Tag Archives: Business Lab

Backblaze Shareholders Eliminate Dual-Class Share Structure

Post Syndicated from original https://www.backblaze.com/blog/backblaze-shareholders-eliminate-dual-class-share-structure/

Backblaze Stockholders Approve Plan to Eliminate Dual-Class Share Structure

Today we announced that Backblaze shareholders voted to eliminate our dual class share structure. For most of our readers, I’m guessing this news flash might be more “???” than “!!!,” but I’ll explain what it means, why it’s an exciting moment for Backblaze and its shareholders, and how it ties back to our business and our commitment to our core values of transparency and accountability.

First Things First: What Does It Mean for You?

If you’re one of our hundreds of thousands of customers and partners—this has no impact for you.

If you’re one of our shareholders or investors: We believe this is 100% good news for you as it gives you an equal say in our business. But you don’t have to do anything—this change happens entirely on our end.

For Everyone Who Is Still Wondering: What Is a Dual Class Structure?

In short, for public companies, a dual class structure means that there are different types of share classes that have different rights. Often, these rights have to do with voting privileges. For example, previously Backblaze had two classes of common stock: Class A and Class B. Class A shareholders get one vote for every share of the company they own. Class B shareholders get ten votes for every one share they own. These are often referred to as “super-voting” shares.

When shareholders would vote on shareholder proposals, the Class B shareholders would theoretically have more sway than Class A folks due to the greater voting rights. After today, this is all a lot simpler and more equal as we only have one class of shares and shareholders.

Why Ever Have a Dual Class Structure?

Roughly 30% of newly public tech companies go out with a dual class structure. Often founder-led companies, like ours, are advised to use dual class structures at the outset to help maintain continuity and focus in the initial years as a public company.

Why Are Backblaze Shareholders Getting Rid of Dual Class?

  • It is fair and good. Being “Fair & Good” is one of our core values. After receiving feedback from various shareholders, potential investors, and corporate governance practitioners that a dual class stock structure is seen as negative by some, we aligned that supporting a single share class is “fair & good” both for corporate governance and for shareholders.
  • It is no longer necessary. This November marks two years since our debut as a public company. We feel that our strategy and values are well aligned and ingrained with our path as a public company. Metaphorically speaking, the training wheels are unnecessary.
  • It delivers equality for shareholders. Having a single class of shareholders supports our belief in shareholder democracy and continues our efforts toward empowering those who choose to invest in our business. We also believe this broadens the potential group of investors in our business by enabling a level playing field.

Here are the more technical details about the change: Backblaze Class B shares will be converted to Class A shares on July 6, 2023. The conversion has no effect on the economic rights of holders of shares of Class A common stock or Class B common stock, except for the elimination of the different voting powers of the two classes of stock.

Why Talk About This At All?

Backblaze IPO’d because it aligned with our company values and long-term goals, and we’ve benefitted from feedback from shareholders, in-depth industry analyses, and expert direction from our board and others. Part of getting that feedback is sharing out as much as we can about the process. Transparency is, after all, another one of our key values, so sharing the thinking behind this decision is as important as making it, from our perspective.

More to Come

If you’re interested in learning more about our experience of bootstrapping to an IPO and what we’ve learned as a public company, we’re working on a series called Open-Sourcing the IPO. Whether you’re dreaming up your first idea, still in stealth mode, or already have revenue in the tens of millions, you can check out the first two installments here:

You can also tune in to our Stocks and Storage series on YouTube for more explainers on Wall Street jargon from IPO to EBITDA. And stay tuned for more—I’ll be filling in the details over the next year and writing the playbook I wish we had when we started down our IPO path.

Looking Forward

As we move into our next phase of growth as the leading specialized storage cloud, we’re happy we can do so with each voice having equal weight. This is an exciting moment for Backblaze shareholders and we are grateful to see this positive change come to fruition.

