Tag Archives: Business Lab

Solving the AI Training Data Challenge with Decart AI and Backblaze

Post Syndicated from Stephanie Doyle original https://www.backblaze.com/blog/solving-the-ai-training-data-challenge-with-decart-ai-and-backblaze/

A decorative image showing the logos of Backblaze and Decart.

Depending on which LLM you ask, we live in a world with somewhere between 25k and 80k AI startups. It’s a growing, highly competitive market where small startups with a big idea can find themselves toe-to-toe with the goliaths of tech—fighting for money, chips, talent, even raw electrical power. 

How does any company differentiate themselves in an explosive burst of technological change, one that requires a lot of investment in talent and infrastructure, where even the richest tech platforms on the planet don’t always succeed? Today we’re sharing the story of Decart—an AI startup that used Backblaze B2 Cloud Storage to leverage a successful launch with an impressive new model that provides an order of magnitude improvement in both the training and inferencing of the largest generative models.

Backblaze is an amazing solution for AI training data. We looked at a number of options and  Backblaze is seriously the best.

—Dean Leitersdorf, Co-Founder and CEO, Decart

First, the news

Decart is an AI research lab that came out of stealth on October 31 with an incredible new model:

While this might look like Minecraft, every pixel you see here and all of the gameplay is being generated by Decart’s Oasis model. It’s like Minecraft in every way you’d expect, except that the entire experience is being generated by AI and you can creatively prompt the model to build beyond the confines of the game. The mindblowing part? Decart says Oasis can perform more than 10 times more efficiently than competitors such as OpenAI’s Sora, which hasn’t been publicly released.

Don’t let the game distract you though—the Minecraft simulation is just an expression of the power of their model. According to the Decart team, this isn’t even version 1.0 of what their approach is capable of generating—more like version 0.01. Given the broad coverage they’ve already received for their launch, we’re excited to see what’s next.

How to break out in the AI market

For Decart, the strategy to pull ahead of the crowd was simple: Disrupt the market on inference speed to deliver game changing models, and do that by building the most high-performance multi-cloud model training infrastructure possible. Then, iterate on that innovation. 

We crafted state of the art infrastructure that allows us to train models that other people simply can’t train.

—Dean Leitersdorf, Co-Founder and CEO, Decart

Before we met Dean and the team at Decart, most of the hard work was done: the multi-cloud AI stack for training was dialed in and the models were going through the paces. They just had one simple, but big, problem holding them back:

The price and the logistics of moving and storing training data were going to limit their growth.

They were burning through free data storage credits from a traditional cloud provider and had data spread across a range of other cloud providers and GPU clusters. Their training data needed to scale from 100s of thousands of hours of video data to 100s of millions of hours, and they needed a storage solution that could handle that scale in three key areas:

  1. Reliably high performance: Decart needed to know that when they got time on a cluster, they could move data in as fast as possible the second that they were able to. 
  2. GPU interoperability: They needed to be sure that whatever storage platform they chose, it would work well with a multi-cluster training approach. Being able to shop jobs between different GPU clouds and disperse training was essential for Dean’s team.
  3. Efficiency: Every dollar an AI startup spends on anything other than training time is a competitive disadvantage, so ensuring that storage costs were low without any surprise fees for data retention or download was key.

Decart discovered Backblaze while researching storage alternatives. After a quick call and two fast months of testing Backblaze in a wide variety of usage patterns, it was clear to the team that they had found the storage foundation they needed. 

We chose Backblaze because everything works. It’s super stable, and we had zero problems.  That’s number one.

—Dean Leitersdorf, Co-Founder and CEO, Decart

When it came time to start moving data from Backblaze to GPU clusters, they had no problem with transferring petabyte-scale datasets. The only minor challenge was ensuring that the compute provider’s pipe could take the volume of data streaming in.

Here’s where things ended up working for Decart:

  • Performance: They were blown away by the performance they achieved with Backblaze (more to come on that later).
  • Price: With pricing at one-fifth the cost of traditional cloud providers, Backblaze unlocked a significant amount of budget.
  • Free egress: The true game changer. Decart, for a number of reasons, trains their models on multiple different GPU clusters at the same time. With Backblaze, they can egress their full dataset to up to three training sites with zero additional cost.

B2 Cloud Storage was literally the only technical thing we used in training these models that didn’t crash the first time we tried it. We’re in an industry where everything fails, but Backblaze didn’t.

—Dean Leitersdorf, Co-Founder and CEO, Decart

Looking forward

With performance, flexibility, and affordability squared away in their data storage approach, the Decart team is now in position to rotate out of this impressive first model and build whatever is next. With all the fundamentals working on the level that Backblaze always provides and Decart is happy with, the two teams are now working together to find even more efficiency and optimization and truly stand up the best infrastructure for training AI models.

The post Solving the AI Training Data Challenge with Decart AI and Backblaze appeared first on Backblaze Blog | Cloud Storage & Cloud Backup

Welcoming Chief Revenue Officer Jason Wakeam to Backblaze

Post Syndicated from Backblaze original https://www.backblaze.com/blog/welcoming-chief-revenue-officer-jason-wakeam-to-backblaze/

A decorative image with title "Jason Wakeam, Chief Revenue Officer" and a photograph of Jason.

Backblaze is happy to announce that Jason Wakeam has joined our team as Backblaze’s first Chief Revenue Officer (CRO). Jason will take on spearheading our overall sales strategy, with a focus on expanding market share and driving new revenue opportunities.

What Jason Brings to the Role

An industry veteran with nearly three decades of global leadership experience, Jason brings a proven track record of driving growth and innovation at technology companies. Jason has previously served as a vice president of global sales at SnapLogic, and held leadership roles in a range of public and private companies including Cloudera, Microsoft, and Hewlett-Packard.

I am pleased to welcome Jason as our chief revenue officer. He has an impressive track record that showcases his ability to drive businesses to the next level. His expertise will be crucial as we help more, larger customers break free from traditional cloud walled gardens, move to an open cloud ecosystem, and empower them to do more with their data.

—Gleb Budman, CEO and Chairperson of the Board, Backblaze

Jason takes over from long-time Backblazer Nilay Patel, who previously served as vice president of sales, and has transitioned to oversee our recently established New Markets team with a special focus on AI. 

The addition of Jason to our leadership is a sign of our commitment to attracting, retaining, and growing with larger mid-market customers. Jason says of his new role:

Backblaze’s mission deeply resonates with me, and I am excited to help accelerate growth for our company. I’m looking forward to working with this amazing team as we continue to scale with our customers and further innovation.

—Jason Wakeam, Chief Revenue Officer, Backblaze

Welcome, Jason!

