Coalfire is a winner. Its business model and operating model complement each other well. Coalfire is a technology services provider that assists enterprises in identifying and mitigating cybersecurity threats while complying with regulations. Coalfire has a re-occurring revenue model around five solutions: cyber risk assessments, advisory, threat testing, information monitoring, and reporting services. It serves a broad range of industries including cloud service providers, financial services, government and public sector, healthcare and life sciences, higher education, hospitality, payments, restaurants, retail, and utilities. Cybersecurity is not only an industry under heavy regulatory scrutiny, but comes into traditional and social media crosshairs often (i.e. when a retailer like Target has all of its customer data stolen). This increase in publicity around safety of consumer data feeds the regulatory enhancements and thus increases fines levied on corporations for breaching these regulations. Coalfire helps navigate this entire landscape for extremely large corporations such as Amazon, Oracle, Microsoft, Wal-Mart, NCR, etc.
Coalfire’s operating model follows its business model in that it has different operations teams supporting each of the five solutions. Logically, the Company employs a large number of people to assess and advise its clients on cybersecurity risk. This involves walkthroughs at client offices, data analysis, but perhaps most interesting – stress testing. Coalfire employs a group of “hackers” to actually attempt to break into its clients’ websites and/or physical facilities to gain access to private data. Any successful attempt leads to additional, and often innovative, security protocols to prevent this from happening in the real world. The operations team also has a number of auditors and information monitors to ensure Coalfire’s clients have filled out the necessary paperwork (correctly) to become compliant and maintain compliance with the rapidly changing regulatory landscape. Additionally, Coalfire has a large sales staff given the extreme growth the cybersecurity sector is currently experiencing.
Coalfire’s core competitive advantage in the cybersecurity market is its quality. It made the Cybersecurity 500: “a directory of the world’s hottest and most innovative cybersecurity companies to watch in 2015”. To build upon this competitive advantage, and to make the Coalfire name even more “sticky” in the eyes of clients, Coalfire has recently set up “exchanges” for certain industries. For example, Coalfire launched HIPAAcentral (video overview here: http://hipaacentral.com/Resources), a security and compliance exchange. The idea is that any company (Coalfire client or not), can join this exchange to ask questions, download resources, and be able to manage its own HIPAA compliance process. Because Coalfire is constantly reviewing HIPAA compliance documents and managing the process on behalf of many of its customers, the Company is perfectly positioned to provide this exchange service to reach even more companies. This only focuses on the healthcare industry for the first exchange product, but this effort can be replicated on a wide scale across all of Coalfire’s industries. Employees are trained to log every mistake clients make in order to come up with a “frequent mistakes” log that is instrumental to both efficiency in the core Coalfire business and in the ancillary industry exchange products.
The processes implemented at Coalfire’s clients’ facilities often take more than one day, and equipment installed at these facilities can sometimes be expensive. Thus, as regulation continues to evolve in the cybersecurity space, Coalfire will become more and more embedded in its existing client base due to the high switching costs of hiring a new cybersecurity firm. Additionally, as the use of various exchanges powered by Coalfire increases, Coalfire will generate additional sales leads at a rapid pace. The only question that will remain is whether or not Coalfire is able to hire enough quality assessors, advisors, hackers, and auditors to keep pace with the rapidly growing demand.
Sources used while compiling this post were: