Enterprise Content and AI Security

You can’t talk to a business customer today without AI coming up. While most people seem to have embraced the power of public generative AI tools like OpenAI’s ChatGPT or Google’s Gemini, there’s a lot of hesitation when it comes to using generative AI on enterprise content. The one concern that comes up again and again? 

Security.

Rightfully so. Public AI tools don’t have to worry about security. They’re gobbling up all the data on the public internet with the motto: “Train first, worry about intellectual property rights later.” Technically, nothing is stopping them from doing that, and their models are fed by scrapers and crawlers that grab everything they can find.

In an enterprise, however, that doesn’t work. Enterprise data is privileged, confidential, and subject to privacy laws. The data cannot be shared with everyone, and AI models must respect that. It means two users must receive different answers to the same question, depending on the data they’re authorized to access.

The problem is, if your content isn’t well secured and governed in the first place, AI will expose those holes quickly. You may have been able to hide some data behind cryptic file names, but that won’t stop the AI models. Having solid data governance with granular, clean permissions is imperative. Otherwise, it’s “bad security in, bad security out,” to paraphrase Fuechsel’s Law ("garbage in, garbage out").

It also means you need to bring AI tools to your content rather than trying to bring your content to the AI tools. It’s hard enough to secure your content in the first place, and the idea of copying a snapshot into a separate container for AI would obliterate any of that security.

Don’t expect public AI vendors like OpenAI, Google, Anthropic, Meta, or DeepSeek to solve this problem. Enterprise content is a different animal—one they neither understand nor care to understand. None of these vendors has any enterprise DNA. Security is not their concern, and their models aren’t built with the assumption that data access should vary by user.

To illustrate this point, let me remind you of what happened with enterprise search. Web search, which we all use many times a day, is based on an index created by crawlers that scour the internet to deliver the best content match for your keywords—the same results for everyone. That’s what Google does in simplest terms. But in the enterprise, that approach doesn’t work. Enter enterprise search.

About 20 years ago, Google—the heavyweight search champion—entered the enterprise search space with a bright yellow, rack-mounted Google Search Appliance, drawing a lot of attention with its promise that managing content wasn’t necessary: "Wherever it is, you can find it with Google". Or something like that.

It sounded great—except it didn’t work. Google eventually discontinued the product after a decade of trying. Interestingly, other major players in enterprise search met similar fates. There was FAST, which Microsoft acquired in 2008—only to discover a year later that FAST had been cooking the books. And then there was Autonomy, which HP acquired in 2011, only to eventually sue the CEO and CFO for—you guessed it—cooking the books. The Hollywood-worthy Autonomy saga ended with the CFO in jail and the CEO dying in a freak boating accident. (I described that story in more detail last year in “Mike Lynch, Autonomy, and Incredible Coincidences”.)

Today, search is provided by the companies that own the data. Enterprise search is hard, and usually, only the company that built the repository has a chance of doing it well. On the web, Google finds content that wants to be found—literally. Millions of companies spend billions of dollars each year on SEO to make their content easily discoverable. And there’s no security to worry about.

Enterprise content is different. It’s not optimized for search engines, and security is not optional. This is hard to get right. Eventually, the open-source Apache Lucene solved the problem well enough, and that’s what many enterprise applications use today. Still, you rarely hear anyone say, “Wow, this search is amazing”—because it doesn't match Google’s web search, which sets the expectations bar.

Now, let’s come back to AI. The vector databases at the heart of enterprise AI models must respect data security, just like search indexes do. That’s incredibly difficult for anyone other than the companies that hold the data. Only they understand the data structures, the users, and their permissions. For any external application, sure, it’s possible, but it's really hard to make that work. If you don’t believe me, think back to enterprise search.

AI in the context of enterprise data will be extremely valuable, with the potential to dramatically boost productivity—whether it’s through assistants, agents, or whatever comes next. But in an enterprise, the first rule will always be: respect the data’s security. 

And that makes it hard.

Ode to the Desktop

Blame Google. Actually, blame Microsoft. The idea sounded great, but the consequences? Unintended. They slow you down. They limit your skills. They force you into a world of mediocrity.

I’m talking about using applications in a browser.