The post Backblaze Shareholders Eliminate Dual-Class Share Structure appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Our Journey to SOC 2 Type 2 Certification

Post Syndicated from original https://www.backblaze.com/blog/our-journey-to-soc-2-type-2-certification/

In late December of 2022, the email arrived from the auditor. A deep breath and a mouse click later and the word “Congratulations” jumped from the screen. Backblaze had passed our SOC 2 Type 2 examination with no exceptions noted. The examination covered both our Backblaze B2 Cloud Storage service and our Backblaze Computer Backup service.

It was the end of an important milestone that had begun years ago, and we wanted to take a few minutes to look back and share the lessons we learned along the way as we created and built a successful SOC 2 certification program. Whether you’re interested in how we made the journey, or how your organization might follow in some of our footsteps, we thought the things we learned along the way were worth sharing.

Background

SOC stands for System and Organization Controls, with SOC 2 being a voluntary compliance standard for service organizations developed by the American Institute of CPAs (AICPA). The standard is based on the Trust Services Criteria (TSC) which specifies how organizations should manage and protect customer data. The specific criteria you will use are based on your organization’s business operation and practices. An outside auditor reviews and tests your practices and procedures to ensure you are complying with those criteria.

“When it comes to selection of criteria and implementation of controls, there is no one-size-fits-all approach to identifying the scope, as it is critical for a company to first understand what controls are applicable to their products and services, and how they would fit within their very own environment.”
—Evangeline Cheung, VP and Associate General Counsel, Backblaze

Given the uniqueness of the criteria each organization will use, we are not going to get into the mechanics of SOC 2 criteria selection here. Instead we will focus on the process you can expect as you go through your SOC 2 journey.

The Importance of SOC 2

Over the past several years, many organizations have started asking, and even requiring, their vendors to be SOC 2 compliant and verified by a third party auditor to ensure the vendor is providing a service which adheres to a defined set of industry best practices for data protection.

While Backblaze utilizes data centers which have a current SOC 2 report and/or other similar certifications such as ISAE 3402, ISO 27001, or ISO 20000, we are seeing an upward trend of customers and prospects asking for a SOC 2 report covering the Backblaze service and platform. This makes sense—while everyone is comfortable their data is safe in the data centers we use, they want to ensure our cloud storage platform and its associated applications are also safe. To address their concerns, the compliance group under our legal department kicked off our SOC 2 program.

Getting Started

There are many tasks you do at the beginning of any project, such as conducting a kickoff meeting, creating a project plan, and so on. We’ll focus on a handful of things you will need to do for your SOC 2 project.

Executive Buy-In: Okay, every significant company project needs this, but given the resources and support you will need for project success, this is a must. You will not be able to fly the SOC 2 certification under the radar of your CEO or CFO.

Stakeholder Buy-In: While a SOC 2 evaluation affects nearly every department in your organization, technical operations, information technology (IT), and engineering are the most impacted. Without buy-in from those departments to provide the necessary resources to create, document, and follow the required policies, procedures, and controls, you will not get far.

Seek Out Experience: Ask key stakeholders and others in their sphere if they’ve been through a SOC 2 or a similar certification before. Experience in the process is helpful, and having that knowledge with respect to your infrastructure and internal processes will provide you with meaningful inputs and feedback as you define your policies, procedures, and controls.

Build a Strong Core: Forming a core team with the key stakeholders is one of the most impactful steps in the SOC 2 process, as it helps provide visibility on the status of the project and identifies any roadblock issues.

“Having alignment cross-functionally through communication and transparency is key to the success of our SOC 2 program. Not only is getting buy-in from leadership key, but it is just as important to ensure that any process change is transparent to the rest of the organization and that input from process owners are thoughtfully considered as new controls are being introduced and implemented.”
—Evangeline Cheung, VP and Associate General Counsel, Backblaze

Outside Help Is Okay: Another source of help to consider (and budget for) is an outside consulting firm. This can be very useful, especially if your organization is new to the SOC 2 framework. Choose a consulting firm that understands and supports your objectives and is familiar with your business, preferably with references for having worked with similar firms.