The post Welcoming Chief Revenue Officer Jason Wakeam to Backblaze appeared first on Backblaze Blog | Cloud Storage & Cloud Backup

How Backblaze Scales Our Storage Cloud

Post Syndicated from Andy Klein original https://backblaze.com/blog/how-backblaze-scales-our-storage-cloud/

A decorative image showing a larger cube being compressed into a smaller cube.

Increasing storage density is a fancy way of saying we are replacing one drive with another drive of a larger capacity; for example replacing a 4TB drive with a 16TB drive—same space, four times the storage. You’ve probably copied or cloned a drive or two over the years, so you understand the general process. Now imagine having 270,000 drives that over the next several years will need to be replaced, or migrated as is often the term used. That’s a lot of work. And when you finish—well actually you’ll never finish as the process is continuous for as long as you are in the cloud storage business. So, how does Backblaze manage this ABC (Always Be Copying) process? Let me introduce you to CVT Copy or CVT for short.

CVT Copy is our in-house purpose-built application used to perform drive migrations at scale. CVT stands for Cluster, Vault, Tome, which is engineering vernacular mercifully shortened to CVT. 

Before we jump in, let’s take a minute to define a few terms in the context of how we organize storage.

  • Drive: The basic unit of storage ranging in our case from 4TB to 22TB in size.
  • Storage Server: A collection of drives in a single server. We have servers of 26, 45, and 60 drives. All drives in a storage server are the same logical size.
  • Backblaze Vault: A logical collection of 20 Storage Pods or servers. Each storage server in a Vault will have the same number of drives.
  • Tome: A tome is a logical collection of 20 drives, with each drive being in one of the 20 storage servers in a given Vault. If the storage servers in a Vault have 60 drives each, then there will be 60 unique tomes in that Vault.
  • Cluster: A logical collection of Vaults, grouped together to share other resources such as networking equipment and utility servers.

Based on this, a Vault consisting of 20, 60-drive storage servers will have 1,200 drives, a Vault with 45-drive storage servers will have 900 drives, and a Vault with 26-drive servers will have 520 drives. A cluster can have any combination of Vault sizes.

A Quick Review on How Backblaze Stores Data

Data is uploaded to one of the 20 drives within a tome. The data is then divided into parts, called data shards. At this point, we use our own Reed-Solomon erasing coding algorithm to compute the parity shards for that data. The number of data shards plus the number of parity shards will equal 20, i.e. the number of drives in a tome. The data and parity shards are written to their assigned drives, one shard per drive. The ratios of data shards to parity shards we currently use are 17/3, 16/4, and 15/5 depending primarily on the size of the drives being used to store the data—the larger the drive, the higher the parity.


Using parity allows us to restore (i.e. read) a file using less than 20 drives. For example, when a tome is 17/3 (data/parity), we only need data from any 17 of the 20 drives in that tome to restore a file. This dramatically increases the durability of the files stored.

CVT Overview

For CVT, the basic unit of migration is a tome, with all of the tomes in a source Vault being copied simultaneously to a new destination Vault which is typically new hardware. For each tome, the data, in the form of files, is copied file-by-file from the source tome to the destination tome.

The CVT Process

An overview of the CVT process is below, followed by an explanation of each task noted.

A diagram showing the logic of how clusters, vaults, and tomes check in with each other to ensure perfect migration.


A diagram showing the logic of how clusters, vaults, and tomes check in with each other to ensure perfect migration.
A diagram showing the logic of how clusters, vaults, and tomes check in with each other to ensure perfect migration.

Selection

Selecting a Vault to migrate involves considering several factors. We start by reviewing current drive failure rates and predicted drive failure rates over time. We also calculate and consider overall Vault durability; that is, our ability to safeguard data from loss. In addition, we need to consider operational needs. For example, we still have Vaults using 45-drive Storage Pods. Upgrading these to 60-drive storage servers increases drive density in the same rack space. These factors taken together determine the next Vault to migrate.

Currently we are migrating systems with 4TB drives, which means we are migrating up to 3.6 petabytes (PB) of data for a 900 drive Vault or 4.8PB of data for a 1,200 drive Vault. Actually, there are no limitations as to the size of the source system drives, so Vaults with 6TB, 8TB, and larger sized drives can be migrated using CVT with minimal setup and configuration changes.

Once we’ve identified a source Vault to migrate we need to identify the target or destination system. Currently, we are using destination vaults containing 16TB drives. There is no limitation as to the size of the drives of the destination Vault, so long as they are at least as large as those in the source Vault. You can migrate the data from any sized source Vault to any sized destination Vault as long as there is adequate room on the destination Vault.  

Setup

Once the source Vault and destination Vault are selected, the various Technical Operations and Data Center folks get to work on setting things up. If we are not using an existing destination Vault, then a new destination Vault is provisioned. This brings up one of the features of CVT: The migration can be to a new clean Vault or an existing Vault; that is, one with data from a previous migration on it. In the latter case, the new data is just added and does not replace any of the existing data. The chart below are examples of the different ways a destination Vault can be filled from one or more source Vaults.

A diagram showing different configurations of Vault migrations before and after.


A diagram showing different configurations of Vault migrations before and after.
A diagram showing different configurations of Vault migrations before and after.

In any of these scenarios, the free space can be used for another migration destination or for a Vault where new customer data can be written.

Kickoff

With the source and destination Vaults identified and setup, we are now ready to kick-off the CVT process. The first step is to put the source Vault in a read-only state and to disable file deletions on both the source and destination Vaults. It is possible that some older source Vaults may have already been placed in read-only state to reduce their workload. A Vault in a read-only state continues to perform other operations such as running shard integrity checks, reporting Drive Stats statistics and so on. 

CVT and Drive Stats

We record Drive Stats data from the drives in the source Vault until the migration is complete and verified. At that point we begin recording Drive Stats data from the drives in the destination Vault and stop recording Drive Stats data from the drives in the source Vault. The drives in the source Vault are not marked as failed.

Build the File List

This step and the next three steps (read files, write files, and validate) are done as a consecutive group of steps for each tome in a source Vault. For our purpose here, we’ll call this group of steps the tome migration process, although they really don’t have such a name in the internal documentation. The tome migration process is for a single tome, but, in general, all tomes in a Vault are migrated at the same time, although due to their unique contents, they most likely will complete at different times.

For each tome, the source file list is copied to a file transfer database and each entry is mapped to its new location in the destination tome. This process allows us to maintain the same upload path while copying the data as the customer used to initially upload their data. This ensures that from the customer point of view, nothing changes in how they work with their files even though we have migrated them from one Vault to another.