Now, I don't mean any application. There are many types of applications that work well in a browser. For example, process and transactional applications like CRM, Spend Management, and Project Management work just fine in a browser.  In fact, having a browser UI eliminates the need for a client installation, which is a big part of what makes cloud applications appealing. 

Many other types of applications like monitoring, analytics, and reporting also work well in a browser. But the applications that don’t belong in a browser are authoring applications; the types of applications in which you are creating or editing content. Yet, they seem to be very popular.  

Google started it.

For decades, authoring was done in desktop applications like Word or Excel. Then Google introduced its application suite as browser apps in a frontal attack on Microsoft.  Google first launched Docs and Sheets back in 2006 after acquiring Writely and XL2Web. Google Slides was added in 2012. At the time, Microsoft was going through the rough patch of the Balmer era, being attacked on many fronts (and losing), including desktop OS, mobile OS, browser, ...and office suites. Seeing an opening and being flush with cash from its money-printing ad business and the 2004 IPO, Google succeeded where several companies failed a decade before, including Borland, WordPerfect, Lotus, and IBM.

And succeed Google did, especially after cleverly combining the browser applications with Google Drive in 2012. Google Apps, now called Google Workplace, quickly became a serious alternative to Microsoft Office which until then had a virtual monopoly on office applications. The pressure forced Microsoft to counter the way Microsoft always does – by doing the same and making it free. 

Microsoft joins the bandwagon

Microsoft introduced its Office Web Apps in 2010 and later renamed them Office Online, Office 365, and eventually Microsoft 365. The rest is history and browser-based authoring apps from Google and Microsoft are everywhere. Microsoft also introduced SkyDrive in 2007, eventually renamed to OneDrive, which is also integrated with MS365 just like Google Drive. The “free” strategy didn’t work that great against Google, which made Workspace free as well. According to Statista, Google supposedly owns 44% of the market share for office suites, while Microsoft 365 owns 30%.

Browser applications have many benefits. They require no installation and the installation with cloud drive makes working in the cloud easy. Kids use them in school for their projects and, consequently, Gen Z seems to prefer them over desktop apps. Google introduced real-time co-editing in 2006, which enabled new ways of team collaboration that weren’t possible in Microsoft’s suite until 2015. Other benefits are enjoyed by the IT departments such as low cost of administration, high scalability, and solid security.

However, browser applications have significant drawbacks. 

For one, they require a browser to operate. Browsers are designed for viewing web pages, not to run authoring applications. This has some repercussions. For one, a browser is designed to browse the Internet. But when there is no Internet, there are no applications to work with. Losing power is not that uncommon even in Silicon Valley and while your laptop might have plenty of battery charge left, you have no apps to work with.

Another issue is related to opening multiple documents at a time. As document sharing via a link is very easy in a browser, every time you receive a link, you click on it and leave it open to get back to it later. Before you know it, you have a hundred tabs open, each consuming 300 MB of memory. Your laptop gets slower and slower and eventually your browser might crash.

Most importantly, the browser apps only come with a subset of functionality compared to the desktop apps. Don’t believe for a second that browser-based Word or Photoshop are the same as their desktop counterparts. In MS365 alone, you will find many limitations in formatting, shortcuts, performance, data sizes, data modeling (Excel), embeddable objects, customizations, add-ons, macros, and more. 

Similarly, Adobe’s Photoshop for the Web is a highly simplified version of the desktop application. That's why many applications like Adobe Premiere Pro or Autodesk’s AutoCAD don’t even exist as a web version. These applications are built for complex authoring workloads that the users are unlikely to ever perform in their browser. 

The pros use desktop applications

That’s at the heart of the matter. Browser authoring is good enough for light workloads like writing a memo, updating an Excel table, or adjusting image contrast. But for more serious workloads that involve heavy formatting, large data sets, macros, or specialized add-ons, desktop applications are the only choice. The users get trained in using PowerPoint, Excel, Photoshop, or AutoCAD. In fact, they take great pride in how well they master these applications. There are entire industries built around making such professional users more proficient.