Choose an Audit Firm That Knows Your Business: The audit firm you select is one of the more important decisions you’ll make. We reviewed and interviewed several firms before selecting Schellman as our auditor for our SOC 2 efforts. They had completed hundreds of audits for SOC 2, ISO 27001, PCI-DSS, and so on, and they had worked with Lumen Technologies (CenturyLink), Iron Mountain, and others on the data center side, and Litmus and others on the Software as a Service (SaaS) side. That breadth and depth of experience was a great fit for us.

Tools of the Trade: A SOC 2 examination is a large multi-departmental project. While some organizations have managed the project using spreadsheets, the complexity often leads you to look at solutions built specifically for SOC 2 and similar certifications. The category is known as Governance, Risk, and Compliance (GRC) with offerings ranging from a few hundred dollars to $50K+ a year. For Backblaze, we wanted a system that could be used for multiple types of certifications, that way we could leverage the work we did for one certification towards the next one. If you are new to SOC 2, you may want to start out with a simple, purpose-built solution. If you do, ensure that your data can be exported as needed should you decide to upgrade later on.

Don’t underestimate how long the “getting started” stage will take. Activities like selecting an auditor, choosing a consulting firm, and selecting your tools can consume months. So, start your preparation work early!

Your Path to SOC 2 Type 2

One of the decisions you’ll have to make early is where to start. The three basic steps are as follows:

  1. SOC 2 Type 1 Assessment
  2. SOC 2 Type 1 Audit
  3. SOC 2 Type 2 Audit

If your company is new to SOC 2 and audits in general, then starting with an assessment makes the most sense, but where you start is up to you. We’ll dig into each of the steps below.

SOC 2 Type 1 Assessment Preparation

The assessment step starts with you educating your auditor about your organization. Typically the auditor will provide you with a long list of questions about your organization, how it operates, what equipment you use, what type of policies and procedures are already in place and so on. You need to be brutally honest here as many downstream actions will be based on this information. For example, based on the information you provide, the auditor will work with you to define the scope of the assessment; that is, the systems and services that will be reviewed. If you leave an important system out and the auditor finds it later, that’s—well, it’s not good. On the other hand, giving the auditor everything, whether it matters or not, can lead to an expansive, overly intrusive audit.

You’ll also spend much of your preparation time understanding the SOC 2 framework and determining what evidence you are going to use to address the SOC 2 criteria. As noted previously, the criteria and controls which apply to your business will be unique to you, although basics like risk management, disaster preparedness, encryption practices, and so on will apply in varying degrees to everyone.

We used the word evidence above; you will become very familiar with that term in the process. Evidence is the proof you need to provide the auditor to prove that your organization does indeed meet the criteria that is applicable to your organization. Evidence comes in many forms: policies, procedures, tickets, scripts, and so on.

You’ll find some evidence is useful in helping comply with multiple criteria, and you’ll find that some criteria can take 10 or more pieces of evidence to address the issue at hand. Understanding the mapping from evidence to criteria and keeping track of the evidence you have and where it applies are two of the biggest challenges in your SOC 2 project.

SOC 2 Type 1 Assessment

The actual assessment will typically be a couple of weeks long. The auditor will review your evidence and interview key employees about that evidence. Think of an assessment as a dress rehearsal. You should be ready, but the process is flexible enough for you to ask questions and fix things along the way.

The two most important learnings of an assessment are first, to determine the sufficiency of your evidence, and second, to determine how your company’s employees do in the audit process. We’ll talk more about sufficiency in a bit, because the second point is often overlooked. For example, if during the interviews your IT manager is a wall-flower—or worse, combative—in front of the auditor, you have some work to do beyond getting the evidence right.

Evidence sufficiency is a subjective term that ranges from the concrete to the creative. Sufficiency is also related to context or use. For example, a list of employees with hire dates is sufficient when you need to demonstrate who was hired in the last three months. But if the list does not have terminated employees, it does not help identify who should have access to your systems. Do you want two lists or just one? The assessment period is the time to pose and answer such questions.

