BDO Tech Newsletter - Winter 2016

February 2016


Download PDF Version

Table of Contents

The Internet of Things: All About Software
Five Steps to a Smarter SaaS Security Plan
Spotlight on Valuation: Monte Carlo Simulation for Software
PErspective in Technology – Software
Did you know...

The Internet of Things: All About Software

By Hank Galligan   
“Smart devices” that capture and deliver data to end users are everywhere, sparking the so‑called “Internet of Things” (IoT) phenomenon. But while McKinsey & Company puts IoT’s potential economic impact at $3.9 trillion to $11.1 trillion by 2025, organizations must develop the right systems and processes to maximize IoT’s real value. The accelerated collection of “machine data,” as connected devices become increasingly interconnected, is adding to the Big Data deluge. At the same time, wearable technology, smart home automation devices, machine-to-machine communications and related IoT applications promise to unlock new business opportunities. Software plays a key role in bringing it all together.

Major technology players are pushing software platforms for IoT. In October, Amazon Web Services launched a new platform for building IoT-intended applications at its annual cloud expo, as its CTO commented that “everything that used to be hardware is now software.” Earlier in the year, IBM said it would invest $3 billion over the next four years in a new business unit—a collection of online software called IoT Foundation—that will enable customers to gather and analyze the influx of data from IoT technology. Twitter, meanwhile, has been piloting IoT for years by enabling sensors to record and share data via tweets through its open API. With the launch of Twitter’s Fabric modular mobile development platform, developers can now create applications for inanimate objects or things that integrate with Twitter, or relay information between existing IoT apps.

Everybody’s Talking About IoT

IoT is fueling innovation, with IoT-related products stealing the spotlight at the International Consumer Electronics Show (CES) in Las Vegas in early January. The markets for smart home automation devices and wearable devices are expected to surge over the next few years, as new mobile apps and technologies enable consumers to control more through their mobile devices. The CES show featured an abundance of new smart home gadgets, like smart refrigerators, that are linked to Apple’s HomeKit, Google’s Brillo and Nest platforms and Amazon’s Echo and Alexa voice-recognition platform. Connected cars offer another huge area of promise for IoT, with Ford recently announcing a partnership with Amazon and IoT platform Wink to give drivers the ability to use voice commands to open a garage door or turn on lights in their house.

There is no shortage of innovation on the enterprise side of IoT either; in fact, there is some argument that the bigger IoT opportunity is in business, manufacturing and healthcare. General Electric projects that the market for connected industrial machinery, which it calls the industrial Internet, will add $10 to $15 trillion to the global GDP within the next 20 years. Huge bandwidth, cheap processing and cloud technologies seem to offer endless possibilities for how we interact with machines and how they interact with each other. But the key to unlocking real value lies in what is done with the data that is generated and how it’s used to make improvements—that’s where software comes into play.

The Software Opportunity

Global spending on IoT devices and services will grow to $1.7 trillion by 2020, from $656 billion in 2014, according to research firm IDC. It projects nearly one-third of that growth will be tied to devices, which will boost demand of IoT platforms, application software and cloud-based “as a service” solutions. Research and Markets reported that revenue from IoT-related software totaled $197 billion in 2015, through platforms, APIs, applications, controlling systems, security solutions, management and operations.

Software will have a critical role in supporting the data analysis needed to turn the massive amounts of IoT-generated data into something meaningful that can lead to greater efficiencies, improved productivity and other key benefits. When thinking about the industrial IOT landscape, per a recent Wired article, software could boost the reliability of major infrastructure through asset performance diagnostics. Consider, for example, a piece of manufacturing equipment that can report on its own operability and health.

As companies embrace more connected devices, the urgency grows for better ways to manage and analyze data streams coming from many different directions. Data analysis software is improving to help enterprises make sense of the data influx. However, to be a true value add, software developers must have a keen understanding of where data can provide actionable insights and intelligence to advance the business.

IoT Software Concerns

Despite all that IoT promises, lack of interoperability and integration complexities pose significant challenges to making this new collected data useful, due in large part to incompatible or outdated operating systems. Further complicating matters is the lack of a common set of standards. As a result, an enormous amount of data being generated isn’t analyzed at all and is thus largely useless. McKinsey reports that its $11.1 trillion estimate for IoT’s potential economic impact factors in interoperability at an average of 40 percent, or more in some cases. Information from sensors in smart devices typically helps to detect and control anomalies, but McKinsey found that the data often isn’t being put toward higher value activities like optimization or prediction.

In addition, there are an abundance of privacy and security concerns that companies must address as they gather more data and embrace new technology platforms. Part of the IoT software conversation needs to be focused on improving data governance policies and processes, especially in light of the frequency of data breaches and the increasing sophistication of cyber attacks.

What is being done with all of the data being collected by connected devices and analyzed via software programs? How is it stored, shared, protected and deleted? Each of these categories is deserving of serious consideration. However, up to this point, data privacy and regulatory compliance have largely been afterthoughts. The Economist argues that these “missing puzzle pieces” are blunting the transformative potential of IoT, particularly as it relates to consumer-facing innovations.

Some of the big corporations are taking action—for example, Samsung and Panasonic are both investing in IoT security efforts, and AT&T has pledged to do the same, but movement across the industry is slow-going.

In the meantime, regulators are just starting to poke their heads around. Congress held several hearings over the last year focused on IoT and will continue to monitor developments to ensure there is a proper balance between innovation and consumer protection. The Federal Trade Commission (FTC) is taking more active measures, recently appointing a leading privacy and security expert as its new chief technologist, specifically citing growing concerns around IoT. The FTC also issued consumer protection recommendations for Internet-connected devices last year, requiring customer consent for how companies use their data. Further developments are certain to follow this year.

Putting IoT All Together

Software developers hold the key to the so-called “missing puzzle pieces” of IoT. Ultimately, the challenges of data analysis, interoperability, integration and security are potential billion-dollar software opportunities.

Hank Galligan is the Software practice leader for BDO’s Technology & Life Sciences Practice.

Five Steps to a Smarter SaaS Security Plan

By Shahryar Shaghaghi

Cybersecurity and software-as-a-service (SaaS) companies have a complicated relationship. On one hand, increasing need for cybersecurity is fueling growth for SaaS companies and security solutions. On the other, SaaS companies are targets of would-be hackers, looking to steal sensitive data or use the cloud as a platform to hide behind.

When it comes to opportunity for SaaS companies, Research and Markets forecasts that the SaaS security market will grow by almost 18 percent from 2013 to 2018. Security SaaS startups have also been a hot investment. In July, Microsoft acquired Adallom, a SaaS cloud cybersecurity startup for $320 million. Silicon Angle reports that Adallom had previously been responsible for exposing a breach in Microsoft Office 365.

But then consider Dropbox, the most popular cloud storage provider—and also among the most targeted: In 2014, hackers held 7 million Dropbox passwords ransom and, in early December, it was uncovered that hackers were using the service to target Hong Kong journalists, according to SC Magazine.

In the early days of cloud adoption, fear over security was rampant. While those fears have largely been alleviated, and the benefits of scalability have triumphed, data storage off-premises inevitably adds an additional layer of security complexity.

In a time where growth and threats come hand in hand, what do SaaS executives and boards of directors need to know to help mitigate their company from risk?

Cybersecurity is a Management and Board Issue

The rise of security breaches across the technology industry has made clear that investment in appropriate technologies cannot be relegated to the back office or implemented on a reactive basis in a time of crisis. Cybersecurity and IT risk management should be treated as a key business priority of the C-suite and boards. A sound cyber strategy requires sophisticated risk management and compliance technologies, an incident response team and cyber insurance to cover any potential business interruption.

However, the recent BDO Board Survey revealed that companies are still playing catch up. Less than half of public company boards (45 percent) have a cyber-breach response plan in place. And just one-third of directors (34 percent) report that they have documented and developed solutions to protect their business’s critical digital assets.

Still, our survey found that companies are making progress in addressing this critical issue. More than two-thirds of board members (69 percent) said that their board is more involved with cybersecurity than it was 12 months ago. And while a majority may not have comprehensive systems and plans in place, most are taking action to get there. Seventy percent say they have increased investments over the past year to defend against cyber attacks, with an average budget increase of 22 percent.

Setting a SaaS Security Plan

As SaaS company leaders and boards seek to deploy those investments strategically, they should consider the following key steps to minimizing the risk and impact of a breach:
  • Perform a Risk Assessment: A risk assessment should be performed, beginning with identifying which of the critical assets—company IP, customer data, employee information—must be protected. Then, the adequacy of the policies and procedures in place must be evaluated. Next, core business functions including software delivery, billing and customer service should be mapped. Once the process flows are analyzed and categorized in connection with established policies, proper controls can be implemented to mitigate risks and minimize their potential impact.
  • Don’t Overlook Third Parties: Risks are not confined within the walls of organization. In fact, more than 60 percent of breaches come through third-party relationships. While SaaS companies often serve as a third-party relationship to other businesses, they have their own external relationships to consider as well. Whether it’s outsourced HR services or other external service providers and partners—particularly those that have access to critical or sensitive data—SaaS companies must consider the risk third-parties pose to data integrity and evaluate their vendors’ own security policies and controls.
  • Define a Security Strategy: SaaS companies need a formal security strategy and implementation plan to mitigate internal and external threats. This includes the development of a complete enterprise security architecture which includes detection, protection, response and recovery aspects of the cybersecurity program. Incident-response plans must be fully developed and tested and updated on a regular basis so that an organization can efficiently and effectively recover and communicate up and down all appropriate channels after a breach occurs. Applying a multilayered approach to security infrastructure, using multifactor authentication and authorization security controls, helps to guard against unauthorized access to security data.
  • Plan for an Empowered Customer: As boards, executives and consumers become increasingly sophisticated about security issues, SaaS providers can expect to receive more questions from their customers during the buying process: How will you store our data? Are your data centers in a secure location? Are you monitoring for traffic hijacking? Do you encrypt your backups? By considering these customer concerns as a part of their security strategy, SaaS companies will be better positioned to allay concerns and earn trust.
  • Avoid Complacency: The new world of cyberattacks means that even as SaaS companies catch up with current risks, they must also prepare for future environments. New product and service development should consider and incorporate security components during the R&D phase. In addition, employees must be aware of security risks in order for risk management to be effective. Employees should be made aware of risks specific to a particular job function as well as the company overall.

Across all industries, there is still much to be done to ensure formal strategies are in place to combat cyber attacks. But, there will likely continue to be a spotlight on SaaS companies, in particular—both as secure service providers and as protectors of sensitive customer information in the cloud. SaaS boards and leaders should ensure they remain proactive about risk assessment, as advanced preparation can make a world of difference for companies if a data breach occurs. Detailed plans can minimize reaction times and keep issues from escalating into a situation that could be potentially damaging to a company’s reputation and competitive edge.


Spotlight on Valuation: Monte Carlo Simulation for Software

By Anthony Alfonso

When it comes to valuation, software startups tend to think they are what the market says they are, but a dynamic valuation model may reveal otherwise. Our Valuation & Business Analytics (VBA) practice was recently approached by a software developer to help create a business case and potential range of values for a startup stock option trading software program. This was a typical case of a developer with a working program, but without the additional startup funding needed to bring the program to market.

To develop the business case, the VBA practice spent a significant amount of time interviewing the client and building an understanding of the potential market share, adoption rate, distribution networks, subscriber base and cost structure of the product.

After speaking with the software developer, it became evident that a dynamic valuation model was necessary to capture as many of the permutations and correlations of the assumptions as possible. It was clear that a Monte Carlo simulation would be the best approach. A Monte Carlo simulation is a computerized mathematical technique that runs multiple, randomized iterations, or simulations, of possible outcomes using real-world variables to probabilistically test concepts. The results are better predictions with a greater degree of accuracy.

BDO’s Tailored Approach:

The VBA team first identified the startup’s target markets — the United States, Europe and the Asia Pacific — and then developed a base case forecast. From the base case forecast, a consolidated forecast was developed, calculating the internal rate of return and payback period assuming a predetermined fixed funding price of $15 million. Once the base case scenario was established, the varying assumptions were introduced.

To help visualize the future uncertainty, imagine a classic hurricane path prediction model that pinpoints where the eye of the hurricane is currently located. As the meteorologist starts to introduce predictions of where the eye of the hurricane will be during certain hours and days in the future, the predictive path widens as time progresses, resembling a widening cone that expands to reflect the estimate of uncertainty.

The goal of using a Monte Carlo simulation is to reduce the size of the cone, or uncertainty. When applying Monte Carlo in this instance, the following sales channel assumptions were evaluated under minimum, maximum and most-likely scenarios:
  • Dropout rate (attrition rate)
  • Third-party advertising conversion rate
  • Web marketing conversion rate
  • Educator’s conversion rate

Once the conversion rates were detailed, resulting in a baseline revenue starting point, the year-over-year revenue growth rates and EBITDA margins were considered, along with a minimum, maximum and most-likely scenario.

A Monte Carlo simulation was then performed, involving 100,000 random iterations of the forecast, bound by the aforementioned parameters and assumed distribution patterns.

The Results:

Upon completion of the Monte Carlo simulation, the VBA group could share the following insights with the software developer:
  • The assumption that produces the highest r-square (i.e., the most sensitive assumption);
  • A range of net present values (NPV);
  • The estimated payback period within two standard deviations; and
  • The internal rate of return within two standard deviations.

With this predictive information, the software developer was able to help quantify the risk and reward of investing in the software program.

To learn more about how BDO can help your company with valuations, contact Anthony Alfonso, national leader of BDO’s Valuation and Business Analytics practice at

PErspective in Technology – Software

PErspective in software is a feature examining the role of private equity in the software sector.

Software M&A activity—and deal-making in general—was robust in 2015, with Pitchbook reporting 2,375 software mergers globally through the end of November. Only a fraction of these deals (187) were backed by private equity, reflective of a downturn in PE deal activity across the board. High valuations—driven by low interest rates, the stock market’s long bull run, increased competition from cash-rich corporates and a strong private fundraising market—coupled with a regulatory crackdown on leveraged lending, left many PE firms sitting on significant amounts of dry powder.

Read more

Did you know...

Gartner estimates worldwide IT spending will increase by just .6 percent to $3.54 trillion in 2016, following a year with the largest U.S. dollar drop in IT spending since the research firm began tracking this statistic.

The software market, however, is a bright spot, expected to grow by 5.3 percent in 2016.

By 2019, the cloud software market will grow to surpass $112.8 billion, and the cloud software model will account for $1 of every $4.59 spent on software, according to IDC.

According to Cisco’s fourth annual Global Cloud Index, the cloud will account for 83 percent of total data center traffic by 2019.

According to Synergy Research Group, the U.S. accounts for 44 percent of major cloud and Internet data center sites, followed by China at 10 percent.

The global Internet of Things market is expected to grow at a compound annual growth rate of 31.72 percent, according to TechNavio.

For more information on BDO USA's service offerings, please contact one of the regional service leaders below:

Tim Clackett
Los Angeles


Aftab Jamil
Silicon Valley

Slade Fester
Silicon Valley
  Todd Berry

Hank Galligan
  David Yasukochi
Orange County

Paul Heiselmann
  Eric Sobota
Washington D.C.