be Facebook Connect for crypto. The blockchain giant plans to develop “Login with Coinbase” or a similar identity platform for decentralized app developers to make it much easier for users to sign up and connect their crypto wallets. To fuel that platform, today Coinbase announced it has acquired Distributed Systems, a startup founded in 2015 that was building an identity standard for dApps called the Clear Protocol.

The five-person Distributed Systems team and its technology will join Coinbase. Three of the team members will work with Coinbase’s Toshi decentralized mobile browser team, while CEO Nikhil Srinivasan and his co-founder Alex Kern are forming the new decentralized identity team that will work on the Login with Coinbase product. They’ll be building it atop the “know your customer” anti-money laundering data Coinbase has on its 20 million customers. Srinivasan tells me the goal is to figure out “How can we allow that really rich identity data to enable a new class of applications?”

Distributed Systems had raised a $1.7 million seed round last year led by Floodgate and was considering raising a $4 million to $8 million round this summer. But Srinivasan says, “No one really understood what we’re building,” and it wanted a partner with KYC data. It began talking to Coinbase Ventures about an investment, but after they saw Distributed Systems’ progress and vision, “they quickly tried to move to find a way to acquire us.”

Distributed Systems began to hold acquisition talks with multiple major players in the blockchain space, and the CEO tells me it was deciding between going to “Facebook, or Robinhood, or Binance, or Coinbase,” having been in formal talks with at least one of the first three. Of Coinbase the CEO said, they “were able to convince us they were making big bets, weaving identity across their products.” The financial terms of the deal weren’t disclosed.

Coinbase’s plan to roll out the Login with Coinbase-style platform is an SDK that others apps could integrate, though that won’t necessarily be the feature’s name. That mimics the way Facebook colonized the web with its SDK and login buttons that splashed its brand in front of tons of new and existing users. This turned Facebook into a fundamental identity utility beyond its social network.

Developers eager to improve conversions on their signup flow could turn to Coinbase instead of requiring users to set up whole new accounts and deal with crypto-specific headaches of complicated keys and procedures for connecting their wallet to make payments. One prominent dApp developer told me yesterday that forcing users to set up the MetaMask browser extension for identity was the part of their signup flow where they’re losing the most people.

This morning Coinbase CEO Brian Armstrong confirmed these plans to work on an identity SDK. When Coinbase investor Garry Tan of Initialized Capital wrote that “The main issue preventing dApp adoption is lack of native SDK so you can just download a mobile app and a clean fiat to crypto in one clean UX. Still have to download a browser plugin and transfer Eth to Metamask for now Too much friction,” Armstrong replied “On it :)”

In effect, Coinbase and Distributed Systems could build a safer version of identity than we get offline. As soon as you give your Social Security number to someone or it gets stolen, it can be used anywhere without your consent, and that leads to identity theft. Coinbase wants to build a vision of identity where you can connect to decentralized apps while retaining control. “Decentralized identity will let you prove that you own an identity, or that you have a relationship with the Social Security Administration, without making a copy of that identity,” writes Coinbase’s PM for identity B. Byrne, who’ll oversee Srinivasan’s new decentralized identity team. “If you stretch your imagination a little further, you can imagine this applying to your photos, social media posts, and maybe one day your passport too.”

Considering Distributed Systems and Coinbase are following the Facebook playbook, they may soon have competition from the social network. It’s spun up its own blockchain team and an identity and single sign-on platform for dApps is one of the products I think Facebook is most likely to build. But given Coinbase’s strong reputation in the blockchain industry and its massive head start in terms of registered crypto users, today’s acquisition well position it to be how we connect our offline identity with the rising decentralized economy.

Washington hit China hard on tech influence this week

After months of back-and-forth negotiations, Washington moved rapidly this past week to fend off the increasing transcendence of China’s tech industry, with Congress passing expanded national security controls over M&A transactions and the Trump administration heaping more pressure on China with threats of increased tariffs.