After the assessment is complete, you’ll get a report outlining how well you did. It should contain a pass or fail on each of the points of focus within each criteria group. At this point, you’ll need to address how to fix the failed items and how you are going to move forward towards an actual audit.

SOC 2 Type 1 Preparation and Audit

The SOC 2 Type 1 audit is based on a date in time. The audit is all about proving to the auditor that:

  1. You have all your policies, procedures, and controls in place.
  2. These policies, procedures, etc, are sufficient to meet the criteria you’re addressing.
  3. That you have a defined cadence of when various controls will occur.
  4. You have documented how you will prove you have exercised the various controls, or you have actually taken the action and have documentation.

As an example, you have a checklist in place for new hire onboarding. The checklist has sufficient inputs from all departments involved in bringing a new person onboard. Each quarter the human resources (HR) manager will review all new hire checklists to ensure compliance with the controls in place. You have evidence of the completed HR manager’s most recent review via a ticket in your service management or other activity tracking system.

Preparation for a SOC 2 Type 1 audit is about cleaning up any missing or incomplete items (policies, procedures, controls, etc.) found in the assessment, and taking a deep breath before you plow forward towards the audit. The assessment itself can be exhausting, especially if such a task is new to the organization and the people involved. This is a good time to assess whether you had the right employees to answer questions on the subject at hand. Were they too senior or junior? How well did they answer the questions? If you need to make changes or coach up your folks, now’s the time.

You should have at least a quarter between completing the assessment and starting the SOC 2 Type 1 audit. This gives you time to test your controls, at least the quarterly ones, and have them ready as evidence for the audit. The more “we just finished that yesterday” policies, procedures, and untested controls you have when starting the actual audit, the less prepared you will feel. The auditor may also want to dig deeper into those items to make sure they do, in fact, address the criteria appropriately and you are ready to act on them when the time comes. In short, the more evidence you have that demonstrates you have done a given task, the better off you will be.

Type 1 Versus Type 2

While the SOC 2 Type 1 audit is about a point in time, the SOC 2 Type 2 audit is an evaluation of how well you document and maintain your controls over a specified evaluation period. The evaluation period is at least six months and usually no more than one year. And it is not a one-and-done thing. You will be audited at least annually to maintain your SOC 2 Type 2 certification.

The difference in the evaluation period between a Type 1 and a Type 2 is the primary reason not to jump from an assessment directly to a Type 2 audit. If you jump straight into Type 2 and you have missing or insufficient controls, you won’t know until the Type 2 audit itself, and it is too late at that point. This could lead to an exception or worse for a given criterion.

You may be able to pass a SOC 2 Type 2 examination with a limited number of exceptions, but they will be listed in the SOC 2 Type 2 audit report for all to see. You will be able to respond to any exceptions found, with your response being part of the final report. Still, it is not a good look regardless of the circumstances. Doing the SOC 2 Type 1 audit first allows you to determine whether your controls are sufficient before placing them into practice. This will minimize potential exceptions in your SOC 2 Type 2 audit that are based solely on insufficient controls.

Staggering Reviews

One mistake that is easy to make is to have all your quarterly reviews done on the same date each quarter, or even in the same month. This is especially vexing to everyone when the reviews are piled into the last month of a fiscal reporting period. Spread out the reviews of the various controls. They can be done anytime as long as they meet the cadence you specified. It’s perfectly fine to have a quarterly review on the 15th of February, May, and so on.

One way reviews can be scheduled is by using the GRC application we mentioned earlier. The nice part of using the GRC application here is that the review can be tied directly to the control, which in turn is tied to the criteria you are attempting to satisfy. The evidence gathered in the review can be captured (or linked to) in the application, then, at audit time, the review and supporting documentation are readily available.

