Sorry, Box, but free is not a business model

Free is not a sustainable business model. Everyone knows this, especially those who lived through the dot-com bubble 15 years ago. Everyone, it seems, except for cloud storage investors. Billions of dollars have been poured into cloud storage companies that are giving away their product, with just a tiny sliver of their customer base actually paying for anything.

Offering a free version of your product is nothing new for technology companies, but those who are successful at using this model either give the customer a strong incentive to upgrade to a paid version, or they do as [company]Google[/company] has done and create a massive audience that can then be sold to advertisers. The most popular and heavily-financed cloud storage companies do neither.

Venture capitalists have invested more than $400 million in [company]Box[/company], a cloud storage file sync and share company, and assessed its value at $1.2 billion. Its much delayed IPO ultimately did better than anticipated, pricing above the expected range — even though only about 10 percent of its customers pay anything at all. Unlike Box, Dropbox is not a public company and has never filed for an IPO, so its financials remain private, but it has raised $1.1 billion in financing, $500 million of which is debt, and is valued at around $10 billion. It too has said that most of its customers use the free product.

Mission: Converting users to customers

With Box, a free personal account provides 10 GB of space, plus the ability to sync and share files with other Box users. Similarly, Dropbox offers 2 GB of free space, with the potential to earn up to 16 GB by referring new customers. Just 1 GB of storage will hold more than 15,000 Word documents, on average, and more than 300 images.

Ideally, the free product offers not only enough value to spread virally, but also offers a strong incentive to upgrade so that it sells itself. Unfortunately for Box and Dropbox, the free services more than cover the needs of customers, which is why it should come as no surprise that about 9 in 10 of Box’s customers don’t pay, according to its SEC filings.

What’s more, Box is paying about as much money as it makes to win those paying customers. For the nine month period that ended Oct. 31, 2014, Box brought in $153.8 million in revenues, while spending $152.3 million on sales and marketing alone. Its total net loss for the nine month period was $129 million. If Box has to spend almost everything it makes from current customers to win new ones, what is the use of giving its product away for free, aside from boosting the size of their user base to impress investors? After all, the entire purpose of giving the product away is to introduce people to the product and then entice them to buy. Simply put, Box went public because it had no other choice. It needed another big cash infusion to pay for its losses.

Dropbox’s financial results are not public, but given how similar its model is to Box’s and how much more money Dropbox has raised, there’s little reason to believe that they are significantly different. After all, the more money a company raises, the more of the company the founders have to sell, and no founder enjoys parting ways with equity. The only reason for Dropbox to raise that much money is because the company needs it.

Why pay if you don’t have to?

The marketing value of “free” is minimal in terms of real dollars if very few of those users convert to paying customers. And, more importantly, Dropbox and Box still have to support all those non-paying customers. There is simply no palatable way for them to eliminate free users, and the costs associated with them will continue to rise as the need for storage increases. As more free customers are added into the system, those costs continue to grow, creating a death spiral. Last year, in an effort to increase the number of paid customers, Dropbox reduced the price of a gigabyte of storage by 90 percent. That is a clear indicator that, over time, the price of cloud storage will continue to reduce to zero.

Eventually, these competitive pressures will likely force Dropbox and Box to invest heavily in building their own storage clouds, but that’s a losing game as well, as Nirvanix discovered much to its chagrin last year. Nirvanix had raised $70 million to build a storage cloud to compete with Amazon, Azure and Google. It sealed big partnerships with IBM and Dell, and had won customers like NASA, Fox Sports and National Geographic. But in the end, Nirvanix couldn’t keep up in the ruthless price war between the bigger, commodity cloud storage giants. When Nirvanix abruptly announced it would shut down, customers had mere weeks to move terabytes of data out of their system.

Eventually, investors will cut off the spigot, and, unless they change course, companies like Box and Dropbox will die like Nirvanix.

So, how can these free sync-and-share companies avoid disaster? The most likely scenario is acquisition by a large software or systems vendor who would ultimately integrate this sync and share functionality into their own products as a major feature. To thrive as independents, however, sync and share companies will need to do two things: move beyond a business model built on free and create a more robust and valuable product offering.

It’s not that sync-and-share isn’t valuable — it is! I personally use Dropbox almost every day. But sync-and-share is quickly shrinking from a stand-alone product into just one feature of a much larger integrated workspace. If these companies can create a compelling service that integrates communications, collaboration and project management into a single, intuitive environment, they may have a future. Box is clearly already moving in that direction, but both companies will need to do much, much more if they’re going to win against companies like Slack and their numerous competitors and outpace their own prodigious burn rates.

Finally, these new products will need to provide ample incentives for customers to pay. Having a lot of “customers” that don’t pay you anything is the surest way to repeat a lesson we were all supposed to have learned after the dot-com bubble burst. That lesson was painful enough the first time, and there should be no need to repeat it.

Andres Rodriguez is CEO of Nasuni, a Natick, Massachusetts-based cloud storage-as-a-service company.

Pro tip: If you use cloud storage, bring your own security

If you weren’t already worried about the security of your company’s internal memos and other documents, the recent Sony hack probably fixed that (and reinforced the message that if you don’t want egg on your face, you shouldn’t write embarrassing emails).

Here’s the thing: Security is hard, and as we’ve heard over and over, it requires a mix of technologies from different providers, constant vigilance and good end-user practices to safeguard a company’s crown jewels.

Thanks to widely publicized breaches at Target, Home Depot and — yes — [company]Sony[/company], companies are reconsidering their security practices, according to a new research note from Nomura Securities analyst Frederick Grieb. That means more budget will flow to security next year and also that top-notch Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) with expertise in both relevant technologies and their company’s business and regulatory requirements are in short supply.

Lesson: Add your own security

In that vein, the director of security for a Fortune 100 healthcare provider recently told me that keeping company data and documents secure, requires that companies layer additional security atop whatever cloud storage and file share service is used. These storage vendors may have good marketing statements, but when you drill down, not very good security stories, he said.

Speaking on the condition that neither his or his company’s name be disclosed, he said the issue for a highly regulated company like his is to ensure that a document — whether it’s a PDF file of a doctor’s report or a digital X-ray of a broken arm — is protected not only at both ends (“at rest”) but also in transit (“in motion”).

That’s because the basic problem of the internet is that traffic goes through any number of third parties. “You don’t know and you can’t trust that your file is private — it’s like sending a postcard in the mail — anyone can read it,” he noted.

To address this, his company is deploying fan-favorite Dropbox but is also using a third-party product, nCrypted Cloud, to encrypt files before they’re sent, which leaves the encryption keys in the hands of the customer. The cloud storage provider, whether it’s [company]Dropbox[/company] or Box or Google Drive or Microsoft OneDrive does not hold those keys and cannot access the files or disclose them to third parties. (Neither does nCrypted Cloud, which competes with WatchDox and Sookasa, for that matter),

Shutterstock/deepspacedave

He’ s also trying out a new nCrypted Cloud product, Infinite Mail, that strips out attachments embedded in messages, and replaces them with secure links that the intended recipient can open as set up by an IT administrator. It supports popular [company]Microsoft[/company] and [company]Google[/company] email products.

If the problem of secure mail can be solved, this security exec sees possibly huge perks down the road. Currently, the cost of printing and mailing reports and benefits documentation is humongous — it can cost a company like his up to $100 million a year. If there is a way to guarantee secure digital delivery of such documents to the right end users, the cost savings could be huge.