We’ve been following the reforms to CFIUS — the Committee on Foreign Investment in the United States — since the proposal was first floated late last year. The committee is charged with protecting America’s economic interests by preventing takeovers of companies by foreign entities where the transaction could have deleterious national security consequences. The committee and its antecedents have slowly gained powers over the past few decades since the Korean War, but this week, it suddenly gained a whole lot more.

Through the Foreign Investment Risk Review Modernization Act of 2018, which was rolled into the must-pass National Defense Authorization Act and passed by Congress this week, CFIUS is gaining a number of new powers, more resources and staff, more oversight, and a charge to massively expand its influence in any M&A process involving foreign entities.

Lawfare has a great summary of the final text of the bill and its ramifications, but I want to highlight a few of the changes that I think are going to have an outsized effect on Silicon Valley and the tech industry more widely.

One of the top priorities of this legislation was to make it more difficult for Chinese venture capital firms to invest in American startups and pilfer intellectual property or acquire confidential user data.

Congress fulfilled that goal in two ways. First, the definition of a “covered transaction” has been massively expanded, with a focus on “critical technology” industries. In the past, there was an expectation that a foreign entity had to essentially buy out a company in order to trigger a CFIUS review. That jurisdiction has now been expanded to include such actions as adding a member to a company’s board of directors, even in cases where an investment is essentially passive.

That means that the typical VC round could now trigger a review in Washington — and in the fast timelines of startup fundraising, that might be enough friction to keep Chinese venture capital out of the American ecosystem. Given that Chinese venture capital (at least by some measures) has outpaced U.S. venture capital in the first half of this year, this provision will have huge ramifications for startups and their valuations.

The second element Congress added was requiring that CFIUS receive all partnership agreements that a company has signed with a foreign investor. Often in a transaction, there is a main agreement spelling out the overall structure of a deal, and then side agreements with individual investors with special terms not shared with the wider syndicate, such as the right to access internal company data or intellectual property. By requiring further disclosure, CFIUS will have a more holistic picture of a deal and any risks it might add for national security.

It’s important to note that Congress was keen on balancing the need for investment with the need of national security. Through oversight provisions, including allowing CFIUS decisions to be contested in the DC Court of Appeals, Congress has designed the reform to be fairer, even as it takes a harder line on certain transactions.

It will take many months for the provisions to come in full force, so some of the effects of this bill won’t be felt until the end of next year. Nonetheless, Congress has sent a clear message of its intent.

Congress’ national security concerns in financial transactions are also crossing the Atlantic. British Prime Minister Theresa May and her government are spearheading new controls over foreign investment transactions, and the EU has also launched more screenings to ensure that transactions are in the best interests of the continent. All of these legislative moves are a response to Chinese foreign direct investment, which has skyrocketed in Europe while almost disappearing in North America.

President Trump signed tariffs on China earlier this year. Now, the administration wants to more than double them.

That disappearance is a function of the on-going trade dispute between the U.S. and China, which crescendoed this past week. The Trump administration said it is considering increasing tariffs from 10% to 25% on $200 billion worth of Chinese goods, significantly heightening the tariffs it had put in place earlier this year.

That threat got a swift response from China overnight, with the Chinese Commerce Ministry saying that it would put tariffs on $60 billion worth of American goods in retaliation if the U.S. followed through with its threat.

So far, the tech industry appears to have been more insulated from the back-and-forth than expected, although the increasing scope and intensity of tariffs could change that calculus. Apple updated its quarterly filing this week to include a new risk around trade disputes, saying that “Tariffs could also make the Company’s products more expensive for customers, which could make the Company’s products less competitive and reduce consumer demand.” Legal boilerplate for sure, but it is the first time the company has included such a provision in its filing.

The tariffs drama is going to continue in the weeks and months ahead. But this week in particularly was a watershed for U.S. and China technology relations, and a busy week for tech lobbyists and policy officials.

For startups, most of this news basically boils down to the following: the U.S. is one market, and China is another. Cross-investing and cross-distribution just aren’t going to be easy as they were even a few months ago. Pick a market — one market — and focus your energies there. Clearly, it’s going to be tough times for anyone caught in the middle between the two.