Read Files

For each tome, we use the file location database to read the files. One file at a time. We use the same code in this process that we use when a user requests their data from the Backblaze B2 Storage Cloud. As noted earlier, the data is sharded across multiple drives using the preset data/parity scheme, for example 17/3. That means, in this case we only need data from 17 of the drives to read the file.

When we read a file, one advantage we get by using our standard read process is a pristine copy of the file to migrate. While we regularly run shard integrity checks on the stored data to ensure a given shard of data is good, media degradation, cosmic rays and so on can affect data sitting on a hard drive. By using the standard read process, we get a completely clean version of each file to migrate.

Write Files

The restored file is sent to the destination vault, there is no intermediate location where the file resides. The transfer is done over an encrypted network connection typically within the same data center, preferably on the same network segment. If the transfer is done between data centers, it is done over an encrypted dark fiber connection. 

The file is then written to the destination tome. The write process is the same one used by our customers when they upload a file and given that process has successfully written hundreds of billions of files we didn’t need to invent anything new.

At this point, you could be thinking that’s a lot of work to copy each file one by one.  Why not copy and transfer block by block, for example? The answer lies in the flexibility we get by using the standard file-based read and write processes.

  • We can change the number of tomes. Let’s say we have 45 tomes in the source Vault and 60 tomes in the destination Vault. If we had copied blocks of data the destination Vault would have 15 empty tomes. This creates load balancing and other assorted performance problems when that destination Vault is opened up for new data writes at a later date. By using standard read and write calls for each file, all 60 of the destination Vault’s tomes fill up evenly, just like they do when we receive customer data.
  • We can change parity of the data. The source 4TB drive Vaults have a data/parity ratio of 17/3. By using our standard process to write the files, the data/parity ratio can be set to whatever ratio we want for the destination Vault. Currently, the data/parity ratio for the 16TB destination Vaults is set to 15/5. This ratio ensures that the durability of the destination Vault and therefore the recoverability of the files therein is maintained as a result of migrating the data to larger drives.
  • We can maximize parity economics. Increasing the number of parity drives in a tome from three to five decreases the number of data drives in that tome. That would seem to increase the cost of storage, but the opposite is true in this case. Here’s how:
    • Using 4TB drives for 16TB of data stored
      • Our average cost for a 4TB drive was $120 or $0.03 per GB.
      • Our cost of 16TB of storage, using 4TB drives, was $480 (4 x $120).
      • Using a 17/3 data/parity scheme means:
        • Data storage: We have 13.6TB of data storage at $0.03/GB ($30/TB) which costs us $408. 
        • Parity storage: We have 2.4TB of parity storage at $0.03/GB ($30/TB) which costs us $72.
    • Using 16TB drives for 16TB of data stored
      • Our average cost for a 16TB drive is $232 or $0.0145 per GB.
      • Our cost of 16TB of storage is $232.
      • Using a 15/5 data/parity scheme means:
        • Data storage: We have 12.0TB of data storage at $0.0145/GB ($14.5/TB) which costs us $174.
        • Data parity: We have 4.0TB of parity storage at $0.0145/GB ($14.5/TB) which costs us $58.
    • In summary, increasing the data/parity ratio to 15/5 for the 16TB drives is less expensive ($58) than the cost of parity when using our 4TB drives ($72) to provide the same 16TB of storage. The lower cost per TB of the 16TB drives allows us to increase the number of parity drives in a tome. Therefore, the cost of increasing the parity of the destination tome not only enhances data durability, it is economically sound.
    • Obviously a 16TB drive actually holds a bit less data due to formatting and overhead and four 4TB drives hold even less data. In other words, even with formatting and so on, the math still works out in favor of using the 16TB drives.

Validate Tome

The last step in migrating a tome is to validate the destination tome is the same as the source tome. This is done for each tome as they complete their copy process. If the source and destination tomes are not consistent, shard integrity check data can be reviewed to determine any errors and the system can retransfer individual files, up to and including the entire tome.

Redirect Reads

Once all of the tomes within the Vault have completed their individual migrations and have passed their validation checks, we are ready to redirect customer reads (download requests) to the destination Vault. This process is completely invisible to the customer as they will use the same file handle as before. This redirection or swap process can be done tome by tome, but is usually done once the entire destination Vault is ready.

Monitor

At this point all download requests are handled by the destination Vault. We monitor the operational status of the Vault, as well as any failed download requests. We also review inputs from customer support and sales support to see if there are any customer related issues.

Once we are satisfied that the destination Vault is handling customer requests, we will logically decommission the source Vault. Basically, that means while the source Vault continues to run, it is no longer externally reachable. If a significant problem were to arise with the new destination Vault, we can swap in the source Vault. At this point, both Vaults are read-only, so the swap would be straightforward. We have not had to do this in our production environment. 

Full Capability

Once we are satisfied there are no issues with the destination Vault, we can proceed one or two ways.

  • Another migration: We can prepare for the migration of another source Vault to this destination Vault. If this is the case, we return to the Selection step of the CVT process with the Vault once again being assigned as a destination Vault. 
  • Allow new data: We allow the destination Vault to accept new data from customers. Typically, the contents of multiple source Vaults have been migrated to the destination Vault before this is done. Once new customer writes have been allowed on a destination Vault, we won’t use it as a destination Vault again.

Decommission

After three months the source Vault is eligible to be physically decommissioned. That is, we turn it off, disconnect it from power and networking, and schedule it to be disassembled. This includes wiping the drives and recycling the remaining parts either internally or externally. In practice, we will wait to decommission at least two Vaults at once as it is more economical in dealing with our recycling partners.

Automation

You’re probably wondering how much of this process is automated or uses some type of orchestration to align and accomplish tasks. We currently have monitoring tools, dashboards, scripts, and such, but humans, real ones not AI generated, are in control. That said, we are working on orchestration of the setup and provisioning processes as well as upleveling the automation in the tome migration process. Over time, we expect the entire migration process to be automated, but only when we are sure it works—the “run fast, break things” approach is not appropriate when dealing with customer data.

Not for the Faint of Heart

The basic idea of copying the contents of a drive to another larger drive is straightforward and well understood. As you scale this process, complexity creeps in as you have to consider how the data is organized and stored while keeping it secure and available to the end user. 

If your organization manages your data in-house, the never-ending task of simultaneously migrating hundreds or perhaps thousands of drives falls to you or perhaps the contractor you hired to perform the task if you lack the experience or staffing. And this is just one of the tasks you are faced with in operating, maintaining, and upgrading your own storage infrastructure.