SOC 2 Type 2 Evaluation Period and Audit

For a SOC 2 Type 2 audit you will have to demonstrate that you performed and recorded the actions specified by the policies, procedures, and controls you devised to meet the SOC 2 criteria over the evaluation period. Here are a few examples:

  • You have a requirement to document the code changes, additions, and deletions for each production product build. A build typically occurs once a week, but not always. You have a change management system which documents everything you need and includes any sign-offs you captured as part of your process. You also document the weeks when there was no build. The auditor will ask for your build documentation for several different weeks during the evaluation period. This could include weeks you did not do a build. How many different weeks and which weeks they will ask for is unknown until the audit itself.
  • Your risk management plan is required to be reviewed by the risk management officer once a quarter. You’ll want to have a tracking ticket showing the action was completed and, within that ticket, a note or other correspondence that discusses the findings along with any follow up actions from the review.
  • Your risk management plan is required to be reviewed each year by your executive staff to ensure all appropriate risks are being surfaced and addressed in the plan, and that all risks are correctly rated. The review is documented per your risk management procedures. If the date for this review falls outside of the evaluation period, make sure you have a previously completed review ready to show the auditor if asked. Saying, “We haven’t done one yet,” is not the best answer and will only cause the auditor to dig into your risk management policies and procedures to ensure you will be ready when the time comes.

At its core, the SOC 2 Type 2 is about demonstrating your ability to consistently enact and follow industry best practices across your organization over a period of time and then demonstrate that to the auditor.

Consistency Matters

During the initial SOC 2 Type 1 assessment you will meet the actual auditors who are doing the audit. There are usually two or three auditors, each focusing on a different area where they have some expertise. As you work with each of these folks, you need to decide if this is the auditor you’ll want to use in future audits, including SOC 2 Type 1, and so on. After completing the assessment, the auditor will have a decent understanding of your organization and its quirks and capabilities. Swapping out auditors or even audit firms between the different SOC 2 phases means you’ll be starting from nearly ground zero each time.

The only downside to wanting to use the same auditor for each SOC 2 audit is you may have to wait for them to have a future hole in their schedule to conduct the next audit. Still, the consistency gained is worth the wait if, each time, you can have the same auditor with prior knowledge of how your company works.

Summary

The entire SOC 2 process, from the initial assessment through annual SOC 2 Type 2 renewals, adds rigor and consistency to many of the processes and procedures you already have in place. It also helps you identify deficiencies and correct them along the way. You don’t have any deficiencies you say? Well good on you, but keep an open mind as you go through the process—just in case.

Another Beginning

Thanks for joining us as we celebrate our first SOC 2 journey. In the end there was little tomfoolery, no bloodshed, and no one got lost under a mound of paperwork. Hopefully there were a few nuggets of useful information that can help you along the way on your own SOC 2 odyssey. Of course, as this SOC 2 Type 2 journey ends, we start a new one, as each year we will be audited to ensure our continued compliance. Onward.

The post Our Journey to SOC 2 Type 2 Certification appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Open Sourcing the IPO

Post Syndicated from original https://www.backblaze.com/blog/open-sourcing-the-ipo/

Taking a company public is an investment. At Backblaze, we spent more than $10 million* in connection with our IPO and learned a lot in the process. Now, all that knowledge is yours for free. Why? We’re open sourcing our IPO.

In the tech world, the open source movement has long promoted growth, innovation, and collaboration. The push to democratize code is such a powerful thing that it is credited with the rapid expansion of technological innovation in recent decades. And yet, while open sourcing is widespread in our industry, you don’t find it in many others.

Some of the most common and repetitive business practices are still not well understood. The IPO process, for example, is as cryptic as the most jealously guarded algorithms for anyone who hasn’t been through it, and for no good reason. Entrepreneurs and business leaders often enter into this process not entirely blind, but without the building blocks those who IPO’d before had constructed. It doesn’t make sense.

When Backblaze went public in 2021, we found ourselves wondering why there wasn’t a better roadmap available to any entrepreneur who dared to take the IPO path. It’s an investment not only of management time, but also a significant amount of financial resources. Having more information going into it is never a bad thing.

