The customer profile internationally
“We’re not seen a different make-up of customers that we’ve seen in the US. Where we don’t have a direct sales presence we have a larger percentage of customers who are self-servicing. They tend to be smaller businesses. Where we do have a sales presence, we have the opportunity to engage with larger enterprises.
“The financial services sector is a very interesting situation. They are subject to some pretty significant regulations. They deal with very sensitive information so they have expressed some concern about cloud-based services in general. Financial services companies are also subject to significant competitive pressures to that have a habit of using technology to drive competitive value. We have seen some very interesting use cases in financial services.”
Is security still a bug bear among potential customers?
“We do get a lot of questions. Box is a very security-oriented company. Our regulatory team is very strong and we put a lot of energy into the regulatory frameworks in which we operate. We can assuage any concerns that companies might have around those. We’ve certainly been successful with working with a number of European companies who had concerns.
“Typically it’s the CIO or the Chief Security Officer who is tasked with guarding the sanctity of the company’s intellectual property and they need to be confident that that our security posture is appropriate. Most business people understand that law enforcement agencies have had the power to seek access to communications and company data if they felt that criminal activity was involved.”
Don’t ask, don’t tell?
“For a variety of reasons, IT professionals have learned to ignore the use of certain kinds of consumer tools by their colleagues. It’s a sort of ‘don’t ask, don’t tell’ policy. Everyone knows it’s going on, but it’s not sanctioned by company policy. When Box is used informally or in a small workgroup, we tend to be covered by that umbrella. When we engage with Fortune 2000 companies and senior leadership gets involved, then they don’t have that plausible deniability.”
Why in-country data centers shouldn’t be necessary for data privacy.
“Enterprises and governments should be able to meet reasonable privacy needs without having to store data in-country. We are very actively engaged in some of these conversations, including those around model contract language. It should be possible to store data within the European Union and not in country and still deliver appropriate compliance with European privacy laws.”
Why Safe Harbor is out of date
“The regulatory environment is changing. Safe Harbor is probably outdated at this point. There are various movements to replace it with a more rigorous standard.
“One of the challenges with Safe Harbor has been that it is self-certifying which has not been confidence inspiring. Even if the certification was valid, it was challenging for larger enterprises. We have sought European auditors for our ISO 20071 certification which was originally done by US auditors.”
That IPO filing.
“There are many reasons for Box to be a listed company. We intend to build a very large enterprise software company and being listed would us to become that.”
Disclosure: at time of writing, Box is a partner of diginomica.