In addition to managing a storage infrastructure, there are the growing environmental concerns of data storage. The amount of data generated and stored each year continues to skyrocket and tools such as CVT allow us to scale and optimize our resources in a cost efficient, yet environmentally sensitive way. 

To do this, we start with data durability. Using our Drive Stats data and other information, we optimize the length of time a Vault should be in operation before the drives need to be replaced, that is before the drive failure rate impacts durability. We then consider data density, how much data can we pack into a given space. Migrating data from 4TB to 16TB drives, for example, not only increases data density, it uses less electricity per stored terabyte of data and reduces the amount of waste if, for example, we had continued to buy and use 4TB drives instead of upgrading to 16TB drives. 

In summary, CVT is more than just a fancy data migration tool: It is part of our overall infrastructure management program addressing scalability, durability, and environmental challenges faced by the ever-increasing amounts of data we are asked to store and protect each day.

Kudos

The CVT program is run by Bryan with the wonderfully descriptive title of Senior Manager, Operations Analysis and Capacity Management. He is assisted by folks from across the organization. They are, in no particular order, Bach, Lorelei (Lo), Madhu, Mitch, Ben, Rodney, Vicky, Ryan, David M., Sudhi, David W., Zoe, Mike, and unnamed others who pitch in as the process rolls along. Each person brings their own expertise to the process which Bryan coordinates. To date, the CVT Team has migrated 24 Vaults containing over 60PB of data—and that’s just the beginning.

The post How Backblaze Scales Our Storage Cloud appeared first on Backblaze Blog | Cloud Storage & Cloud Backup

Backblaze Shareholders Eliminate Dual-Class Share Structure

Post Syndicated from original https://www.backblaze.com/blog/backblaze-shareholders-eliminate-dual-class-share-structure/

Backblaze Stockholders Approve Plan to Eliminate Dual-Class Share Structure

Today we announced that Backblaze shareholders voted to eliminate our dual class share structure. For most of our readers, I’m guessing this news flash might be more “???” than “!!!,” but I’ll explain what it means, why it’s an exciting moment for Backblaze and its shareholders, and how it ties back to our business and our commitment to our core values of transparency and accountability.

First Things First: What Does It Mean for You?

If you’re one of our hundreds of thousands of customers and partners—this has no impact for you.

If you’re one of our shareholders or investors: We believe this is 100% good news for you as it gives you an equal say in our business. But you don’t have to do anything—this change happens entirely on our end.

For Everyone Who Is Still Wondering: What Is a Dual Class Structure?

In short, for public companies, a dual class structure means that there are different types of share classes that have different rights. Often, these rights have to do with voting privileges. For example, previously Backblaze had two classes of common stock: Class A and Class B. Class A shareholders get one vote for every share of the company they own. Class B shareholders get ten votes for every one share they own. These are often referred to as “super-voting” shares.

When shareholders would vote on shareholder proposals, the Class B shareholders would theoretically have more sway than Class A folks due to the greater voting rights. After today, this is all a lot simpler and more equal as we only have one class of shares and shareholders.

Why Ever Have a Dual Class Structure?

Roughly 30% of newly public tech companies go out with a dual class structure. Often founder-led companies, like ours, are advised to use dual class structures at the outset to help maintain continuity and focus in the initial years as a public company.

Why Are Backblaze Shareholders Getting Rid of Dual Class?

  • It is fair and good. Being “Fair & Good” is one of our core values. After receiving feedback from various shareholders, potential investors, and corporate governance practitioners that a dual class stock structure is seen as negative by some, we aligned that supporting a single share class is “fair & good” both for corporate governance and for shareholders.
  • It is no longer necessary. This November marks two years since our debut as a public company. We feel that our strategy and values are well aligned and ingrained with our path as a public company. Metaphorically speaking, the training wheels are unnecessary.
  • It delivers equality for shareholders. Having a single class of shareholders supports our belief in shareholder democracy and continues our efforts toward empowering those who choose to invest in our business. We also believe this broadens the potential group of investors in our business by enabling a level playing field.

Here are the more technical details about the change: Backblaze Class B shares will be converted to Class A shares on July 6, 2023. The conversion has no effect on the economic rights of holders of shares of Class A common stock or Class B common stock, except for the elimination of the different voting powers of the two classes of stock.

Why Talk About This At All?

Backblaze IPO’d because it aligned with our company values and long-term goals, and we’ve benefitted from feedback from shareholders, in-depth industry analyses, and expert direction from our board and others. Part of getting that feedback is sharing out as much as we can about the process. Transparency is, after all, another one of our key values, so sharing the thinking behind this decision is as important as making it, from our perspective.

More to Come

If you’re interested in learning more about our experience of bootstrapping to an IPO and what we’ve learned as a public company, we’re working on a series called Open-Sourcing the IPO. Whether you’re dreaming up your first idea, still in stealth mode, or already have revenue in the tens of millions, you can check out the first two installments here:

You can also tune in to our Stocks and Storage series on YouTube for more explainers on Wall Street jargon from IPO to EBITDA. And stay tuned for more—I’ll be filling in the details over the next year and writing the playbook I wish we had when we started down our IPO path.

Looking Forward

As we move into our next phase of growth as the leading specialized storage cloud, we’re happy we can do so with each voice having equal weight. This is an exciting moment for Backblaze shareholders and we are grateful to see this positive change come to fruition.

The post Backblaze Shareholders Eliminate Dual-Class Share Structure appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Our Journey to SOC 2 Type 2 Certification

Post Syndicated from original https://www.backblaze.com/blog/our-journey-to-soc-2-type-2-certification/

In late December of 2022, the email arrived from the auditor. A deep breath and a mouse click later and the word “Congratulations” jumped from the screen. Backblaze had passed our SOC 2 Type 2 examination with no exceptions noted. The examination covered both our Backblaze B2 Cloud Storage service and our Backblaze Computer Backup service.

It was the end of an important milestone that had begun years ago, and we wanted to take a few minutes to look back and share the lessons we learned along the way as we created and built a successful SOC 2 certification program. Whether you’re interested in how we made the journey, or how your organization might follow in some of our footsteps, we thought the things we learned along the way were worth sharing.

Background

SOC stands for System and Organization Controls, with SOC 2 being a voluntary compliance standard for service organizations developed by the American Institute of CPAs (AICPA). The standard is based on the Trust Services Criteria (TSC) which specifies how organizations should manage and protect customer data. The specific criteria you will use are based on your organization’s business operation and practices. An outside auditor reviews and tests your practices and procedures to ensure you are complying with those criteria.