Last year, I wrote about why you should go IPO, but in this series what I really want to do is open source our IPO process and share every step along the way: who to talk to, what to chase, what to build. I want any business leader to be able to use this series as a foundation along the journey to IPO. An IPO will still be an investment, but you’ll be armed with the knowledge to make it lean and mean. (And whether you actually go public or not is beside the point—the preparation takes your business to a whole new level.)

More to Come

This blog series is for everyone: from those of you dreaming up your first idea, to startups still in stealth mode, to the thousands of companies with revenue in the tens of millions. Check out the first installment here:

You can also tune in to our Stocks and Storage series on YouTube for more explainers on Wall Street jargon from IPO to EBITDA. And stay tuned for more—I’ll be filling in the details over the next year and writing the playbook I wish we had when we started down our IPO path.

The Backblaze Way

In the 20 years leading up to 2021—the year Backblaze was listed—around 4,500 companies went public, and yet there was still no definitive resource for us to follow when we started out. It wasn’t just that the roadmap was unclear, the process was also clouded by perceptions of what type of company could make the journey. The message we frequently heard was that without lots of media buzz, multiple rounds of traditional venture capital (VC) funding, public declarations of money raised, revenue above $100M, and lofty growth metrics, don’t even bother getting started.

But we’d already taken a different route to get where we were, bootstrapping our way to profitability and growth without following the road most traveled and the structure that provides, so we weren’t afraid to do the same thing in an IPO. It created some unique obstacles, but it worked for us, and we hope other entrepreneurs and business leaders can leverage our learnings, avoid our mistakes, and find some of the same benefits we did in going public.

Potential Stumbling Blocks

The road to IPO was something we thought about from day one of our company, but we started moving along it more seriously in early 2020.

We had some excellent advisors and mentors guiding our first steps (and if you’re contemplating an IPO, I highly, highly recommend starting to seek out folks with experience with IPOs who can help guide you along the way). At the same time, I wanted to make sure I was developing my own understanding of the process and forming my own opinions. My research included everything from digging deep into the resources shared by outside counsel to a late night “how to IPO” Google search (with limited results).

So what would have been most helpful to me at the time? What were the gray areas? What resources could have made all the difference at the beginning of the process? Below are the key points that I would give myself if I could go back in time, and they form the backbone of my thinking as I’ve begun to open source our experience for you.

How to IPO: The Things That Should Keep You Up at Night

  • The Unicorn CFO: We all know the importance of the CFO in the IPO process, but when the markets are strong and many companies are marching towards a public offering, CFOs with IPO-specific experience are rare. Can we start with a head of Financial Planning & Analysis (FP&A)? A controller? What’s right for our company?
  • General Guidance from General Counsel (GC): At the end of 2019, our in-house legal team was essentially nonexistent. We needed to hire a GC to help us navigate many of the nuanced IPO best practices, but where else should they provide guidance? Your GC should instruct you on how to start thinking and acting like a public company and direct your executive team on the specific roles they should play.
  • What Is My Role in All of This?: As a CEO, I naturally wanted to have my hands in every part of the IPO process. But, that was impractical and impossible. For example, I needed to play a very specific role as chief executive in the drafting of the S-1. (That’s the document you file with the SEC when you want to go public.) I had to approach the document with company vision/storytelling as my main focus—to ensure the picture we were painting of the company’s future was neither slanted by the desires of the market, nor overshadowed by legal and financial jargon.
  • Avoiding Fyre Festival: While on one hand you want to deliver a strong company narrative, many entrepreneurs can get carried away. You want to make sure you’re not telling a story you can’t deliver on. I don’t fault anyone for building a vision, but when thousands of influencers wind up in FEMA tents on a remote Caribbean island, you’ve taken your business narrative too far.
  • Systems, Processes, & People: These are the core components necessary to have in place for a successful IPO. When we started having the IPO conversations, ours were sufficient for the operations at a scrappy startup. I thought we had been informally putting the right infrastructure in place as we scaled, but preparing for an IPO takes a more concerted and intentional effort.

The Tip of the Iceberg

What I’ve touched on above is truly just the tip of the iceberg—something to get you thinking. In the rest of this series, I plan to dig deep into the inner workings of the IPO and share my insights—plus, many of the materials, planning docs, decks, spreadsheets, and more—with full transparency.

Here are some of the topics on deck for the rest of the year:

  • Building the Foundation: If you want to take your startup public, what’s the best way to set yourself up for success as you grow?
  • IPO Readiness: The opportunity stars have aligned. What does it take to actually be ready to take advantage of it?
  • Making the Call: When are you ready to pull the trigger and how does your mentality need to change?
  • Building the IPO Machine: What cogs are essential for the IPO machine, and how and when do you select them? Think bankers, analysts, executive team members, etc. And what if you pick wrong?
  • Storytelling: How to sell success and navigate the S-1.
  • Old Friends: Managing morale and focus.
  • The Roadshow: Storytelling beyond the S-1: How does it work and how do you prepare?
  • Notes on Not Drowning: Testing the waters.
  • The Final Steps: What are the final details you need to consider and what could go wrong?
  • IPO Day: My experience and key learnings.

In the meantime, please let me know in the comments if there’s anything in particular you’d like to learn more about as we help more businesses grow better.

The post Open Sourcing the IPO appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

5 Compelling Reasons You Should Go IPO

Post Syndicated from original https://www.backblaze.com/blog/5-compelling-reasons-you-should-go-ipo/

We took Backblaze public one year ago tomorrow. Our IPO was a great day and the realization of 14 years of hard work by our team. Since then, we’ve executed on our plans, hit our targets, and continued to grow our team and our revenue. And yet, the markets have been tough sledding. For newly-public tech companies like us, as well as many of our peers, stock values have decreased by ~70% from their peak values last year. It’s hard for shareholders, employees, and the market.

Obviously I wish the last 10 months would have gone differently in the markets, who doesn’t? But when people ask me, (which happens a lot) “Do you still think the IPO was a good idea?” There’s no question in my mind that it was one of the best business decisions we’ve made at Backblaze.

In fact, the more that I think about our experience of taking the company public, the more I believe that the IPO should be part of every entrepreneur and business leader’s consideration set. A perception has developed that there are magical financial benchmarks that forbid some companies from listing, but we went public at a point in the evolution of our business when a lot of experts told us we couldn’t. We may have faced some headwinds others didn’t, but I’m convinced that the IPO isn’t just for folks with over $300m in revenue who’ve raised hundreds of millions of dollars in venture capital.

So, in keeping with our commitment to transparency about our business and some of the interesting, tough, and exciting stuff we’ve been through—long-time readers will remember my blog about almost getting acquired—I’ve decided to write about our IPO journey: What sucked, what didn’t, what shocked us, and what we learned. Along the way, I’ll share everything I can—metrics, worksheets, planning decks, and more. Not because I think we deserve a pat on the back or to celebrate what we did, but for two bigger purposes:

  1. I can remember what it feels like to be an early stage entrepreneur thinking that the only path to making the company you built successful was to seek out restrictive venture funding or seek out an acquisition. I want to offer folks—whether you’re considering starting a business or have already built one with tens of millions in revenue—that there is another path to consider. While doing an IPO isn’t right for everyone, I think considering an IPO, and positioning your business to go that way if the opportunity arises, is sound strategy.
  2. I believe that democratizing the IPO process will be healthier for businesses, markets, and investors. And I’m not the first: Bill Hambrecht is well known for his efforts to open IPOs to broader audiences as he did with companies like Google and Overstock.com. Tech is all about disrupting unnecessary complexity, and going public is more complex than an AWS invoice. In the mid-nineties, there were more than 8,000 publicly traded companies. By this September there were nearly 2,000 fewer companies listed, even after the boom we saw in 2020 and 2021. I don’t think that’s a good thing.

This blog series will be for everyone from those of you dreaming up your first idea, to startups still in stealth mode, to the thousands of companies with revenue in the tens of millions.

And if there’s anything I talk about here that’s confusing or that you want to hear more about, please ask in the comments. I’ll try to cover it in a future post.