You might argue that 80% of all workloads are quite simple and the web applications are perfectly good for that. But I disagree. You don’t become a faster runner by running slow. Professionals go through training to learn their tools of trade. They become proficient in using shortcuts. They seek ways to learn better ways of using the apps. They explore the latest innovations and add-ons available for their applications. They challenge each other to push the limits of their tools. Pros want to run faster. 

And that’s only possible when using desktop applications.

My Take on the Zuora Acquisition

On October 17, 2024, Zuora announced its acquisition by Silver Lake, a private equity firm, for a total of $1.7 billion. The acquisition was not unexpected. My former employer had already announced on April 17 that it was “exploring strategic options, including a sale”. The buyer was also not a surprise, as Silver Lake had already invested $400 million in Zuora on May 9. Acquiring the remainder of the company cost them only $1.3 billion. 

What is surprising is the price. 

The offer of $10 per share represents a meager 6% increase above the previous day's closing price of $9.42. Yikes! As a shareholder who has been holding underwater shares from an ESPP purchase over 3 years ago, I find this quite disappointing. Sure, you might say that an ARR multiple of 3.7 is what PE companies pay (Zuora expects to make $455.5-461.5 million this year). But that doesn’t make it any better for the investors. The stock closed at $9.91 on Friday which signals that many other investors are unimpressed. 

How did Silver Lake manage to secure such a lucrative deal? 

Zuora pioneered subscription billing and remains the company to beat in this space. It boasts an impressive roster of customers, a highly knowledgeable team, and a broad range of capabilities that none of its competitors can match today. Yet, Zuora’s stock has remained stuck in single digits for almost three years, with no upward movement. 

This stagnation isn’t due to poor execution. The management team has lately consistently exceeded earnings expectations quarter after quarter. The issue wasn’t execution—it was strategy. 

A subscription billing platform operates between orders, payments, and the general ledger—in other words, between CRM, payment processors (PP), and ERP. These are Zuora’s strategic touchpoints; its inputs and outputs. When Zuora first started, it was the only game in town. However, today, all those vendors have added subscription billing capabilities, which puts pressure on the demand for Zuora. Salesforce (CRM), MS Dynamics (CRM), Stripe (PP), Gotransverse (PP), SAP (ERP), and NetSuite (ERP)—they all offer subscription billing today and they don’t need Zuora. 

When you’re being squeezed by all your strategic touchpoints, you must find a way out. One strategic option is to push back by adding capabilities that encroach on their turf. That’s what Zuora did by introducing solutions like CPQ, payment recovery, and revenue recognition. Unfortunately, this fragmented approach didn’t succeed, especially when facing much larger competitors like Salesforce, Stripe, SAP, and Oracle. In such situations, the next strategic move is either to find a new direction for expansion—which, arguably, wasn’t available—or to specialize. 

That’s exactly what Zuora did by deepening its focus on the manufacturing and media sectors. It even acquired a paywall vendor Zephr to strengthen its media solution. However, most manufacturing companies are not good at selling software or data subscriptions, and most media companies already know how to do subscription billing and deal with more existential problems. Focusing on verticals was the right move, but Zuora probably chose the wrong ones. It’s easy to critique in hindsight, but selecting other verticals like insurance, financial services, healthcare, or utilities might have been a better strategy for verticalization. Maybe. 

In the meantime, Zuora began missing out on many software market opportunities, while software is the largest market for subscription billing. Software companies need billing solutions from the early stages as tiny startups, but Zuora’s platform, designed to handle some of the most demanding enterprise billing scenarios, is too complex for startups. What these companies are looking for is a simple billing solution that can be integrated with just a small snippet of code, like the solutions from Stripe or Metronome.  

Zuora was also slow to respond to the rise of usage-based billing, which is a hot topic these days. Whether usage billing is the future remains to be seen, as most customers seem to hate it. However, its emergence created an opening for upstarts like Metronome, Orb, M3ter, and Tioga—the latter eventually acquired by Zuora. Unfortunately, that move came too late to make any significant impact. 

Moving down-market is nearly impossible for an enterprise software vendor; it’s difficult to simplify software built for large enterprises (the opposite is somewhat easier). Acquiring an SMB vendor to target the SMB market was likely not an option for a relatively small publicly traded company with not that much cash on hand. It seems like Zuora wasn’t left with many strategic alternatives here. However, failing to act quickly enough on usage-based billing was another key strategic misstep. 