“When it comes to selection of criteria and implementation of controls, there is no one-size-fits-all approach to identifying the scope, as it is critical for a company to first understand what controls are applicable to their products and services, and how they would fit within their very own environment.”
—Evangeline Cheung, VP and Associate General Counsel, Backblaze

Given the uniqueness of the criteria each organization will use, we are not going to get into the mechanics of SOC 2 criteria selection here. Instead we will focus on the process you can expect as you go through your SOC 2 journey.

The Importance of SOC 2

Over the past several years, many organizations have started asking, and even requiring, their vendors to be SOC 2 compliant and verified by a third party auditor to ensure the vendor is providing a service which adheres to a defined set of industry best practices for data protection.

While Backblaze utilizes data centers which have a current SOC 2 report and/or other similar certifications such as ISAE 3402, ISO 27001, or ISO 20000, we are seeing an upward trend of customers and prospects asking for a SOC 2 report covering the Backblaze service and platform. This makes sense—while everyone is comfortable their data is safe in the data centers we use, they want to ensure our cloud storage platform and its associated applications are also safe. To address their concerns, the compliance group under our legal department kicked off our SOC 2 program.

Getting Started

There are many tasks you do at the beginning of any project, such as conducting a kickoff meeting, creating a project plan, and so on. We’ll focus on a handful of things you will need to do for your SOC 2 project.

Executive Buy-In: Okay, every significant company project needs this, but given the resources and support you will need for project success, this is a must. You will not be able to fly the SOC 2 certification under the radar of your CEO or CFO.

Stakeholder Buy-In: While a SOC 2 evaluation affects nearly every department in your organization, technical operations, information technology (IT), and engineering are the most impacted. Without buy-in from those departments to provide the necessary resources to create, document, and follow the required policies, procedures, and controls, you will not get far.

Seek Out Experience: Ask key stakeholders and others in their sphere if they’ve been through a SOC 2 or a similar certification before. Experience in the process is helpful, and having that knowledge with respect to your infrastructure and internal processes will provide you with meaningful inputs and feedback as you define your policies, procedures, and controls.

Build a Strong Core: Forming a core team with the key stakeholders is one of the most impactful steps in the SOC 2 process, as it helps provide visibility on the status of the project and identifies any roadblock issues.

“Having alignment cross-functionally through communication and transparency is key to the success of our SOC 2 program. Not only is getting buy-in from leadership key, but it is just as important to ensure that any process change is transparent to the rest of the organization and that input from process owners are thoughtfully considered as new controls are being introduced and implemented.”
—Evangeline Cheung, VP and Associate General Counsel, Backblaze

Outside Help Is Okay: Another source of help to consider (and budget for) is an outside consulting firm. This can be very useful, especially if your organization is new to the SOC 2 framework. Choose a consulting firm that understands and supports your objectives and is familiar with your business, preferably with references for having worked with similar firms.

Choose an Audit Firm That Knows Your Business: The audit firm you select is one of the more important decisions you’ll make. We reviewed and interviewed several firms before selecting Schellman as our auditor for our SOC 2 efforts. They had completed hundreds of audits for SOC 2, ISO 27001, PCI-DSS, and so on, and they had worked with Lumen Technologies (CenturyLink), Iron Mountain, and others on the data center side, and Litmus and others on the Software as a Service (SaaS) side. That breadth and depth of experience was a great fit for us.

Tools of the Trade: A SOC 2 examination is a large multi-departmental project. While some organizations have managed the project using spreadsheets, the complexity often leads you to look at solutions built specifically for SOC 2 and similar certifications. The category is known as Governance, Risk, and Compliance (GRC) with offerings ranging from a few hundred dollars to $50K+ a year. For Backblaze, we wanted a system that could be used for multiple types of certifications, that way we could leverage the work we did for one certification towards the next one. If you are new to SOC 2, you may want to start out with a simple, purpose-built solution. If you do, ensure that your data can be exported as needed should you decide to upgrade later on.

Don’t underestimate how long the “getting started” stage will take. Activities like selecting an auditor, choosing a consulting firm, and selecting your tools can consume months. So, start your preparation work early!

Your Path to SOC 2 Type 2

One of the decisions you’ll have to make early is where to start. The three basic steps are as follows:

  1. SOC 2 Type 1 Assessment
  2. SOC 2 Type 1 Audit
  3. SOC 2 Type 2 Audit

If your company is new to SOC 2 and audits in general, then starting with an assessment makes the most sense, but where you start is up to you. We’ll dig into each of the steps below.

SOC 2 Type 1 Assessment Preparation

The assessment step starts with you educating your auditor about your organization. Typically the auditor will provide you with a long list of questions about your organization, how it operates, what equipment you use, what type of policies and procedures are already in place and so on. You need to be brutally honest here as many downstream actions will be based on this information. For example, based on the information you provide, the auditor will work with you to define the scope of the assessment; that is, the systems and services that will be reviewed. If you leave an important system out and the auditor finds it later, that’s—well, it’s not good. On the other hand, giving the auditor everything, whether it matters or not, can lead to an expansive, overly intrusive audit.

You’ll also spend much of your preparation time understanding the SOC 2 framework and determining what evidence you are going to use to address the SOC 2 criteria. As noted previously, the criteria and controls which apply to your business will be unique to you, although basics like risk management, disaster preparedness, encryption practices, and so on will apply in varying degrees to everyone.

We used the word evidence above; you will become very familiar with that term in the process. Evidence is the proof you need to provide the auditor to prove that your organization does indeed meet the criteria that is applicable to your organization. Evidence comes in many forms: policies, procedures, tickets, scripts, and so on.

You’ll find some evidence is useful in helping comply with multiple criteria, and you’ll find that some criteria can take 10 or more pieces of evidence to address the issue at hand. Understanding the mapping from evidence to criteria and keeping track of the evidence you have and where it applies are two of the biggest challenges in your SOC 2 project.

SOC 2 Type 1 Assessment

The actual assessment will typically be a couple of weeks long. The auditor will review your evidence and interview key employees about that evidence. Think of an assessment as a dress rehearsal. You should be ready, but the process is flexible enough for you to ask questions and fix things along the way.

The two most important learnings of an assessment are first, to determine the sufficiency of your evidence, and second, to determine how your company’s employees do in the audit process. We’ll talk more about sufficiency in a bit, because the second point is often overlooked. For example, if during the interviews your IT manager is a wall-flower—or worse, combative—in front of the auditor, you have some work to do beyond getting the evidence right.

Evidence sufficiency is a subjective term that ranges from the concrete to the creative. Sufficiency is also related to context or use. For example, a list of employees with hire dates is sufficient when you need to demonstrate who was hired in the last three months. But if the list does not have terminated employees, it does not help identify who should have access to your systems. Do you want two lists or just one? The assessment period is the time to pose and answer such questions.