Why Listen to Us?

Hot takes on building startups and raising funding are a dime a dozen—so if you’re skeptical, I get it. What we’ll share here is partially based on the experience we had building two prior technology companies, raising multiple rounds of venture capital, and successfully selling them through acquisition. However, more uniquely: We founded and essentially bootstrapped Backblaze all the way up to our IPO (before 2021 we had only taken $3M in outside funding). Even CNBC noted that we took a unique path to market, and yet with $65 million in recurring revenue in 2020, we made a successful public offering and raised over $100M in funding to continue growing our business. We’ve made this journey ourselves, we did it recently, and—in the spirit of transparency—we’re going to share the stories behind it.

Why an IPO Should Be in Your Business Consideration Set

Why should IPO readiness (the process of setting up your business to go public) and actually going public be in your playbook? I’m going to explore this concept deeply over the course of this series, but I’ll pause here to tell you the five most compelling reasons to be IPO ready, along with a few proof points from our own experience.

  • Build to Last: Starting and growing a company is hard. If you’re doing it, it’s probably because you’re passionate about solving some problems in the world. To be successful, you had to care about your vision, your product, your customers, and your team. If your company ends up acquired, the unique entity you created will vaporize. Taking your company public provides a path to building and running the company for the long-term, possibly outliving you.
  • Funding With the Right Strings Attached: Raising funding in an IPO requires selling a portion of your company, just as in any venture funding. The difference, however, is that in an IPO the equity you sell is common shares—everyone gets the same shares on the same terms. In private fund raises, the company sells “preferred shares” to investors which typically come with a variety of special rights giving investors the ability to have extra control over the company, get extra equity in the company, prevent the company from raising money from other investors, and more. Raising funding in an IPO is the ultimate “clean” fundraise.
  • Building a Real Business: If you’re building with an aim to be acquired, it’s nearly impossible to not establish a culture at the company where everyone is focused on “dumping” the business. By aiming for an IPO, it drives the mindset to build for sustainability. You’re more likely to create a business that can achieve profitability, scale, growth, and deliver value over the long haul. Also, going through the actual process of IPO readiness, along with the process of feeding your financials through a meat grinder of ROI modeling and outcome driven planning—both during and after the IPO—means you will position your business for even greater resilience going forward.
  • Credibility: When the five Backblaze founders talked about IPOs back in the day in a tiny apartment in Palo Alto, it felt like we were trying on our dad’s pants. Sure, we knew some companies went public—but it didn’t feel like something that was really accessible (even for a room of people that scaled and sold multiple companies). But we’re not the only people who feel this way: “Public” signals a level of accomplishment and evolution that’s hard to achieve as a private company. Being able to achieve an IPO proves a business’s capacity to operate and excel under intense pressure and scrutiny. And if anyone is uncertain about how we’re doing, they can just go grab the last 10-K to see our results.
  • Liquidity: This one is simple. If you’re not public, you can’t sell your stock on the open market. Once the company is public, you and your employees (and existing shareholders) can sell their shares if they so choose. It also provides the freedom and flexibility for each individual to make that decision on their own. Rather than having to sell the company (wherein usually everyone is forced to sell all their shares), this allows one person to decide to stay “all-in” and keep all their shares, another one to sell theirs, and a third to sell just a few shares.
The team in Times Square.

What’s Next?

If you’re intrigued, this is really only the tip of the iceberg. In future posts, I will dig into everything from the nitty gritty tactics—like how to build a board, how to build a banking syndicate (twice], and how to write an S-1—to the bigger stories—like how years of planning can hinge on a few hours of work, or why “testing the waters” might be better named “getting thrown to the sharks”.

Rest assured: If you think you’re not interested in going public, everything I share will have as much to do with how you build a better business that you can grow over time as it will with the guts of the IPO process. I hope it’s useful, and if there’s anything you hope I’ll address or anything specific that you’d like to learn more about, let me know in the comments.

The post 5 Compelling Reasons You Should Go IPO appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.