Out of strategic options, Zuora publicly put itself up for sale. Silver Lake quickly seized the opportunity with an initial investment, and since no strategic buyers emerged, Silver Lake ended up acquiring the entire company a few months later. The modest 6% premium reflects the strategic predicament Zuora found itself in. Silver Lake got a good deal, and now Zuora will need to figure out its strategy under private equity ownership, which is not known for fostering growth through innovation investments. 

I wish Zuora well. It’s a great company that stands as a shining example of category creation, thought leadership, and solid execution. However, I’m unhappy about the stock price. 

Why I Joined Egnyte

Yes, after two years of working on my own as an independent consultant, it happened. One of my clients made me an offer to join their company, and I decided to take the leap. Why did I do that? 

"Lubor, I thought you were done with this space!" said Marko Sillanpaa from Gartner when I joined a recent briefing. Marko and I go way back to our Documentum days. 

Well, it’s true. After spending nearly 15 years in content management companies like Vignette, Documentum, and OpenText, I was starting to get bored. For years, I had been trying to convince customers to manage their content to avoid compliance, governance, and litigation risks. But, aside from companies in highly regulated or litigious industries, most didn’t care. 

Things became even clearer when the new upstarts began pushing Enterprise File Sync and Share (EFSS). In the spirit of "consumerization" and "enterprise 2.0", they claimed that IT was becoming irrelevant, and many companies decided to stop worrying about how their content was managed. Employees were indiscriminately sharing files straight from personal drives. It was madness, but I knew it would take time for people to realize that. 

So, I left the enterprise content management (ECM) world and ventured into business applications, to finally get the experience of marketing to business buyers. Funnily enough, the companies I worked for had a horrible way of sharing and managing content. Their content chaos was a massive productivity drain, and they didn’t even know about it. 

But, I kept an eye on the content platforms. 

For a while, it seemed like nothing would change. Most of the old vendors faded away, and EFSS 'boxes’ became just as boring once they started selling to enterprises. They kept talking about compliance on and on, but no one cared. Content was seen as more of a liability than an asset, with "secure collaboration" being the most exciting positioning they could muster. 

Then, generative AI arrived. 

It quickly became clear that while ChatGPT is awesome, for business use, it needs to work with a company’s private, often sensitive, content. That changed the game for content platforms since they own the content repositories. Even if a lot of content still lives in personal drives, content management suddenly matters again. The focus shifted from reducing risk to boosting productivity. Now that’s cool—AI used for something truly useful! I want to be part of that. 

When I started working with Egnyte as one of my clients, I found a company with leading-edge cloud technology, with all the bells and whistles you’d expect from a modern content platform. Unlike EFSS vendors, Egnyte has always focused on control and security, eliminating duplicates, data leaks, and privacy issues. This becomes crucial when applying generative AI to private company content. Random duplicates can lead to incorrect answers, which isn’t acceptable in business. Egnyte figured this out long ago. 

On top of that, Egnyte has powerful and unique capabilities for managing highly complex content with massive files like CAD files, BIM models, and Adobe creative projects. I saw a company with amazing technology, strong prospects, a great team, good culture, and solid financials. I knew I could make a difference here. So, I said yes.  

Yes, I’m running product marketing again, which is what I love. I’m diving deep into the technology, working closely with product teams, and using all my marketing craft to tell Egnyte’s story. There’s a lot of work ahead, but the opportunity is huge.

I’m excited to be back in the content management space. It’ll be fun reconnecting with industry analysts like Marko Sillanpaa, Cheryl McKinnon, Craig LeClair, Marci Maddox, Alan Pelz-Sharpe, Dan Lucarini, and others. I might check in with AIIM, where I served on the Board for five years, to see what they’re up to. And I’m really looking forward to meeting with customers in person. 

It’s great to be back. We’re just getting started! 

Mike Lynch, Autonomy, and Incredible Coincidences

My story today is incredible. It’s just too wild and hits too close to home to ignore. It’s about Mike Lynch, Autonomy, and a string of coincidences so unbelievable that not even a Hollywood screenwriter could dream them up. 

So, let’s start at the beginning.

Autonomy was founded in 1996 in Cambridge, UK, by Mike Lynch, David Tabizel, and Richard Gaunt. The company went public in 1998 at £0.30 per share on EASDAQ, Europe’s version of Nasdaq. Autonomy’s core product was an enterprise search technology, called IDOL (Intelligent Data Operating Layer), which supposedly used a pattern recognition technique based on the Bayesian algorithm. Keep that name "Bayesian" in mind—it’s going to pop up again later.

Sailing yacht Bayesian

Over time, Autonomy expanded its portfolio by acquiring a range of companies, including Verity (search), Zantaz (email archiving), Meridio (records management), Interwoven (web content management), iManage (legal document management), and Iron Mountain Digital (archiving and e-discovery). They even scooped up the content solutions from Computer Associates. Through these acquisitions, Autonomy became a major player in the content management space, going head-to-head with giants like EMC/Documentum, IBM/FileNet, Microsoft SharePoint, and OpenText.

Around 2009-2010, Autonomy became a significant challenge for me while I was leading product marketing at OpenText. It wasn’t that we were losing many deals to them—Microsoft was actually the much tougher competitor in that regard. But Autonomy was winning the battle for mindshare and thought leadership. Their stock was performing much better than ours, and this caught the attention of our Board and executive team. We spent countless hours analyzing and sometimes agonizing over it.

The truth is that Autonomy had a great narrative. Its "meaning-based computing" story suggested that instead of managing and organizing your digital content, you should just focus on how to find it—compelling, even if misguided. It sounded great: don’t worry about how you store, secure, and use your content. As long as you can find it, leave it wherever it is, no matter how it’s managed. This was the AI hype long before AI became a thing! 

As a marketer, I still admire the message for its impact and consistency. Yeah, I'm still a little jealous and I've learned a few lessons from it. Autonomy’s “meaning-based computing” portfolio was cleverly packaged into three pillars: “Protect” (archiving, compliance, e-discovery), “Power” (enterprise search), and “Promote” (WCM and e-commerce). CEO Mike Lynch loved adding a scientific spin, often referencing the 18th-century mathematician Thomas Bayes. He even included Bayes’ theorem in the company’s 2010 annual report—without any explanation. It didn’t make much sense, but it sure sounded impressive, especially with Lynch’s loud, aggressive marketing style. 

Autonomy's Meaning-Based Computing marchitecture

And the investors were eating it up.

What really stung wasn’t so much the competition from Autonomy in deals but the stock price. During the Great Recession, when stocks of companies like EMC, IBM, Microsoft, and OpenText were struggling, Autonomy’s stock was soaring. At its peak, it traded at £30, which was 100 times its IPO price. Not bad for a company with products that were essentially a patched-together suite of acquired technologies, just like what EMC, IBM, and OpenText were offering at the time.

Fast forward to August 2011, when HP announced it was acquiring Autonomy at a staggering 80% premium over the previous day's stock price. The total deal came to a massive $11.7 billion, making it one of the biggest B2B software acquisitions at the time. Dr. Mike Lynch, often called the UK's Bill Gates, left the company less than a year later, pocketing around $800 million for himself. He then did what many do after a big payday: bought expensive toys, acquired a countryside manor, started a VC firm, and even received an OBE from the Queen.

This is where the fairytale ends.

The bad news started rolling in just before Mike Lynch was let go from HP, following a disappointing quarter. Then-CEO Meg Whitman (remember her?) didn’t hold back about her dissatisfaction with Autonomy’s performance under HP’s umbrella. By November 2012, HP dropped the bombshell that it was writing off $8.8 billion from the Autonomy acquisition, citing "serious accounting improprieties" and "outright misrepresentations."

What followed was pretty much expected: the SEC, FBI, and the UK Serious Fraud Office launched investigations, and lawsuits were soon filed. This kicked off a decade-long legal battle between HP, its shareholders, and Autonomy’s management, who consistently denied any wrongdoing.

Meanwhile, HP faced its own challenges, and with Meg Whitman out, it began selling off assets. By 2016, my by-then former employer OpenText had acquired Interwoven's assets from HP/Autonomy, and HP eventually sold the rest of Autonomy to the British company Trend Micro in 2017. 

Speaking of fate, this is where the crazy, unbelievable stuff starts unfolding. 

In 2018, former Autonomy CFO Sushovan Hussain was indicted, tried, and convicted of accounting fraud in the US. On his way to jail, he provided evidence against his former boss, Mike Lynch. This led to Lynch being charged with fraud. Despite denying any wrongdoing, Lynch was found guilty in a UK civil court of artificially inflating Autonomy’s financial results during a trial brought by HP. Note the word “guilty”.

After a lengthy legal battle, Mike Lynch was eventually extradited to the U.S. in May 2023 and went to trial in March 2024 on 16 counts of wire fraud, securities fraud, and conspiracy. His co-defendant, Stephen Chamberlain, former vice president of finance at Autonomy, was also on trial with Lynch. Despite being given less than a 1% chance of winning, Lynch pleaded "not guilty." In a surprising turn, the jury acquitted both Lynch and Chamberlain in June 2024, marking a victory for Lynch and his legal saga. While he was still facing civil lawsuits and many more legal bills, this was a major legal victory for Lynch and his team and they decided to celebrate by cruising the Mediterranean on Lynch's super yacht.

What happened next was some unbelievable coincidences.

On August 17, 2024, Stephen Chamberlain was tragically struck by a car in the UK and died. Just two days later, on August 19, 2024, the luxury yacht *Bayesian* was hit by a freak waterspout while anchored near Porticello in Sicily. The yacht sank in a few minutes, and six people lost their lives, including Mike Lynch, his lawyer Chris Morvillo, and Jonathan Bloomer, the chairman of Morgan Stanley International. Interestingly, Bloomer was the chair of the audit committee on Autonomy's board at the time of its sale to HP.

So, within two days, Autonomy’s CEO, his defense lawyer, the company’s VP of Finance, and the chair of Autonomy’s audit committee all died under unnatural circumstances. Coincidence? That’s hard to believe! 

So, what exactly happened to Bayesian?

One possibility is that this was truly a freak accident caused by a rare weather phenomenon. The leading theory is that a waterspout—a type of tornado that forms over water—might have been responsible. But have you ever actually heard of a waterspout? They’re rare and typically not strong enough to pose a threat to large vessels. And a waterspout powerful enough to sink a yacht of that size, while other nearby yachts were untouched? Hard to believe. With no evidence left behind since it occurred on water, the only proof is a yacht at the bottom of the sea.

But Bayesian wasn’t just any yacht. At 184 feet (56 meters) long, it was one of the largest sailing sloops in the world—a sloop being a single-masted sailboat. Its 246-foot (75-meter) mast was the second tallest in the world, and the yacht was valued at around $40 million. This boat was said to be unsinkable, with multiple compartments and all the safety bells and whistles a billionaire would want. Of course, whenever someone says "unsinkable," everyone immediately thinks of the Titanic. Still, if I were a billionaire, I'd want a yacht like Bayesian.

I won’t dive into all the details, but there’s a lot of speculation out there. How could a yacht of this size sink so quickly? And why did six passengers perish while most of the crew was rescued? As a sailor, I’ve followed these discussions closely, and there seem to be more questions than answers—along with an unsettling number of coincidences. If you’re interested, one of the most succinct analyses of the accident is in this video (yeah, the speaker isn't very dynamic but he presents the facts without a bunch of fluff which is what all the media outlets do).

Maybe this was just a tragic, freak accident, but there seem to be way too many coincidences. Of course, there will be an official inquiry because, as far as I know, Italian law tends to find someone to blame when a person dies an unnatural death. So, we are already hearing talk of manslaughter charges, with everyone from the captain and the crew to the yacht builder, and even the weatherman, being accused. But most of that is just for show and for the insurance companies trying to limit the massive payout. Shocking, right?

Hopefully, we’ll eventually learn what really happened. Either way, the story of Mike Lynch and Autonomy is one for the ages, ending in a tragic twist. 

Or is there perhaps another explanation for what happened?