After the assessment is complete, you’ll get a report outlining how well you did. It should contain a pass or fail on each of the points of focus within each criteria group. At this point, you’ll need to address how to fix the failed items and how you are going to move forward towards an actual audit.

SOC 2 Type 1 Preparation and Audit

The SOC 2 Type 1 audit is based on a date in time. The audit is all about proving to the auditor that:

  1. You have all your policies, procedures, and controls in place.
  2. These policies, procedures, etc, are sufficient to meet the criteria you’re addressing.
  3. That you have a defined cadence of when various controls will occur.
  4. You have documented how you will prove you have exercised the various controls, or you have actually taken the action and have documentation.

As an example, you have a checklist in place for new hire onboarding. The checklist has sufficient inputs from all departments involved in bringing a new person onboard. Each quarter the human resources (HR) manager will review all new hire checklists to ensure compliance with the controls in place. You have evidence of the completed HR manager’s most recent review via a ticket in your service management or other activity tracking system.

Preparation for a SOC 2 Type 1 audit is about cleaning up any missing or incomplete items (policies, procedures, controls, etc.) found in the assessment, and taking a deep breath before you plow forward towards the audit. The assessment itself can be exhausting, especially if such a task is new to the organization and the people involved. This is a good time to assess whether you had the right employees to answer questions on the subject at hand. Were they too senior or junior? How well did they answer the questions? If you need to make changes or coach up your folks, now’s the time.

You should have at least a quarter between completing the assessment and starting the SOC 2 Type 1 audit. This gives you time to test your controls, at least the quarterly ones, and have them ready as evidence for the audit. The more “we just finished that yesterday” policies, procedures, and untested controls you have when starting the actual audit, the less prepared you will feel. The auditor may also want to dig deeper into those items to make sure they do, in fact, address the criteria appropriately and you are ready to act on them when the time comes. In short, the more evidence you have that demonstrates you have done a given task, the better off you will be.

Type 1 Versus Type 2

While the SOC 2 Type 1 audit is about a point in time, the SOC 2 Type 2 audit is an evaluation of how well you document and maintain your controls over a specified evaluation period. The evaluation period is at least six months and usually no more than one year. And it is not a one-and-done thing. You will be audited at least annually to maintain your SOC 2 Type 2 certification.

The difference in the evaluation period between a Type 1 and a Type 2 is the primary reason not to jump from an assessment directly to a Type 2 audit. If you jump straight into Type 2 and you have missing or insufficient controls, you won’t know until the Type 2 audit itself, and it is too late at that point. This could lead to an exception or worse for a given criterion.

You may be able to pass a SOC 2 Type 2 examination with a limited number of exceptions, but they will be listed in the SOC 2 Type 2 audit report for all to see. You will be able to respond to any exceptions found, with your response being part of the final report. Still, it is not a good look regardless of the circumstances. Doing the SOC 2 Type 1 audit first allows you to determine whether your controls are sufficient before placing them into practice. This will minimize potential exceptions in your SOC 2 Type 2 audit that are based solely on insufficient controls.

Staggering Reviews

One mistake that is easy to make is to have all your quarterly reviews done on the same date each quarter, or even in the same month. This is especially vexing to everyone when the reviews are piled into the last month of a fiscal reporting period. Spread out the reviews of the various controls. They can be done anytime as long as they meet the cadence you specified. It’s perfectly fine to have a quarterly review on the 15th of February, May, and so on.

One way reviews can be scheduled is by using the GRC application we mentioned earlier. The nice part of using the GRC application here is that the review can be tied directly to the control, which in turn is tied to the criteria you are attempting to satisfy. The evidence gathered in the review can be captured (or linked to) in the application, then, at audit time, the review and supporting documentation are readily available.

SOC 2 Type 2 Evaluation Period and Audit

For a SOC 2 Type 2 audit you will have to demonstrate that you performed and recorded the actions specified by the policies, procedures, and controls you devised to meet the SOC 2 criteria over the evaluation period. Here are a few examples:

  • You have a requirement to document the code changes, additions, and deletions for each production product build. A build typically occurs once a week, but not always. You have a change management system which documents everything you need and includes any sign-offs you captured as part of your process. You also document the weeks when there was no build. The auditor will ask for your build documentation for several different weeks during the evaluation period. This could include weeks you did not do a build. How many different weeks and which weeks they will ask for is unknown until the audit itself.
  • Your risk management plan is required to be reviewed by the risk management officer once a quarter. You’ll want to have a tracking ticket showing the action was completed and, within that ticket, a note or other correspondence that discusses the findings along with any follow up actions from the review.
  • Your risk management plan is required to be reviewed each year by your executive staff to ensure all appropriate risks are being surfaced and addressed in the plan, and that all risks are correctly rated. The review is documented per your risk management procedures. If the date for this review falls outside of the evaluation period, make sure you have a previously completed review ready to show the auditor if asked. Saying, “We haven’t done one yet,” is not the best answer and will only cause the auditor to dig into your risk management policies and procedures to ensure you will be ready when the time comes.

At its core, the SOC 2 Type 2 is about demonstrating your ability to consistently enact and follow industry best practices across your organization over a period of time and then demonstrate that to the auditor.

Consistency Matters

During the initial SOC 2 Type 1 assessment you will meet the actual auditors who are doing the audit. There are usually two or three auditors, each focusing on a different area where they have some expertise. As you work with each of these folks, you need to decide if this is the auditor you’ll want to use in future audits, including SOC 2 Type 1, and so on. After completing the assessment, the auditor will have a decent understanding of your organization and its quirks and capabilities. Swapping out auditors or even audit firms between the different SOC 2 phases means you’ll be starting from nearly ground zero each time.

The only downside to wanting to use the same auditor for each SOC 2 audit is you may have to wait for them to have a future hole in their schedule to conduct the next audit. Still, the consistency gained is worth the wait if, each time, you can have the same auditor with prior knowledge of how your company works.

Summary

The entire SOC 2 process, from the initial assessment through annual SOC 2 Type 2 renewals, adds rigor and consistency to many of the processes and procedures you already have in place. It also helps you identify deficiencies and correct them along the way. You don’t have any deficiencies you say? Well good on you, but keep an open mind as you go through the process—just in case.

Another Beginning

Thanks for joining us as we celebrate our first SOC 2 journey. In the end there was little tomfoolery, no bloodshed, and no one got lost under a mound of paperwork. Hopefully there were a few nuggets of useful information that can help you along the way on your own SOC 2 odyssey. Of course, as this SOC 2 Type 2 journey ends, we start a new one, as each year we will be audited to ensure our continued compliance. Onward.

The post Our Journey to SOC 2 Type 2 Certification appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Open Sourcing the IPO

Post Syndicated from original https://www.backblaze.com/blog/open-sourcing-the-ipo/

Taking a company public is an investment. At Backblaze, we spent more than $10 million* in connection with our IPO and learned a lot in the process. Now, all that knowledge is yours for free. Why? We’re open sourcing our IPO.

In the tech world, the open source movement has long promoted growth, innovation, and collaboration. The push to democratize code is such a powerful thing that it is credited with the rapid expansion of technological innovation in recent decades. And yet, while open sourcing is widespread in our industry, you don’t find it in many others.

Some of the most common and repetitive business practices are still not well understood. The IPO process, for example, is as cryptic as the most jealously guarded algorithms for anyone who hasn’t been through it, and for no good reason. Entrepreneurs and business leaders often enter into this process not entirely blind, but without the building blocks those who IPO’d before had constructed. It doesn’t make sense.

When Backblaze went public in 2021, we found ourselves wondering why there wasn’t a better roadmap available to any entrepreneur who dared to take the IPO path. It’s an investment not only of management time, but also a significant amount of financial resources. Having more information going into it is never a bad thing.

Last year, I wrote about why you should go IPO, but in this series what I really want to do is open source our IPO process and share every step along the way: who to talk to, what to chase, what to build. I want any business leader to be able to use this series as a foundation along the journey to IPO. An IPO will still be an investment, but you’ll be armed with the knowledge to make it lean and mean. (And whether you actually go public or not is beside the point—the preparation takes your business to a whole new level.)

More to Come

This blog series is for everyone: from those of you dreaming up your first idea, to startups still in stealth mode, to the thousands of companies with revenue in the tens of millions. Check out the first installment here:

You can also tune in to our Stocks and Storage series on YouTube for more explainers on Wall Street jargon from IPO to EBITDA. And stay tuned for more—I’ll be filling in the details over the next year and writing the playbook I wish we had when we started down our IPO path.

The Backblaze Way

In the 20 years leading up to 2021—the year Backblaze was listed—around 4,500 companies went public, and yet there was still no definitive resource for us to follow when we started out. It wasn’t just that the roadmap was unclear, the process was also clouded by perceptions of what type of company could make the journey. The message we frequently heard was that without lots of media buzz, multiple rounds of traditional venture capital (VC) funding, public declarations of money raised, revenue above $100M, and lofty growth metrics, don’t even bother getting started.

But we’d already taken a different route to get where we were, bootstrapping our way to profitability and growth without following the road most traveled and the structure that provides, so we weren’t afraid to do the same thing in an IPO. It created some unique obstacles, but it worked for us, and we hope other entrepreneurs and business leaders can leverage our learnings, avoid our mistakes, and find some of the same benefits we did in going public.

Potential Stumbling Blocks

The road to IPO was something we thought about from day one of our company, but we started moving along it more seriously in early 2020.

We had some excellent advisors and mentors guiding our first steps (and if you’re contemplating an IPO, I highly, highly recommend starting to seek out folks with experience with IPOs who can help guide you along the way). At the same time, I wanted to make sure I was developing my own understanding of the process and forming my own opinions. My research included everything from digging deep into the resources shared by outside counsel to a late night “how to IPO” Google search (with limited results).

So what would have been most helpful to me at the time? What were the gray areas? What resources could have made all the difference at the beginning of the process? Below are the key points that I would give myself if I could go back in time, and they form the backbone of my thinking as I’ve begun to open source our experience for you.

How to IPO: The Things That Should Keep You Up at Night

  • The Unicorn CFO: We all know the importance of the CFO in the IPO process, but when the markets are strong and many companies are marching towards a public offering, CFOs with IPO-specific experience are rare. Can we start with a head of Financial Planning & Analysis (FP&A)? A controller? What’s right for our company?
  • General Guidance from General Counsel (GC): At the end of 2019, our in-house legal team was essentially nonexistent. We needed to hire a GC to help us navigate many of the nuanced IPO best practices, but where else should they provide guidance? Your GC should instruct you on how to start thinking and acting like a public company and direct your executive team on the specific roles they should play.
  • What Is My Role in All of This?: As a CEO, I naturally wanted to have my hands in every part of the IPO process. But, that was impractical and impossible. For example, I needed to play a very specific role as chief executive in the drafting of the S-1. (That’s the document you file with the SEC when you want to go public.) I had to approach the document with company vision/storytelling as my main focus—to ensure the picture we were painting of the company’s future was neither slanted by the desires of the market, nor overshadowed by legal and financial jargon.
  • Avoiding Fyre Festival: While on one hand you want to deliver a strong company narrative, many entrepreneurs can get carried away. You want to make sure you’re not telling a story you can’t deliver on. I don’t fault anyone for building a vision, but when thousands of influencers wind up in FEMA tents on a remote Caribbean island, you’ve taken your business narrative too far.
  • Systems, Processes, & People: These are the core components necessary to have in place for a successful IPO. When we started having the IPO conversations, ours were sufficient for the operations at a scrappy startup. I thought we had been informally putting the right infrastructure in place as we scaled, but preparing for an IPO takes a more concerted and intentional effort.

The Tip of the Iceberg

What I’ve touched on above is truly just the tip of the iceberg—something to get you thinking. In the rest of this series, I plan to dig deep into the inner workings of the IPO and share my insights—plus, many of the materials, planning docs, decks, spreadsheets, and more—with full transparency.

Here are some of the topics on deck for the rest of the year:

  • Building the Foundation: If you want to take your startup public, what’s the best way to set yourself up for success as you grow?
  • IPO Readiness: The opportunity stars have aligned. What does it take to actually be ready to take advantage of it?
  • Making the Call: When are you ready to pull the trigger and how does your mentality need to change?
  • Building the IPO Machine: What cogs are essential for the IPO machine, and how and when do you select them? Think bankers, analysts, executive team members, etc. And what if you pick wrong?
  • Storytelling: How to sell success and navigate the S-1.
  • Old Friends: Managing morale and focus.
  • The Roadshow: Storytelling beyond the S-1: How does it work and how do you prepare?
  • Notes on Not Drowning: Testing the waters.
  • The Final Steps: What are the final details you need to consider and what could go wrong?
  • IPO Day: My experience and key learnings.

In the meantime, please let me know in the comments if there’s anything in particular you’d like to learn more about as we help more businesses grow better.

The post Open Sourcing the IPO appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

5 Compelling Reasons You Should Go IPO

Post Syndicated from original https://www.backblaze.com/blog/5-compelling-reasons-you-should-go-ipo/

We took Backblaze public one year ago tomorrow. Our IPO was a great day and the realization of 14 years of hard work by our team. Since then, we’ve executed on our plans, hit our targets, and continued to grow our team and our revenue. And yet, the markets have been tough sledding. For newly-public tech companies like us, as well as many of our peers, stock values have decreased by ~70% from their peak values last year. It’s hard for shareholders, employees, and the market.

Obviously I wish the last 10 months would have gone differently in the markets, who doesn’t? But when people ask me, (which happens a lot) “Do you still think the IPO was a good idea?” There’s no question in my mind that it was one of the best business decisions we’ve made at Backblaze.

In fact, the more that I think about our experience of taking the company public, the more I believe that the IPO should be part of every entrepreneur and business leader’s consideration set. A perception has developed that there are magical financial benchmarks that forbid some companies from listing, but we went public at a point in the evolution of our business when a lot of experts told us we couldn’t. We may have faced some headwinds others didn’t, but I’m convinced that the IPO isn’t just for folks with over $300m in revenue who’ve raised hundreds of millions of dollars in venture capital.

So, in keeping with our commitment to transparency about our business and some of the interesting, tough, and exciting stuff we’ve been through—long-time readers will remember my blog about almost getting acquired—I’ve decided to write about our IPO journey: What sucked, what didn’t, what shocked us, and what we learned. Along the way, I’ll share everything I can—metrics, worksheets, planning decks, and more. Not because I think we deserve a pat on the back or to celebrate what we did, but for two bigger purposes:

  1. I can remember what it feels like to be an early stage entrepreneur thinking that the only path to making the company you built successful was to seek out restrictive venture funding or seek out an acquisition. I want to offer folks—whether you’re considering starting a business or have already built one with tens of millions in revenue—that there is another path to consider. While doing an IPO isn’t right for everyone, I think considering an IPO, and positioning your business to go that way if the opportunity arises, is sound strategy.
  2. I believe that democratizing the IPO process will be healthier for businesses, markets, and investors. And I’m not the first: Bill Hambrecht is well known for his efforts to open IPOs to broader audiences as he did with companies like Google and Overstock.com. Tech is all about disrupting unnecessary complexity, and going public is more complex than an AWS invoice. In the mid-nineties, there were more than 8,000 publicly traded companies. By this September there were nearly 2,000 fewer companies listed, even after the boom we saw in 2020 and 2021. I don’t think that’s a good thing.

This blog series will be for everyone from those of you dreaming up your first idea, to startups still in stealth mode, to the thousands of companies with revenue in the tens of millions.

And if there’s anything I talk about here that’s confusing or that you want to hear more about, please ask in the comments. I’ll try to cover it in a future post.

Why Listen to Us?

Hot takes on building startups and raising funding are a dime a dozen—so if you’re skeptical, I get it. What we’ll share here is partially based on the experience we had building two prior technology companies, raising multiple rounds of venture capital, and successfully selling them through acquisition. However, more uniquely: We founded and essentially bootstrapped Backblaze all the way up to our IPO (before 2021 we had only taken $3M in outside funding). Even CNBC noted that we took a unique path to market, and yet with $65 million in recurring revenue in 2020, we made a successful public offering and raised over $100M in funding to continue growing our business. We’ve made this journey ourselves, we did it recently, and—in the spirit of transparency—we’re going to share the stories behind it.

Why an IPO Should Be in Your Business Consideration Set

Why should IPO readiness (the process of setting up your business to go public) and actually going public be in your playbook? I’m going to explore this concept deeply over the course of this series, but I’ll pause here to tell you the five most compelling reasons to be IPO ready, along with a few proof points from our own experience.

  • Build to Last: Starting and growing a company is hard. If you’re doing it, it’s probably because you’re passionate about solving some problems in the world. To be successful, you had to care about your vision, your product, your customers, and your team. If your company ends up acquired, the unique entity you created will vaporize. Taking your company public provides a path to building and running the company for the long-term, possibly outliving you.
  • Funding With the Right Strings Attached: Raising funding in an IPO requires selling a portion of your company, just as in any venture funding. The difference, however, is that in an IPO the equity you sell is common shares—everyone gets the same shares on the same terms. In private fund raises, the company sells “preferred shares” to investors which typically come with a variety of special rights giving investors the ability to have extra control over the company, get extra equity in the company, prevent the company from raising money from other investors, and more. Raising funding in an IPO is the ultimate “clean” fundraise.
  • Building a Real Business: If you’re building with an aim to be acquired, it’s nearly impossible to not establish a culture at the company where everyone is focused on “dumping” the business. By aiming for an IPO, it drives the mindset to build for sustainability. You’re more likely to create a business that can achieve profitability, scale, growth, and deliver value over the long haul. Also, going through the actual process of IPO readiness, along with the process of feeding your financials through a meat grinder of ROI modeling and outcome driven planning—both during and after the IPO—means you will position your business for even greater resilience going forward.
  • Credibility: When the five Backblaze founders talked about IPOs back in the day in a tiny apartment in Palo Alto, it felt like we were trying on our dad’s pants. Sure, we knew some companies went public—but it didn’t feel like something that was really accessible (even for a room of people that scaled and sold multiple companies). But we’re not the only people who feel this way: “Public” signals a level of accomplishment and evolution that’s hard to achieve as a private company. Being able to achieve an IPO proves a business’s capacity to operate and excel under intense pressure and scrutiny. And if anyone is uncertain about how we’re doing, they can just go grab the last 10-K to see our results.
  • Liquidity: This one is simple. If you’re not public, you can’t sell your stock on the open market. Once the company is public, you and your employees (and existing shareholders) can sell their shares if they so choose. It also provides the freedom and flexibility for each individual to make that decision on their own. Rather than having to sell the company (wherein usually everyone is forced to sell all their shares), this allows one person to decide to stay “all-in” and keep all their shares, another one to sell theirs, and a third to sell just a few shares.
The team in Times Square.

What’s Next?

If you’re intrigued, this is really only the tip of the iceberg. In future posts, I will dig into everything from the nitty gritty tactics—like how to build a board, how to build a banking syndicate (twice], and how to write an S-1—to the bigger stories—like how years of planning can hinge on a few hours of work, or why “testing the waters” might be better named “getting thrown to the sharks”.

Rest assured: If you think you’re not interested in going public, everything I share will have as much to do with how you build a better business that you can grow over time as it will with the guts of the IPO process. I hope it’s useful, and if there’s anything you hope I’ll address or anything specific that you’d like to learn more about, let me know in the comments.

The post 5 Compelling Reasons You Should Go IPO appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.