Tag: Privacy


First Ascent Ventures Privacy Series: Managing Business Travel After COVID-19

Is your business prepared for the risks associated with employee travel, post COVID-19?

If not, now is the time to consider those risks and implement plans to reduce them. No one can pinpoint the exact timing of a return to business travel, but businesses (both startup and enterprise) must have plans in place for an eventual return of the“traveling employee”Companies will be expected to provide a ‘duty of care’ to their traveling employees, and at First Ascent Ventures we have identified the opportunities for software as a service to help meet this requirement.

Duty of Care — Why is it Important?

The legal concept of duty of care, as it relates to employee travel, presumes the employer has legal obligations to act in such a manner to avoid any risk to the employee of foreseeable injuries and damages while traveling. Beyond the legal/moral drivers, businesses have been faced with the growing challenge of employees demanding wellness infrastructure, and more broadly, an employer who they trust. The importance of trust and an employer’s commitment to their employee’s trust will help overcome healthcare concerns which will naturally be front of mind for all employees as they return to their usual travel roles.

In recent years, many large organizations have relied upon Global Security Operation Centers (GSOCs) to manage employee travel as it relates to the duty of care. However, our belief is that the COVID-19 crisis will reframe employee expectations and as a result, employers will be required to keep employee safety top of mind and directly address the related risks with detailed policies and programs they’re committed to delivering.

Why is This a Challenge for All Businesses?

For many companies, fulfilling the obligations of the duty of care requires significant administrative work. Human resources have historically been responsible for the bulk of communication and travel management but are not well-positioned to track constant changes in meetings and social events. While having a last-minute sales meeting with a potential client is a positive development, these types of activities post COVID-19 may pose serious health risks for employees. This new travel landscape will require companies to revisit their existing practices to meet the care standards that the laws (of the home country and place the employee is visiting,) and their employees require of them.

A Common Scenario

First Ascent Ventures spoke to a number of operators to create an illustrative scenario that highlights the challenges that will arise for businesses of all sizes once employee travel resumes.

Company X, a Canadian organization, has an employee who plans to lead implementation at a customer’s office in the UK. The immediate questions that must be addressed include:

Status of COVID-19: What is the latest update on COVID-19 outbreaks in the UK and does the UK permit short term travel from abroad?

Immunity/Testing Requirements: Are there any new or changing requirements that exist relating to testing or immunity certification (certificates given to those who have antibodies to the COVID-19 virus)?

Health Protocols: If the employee gets sick while traveling, what protocols should they follow? Is there a specific health provider they are directedto in case of an emergency?

Personal Protective Equipment and Hygiene Practice: Is the employee required to wear a mask on the plane? Does the employee have to wear a mask while they commute within the UK? Will the employer provide unlimited PPE for their employee for the duration of their trip? Does the employer have access to the necessary PPE?

Quarantines: What if travel restrictions or quarantines are introduced in the UK during the employee’s travel? What policies are in place to minimize business disruptions and ensure the employee’s safety?

Contact Tracing Policies: Is the UK implementing a contact tracing platform? Is the employee required to download an application and does the employee know to do this? How will the risks (centralized vs. decentralized platforms) be communicated with the employee?

A Way Forward

At First Ascent Ventures, we believe there are two options for companies who are ready to take this challenge seriously.

1. Build an In-house GSOC Capability — For Select Enterprises

These types of organizations require a full-time staff to monitor employee safety each day across multiple geographic locations. GSOC is responsible for 24-hour incident monitoring, providing constant response support, as well as ongoing analysis to identify any threats to employee assetsInternal company GSOCs are appropriate for large enterprises with significant security budgets. Our team predicts many companies will struggle economically to allocate the capital required to fund these initiatives — especially with the added complications of COVID-19 so the following is a better option;

2. Use 3rd Party Vendor to Identify Risk and Threats (GSOC as a Service) — For Select EnterpriseSME and Startup

At First Ascent Ventures, we predict most companies will begin seeking software vendors to provide the support needed to confidently have their employees resume corporate travel. We believe employers will value software with the ability to analyze the risks of travel to a destination, including the state of quarantines, vaccination requirements, political unrest, and more. We predict these risk management tools, along with a travel planning suite, will be ‘must-have’ software for employers that want to resume travel. The need for these services will likely serve as a catalyst for the emergence of new travel-tech with industry incumbents and new startups seeking to fulfill the needs of small businesses.

The technology already currently exists to track employees. For example, tracking locations using a mobile device is possible through Mobile Device Management (MDM). However, many of these current solutions are likely a step too far for most organization’s privacy policies — are employees willing to be tracked so closely and what will companies do with that information when they have it? A more elegant alternative is integrating a solution into a travel booking system thus removing the conflict of owning location data, which ultimately is a more ethical choice.


Here is a list of steps different stakeholders must take to prepare for the evolution that will take place in business travel:

Startups and SMEs:As a company, you must define your understanding of the duty of care and begin analyzing the available alternatives (software and traditional) to satisfy the needs and expectations of your employees. It is very likely your investors will expect executives to produce well thought out policies (similar to a business continuity plan) to address travel related risks and ensure employee safety and morale.

Investors: Consider the opportunities available in the travel management space for new software/services provided by startups or existing incumbents expanding their current travel offerings.

Trust is essential to the efficacy of any travel plan, given employees will be required to share data, especially location data. At First Ascent Ventures we encourage and advocate for ethical, thoughtful, and safe use of all data, hence this piece and our first Medium post. In a climate of concern about the use of data we encourage you all to take the challenge of business travel seriously, and harness the opportunity it presents to get clear on how you manage your traveling employees in the best interest of your team and your business.

First Ascent Ventures — Who We Are And Behind the Name

First Ascent Ventures was founded in 2015 and is a Toronto based VC fund that invests in emerging Canadian and U.S.-based technology companies that are building the next generation of disruptive, enterprise B2B software. www.firstascent.vc

In mountaineering, a first ascent is the first successful, documented summit of a mountain by an unclimbed route. First ascents are notable because they entail genuine exploration, with greater risks, challenges, and recognition than climbing a route pioneered by others. This is not dissimilar to the challenges and risks involved in building a start-up technology company.

Please reach out to Noah@firstascent.vc to collaborate with us.


Opportunities in Privacy & Security Emerging During COVID-19

This article, by First Ascent Ventures, is the first in a series that will outline emerging trends across the Privacy and Security space.

Katharine Tomko, Venture Partner at First Ascent Ventures

It would be an understatement to say that COVID-19 has drastically altered daily life and business dealings across the globe. The Canadian technology space is not immune to this disruption and as a venture fund supporting local innovation, the daily announcement of layoffs across the technology ecosystem has been painful to watch.

At First Ascent Ventures, we have worked very closely with each of our North American portfolio companies to deepen our understanding of not only the challenges but also the numerous opportunities(eternal Canadian optimists!) that exist across various verticals in enterprise software.

One such area that First Ascent Ventures has spent considerable time exploring is the Privacy and Security startup space. In the past year, the fund has added significant privacy industry expertise with Katharine Tomko, the Former Head of Privacy Programs at Facebook, joining as a Venture Partner.

This article will discuss some of the work our fund has undertaken in the Privacy and Security space, and specifically, outline four areas within privacy that have been highlighted as “ripe for startup disruption” since the COVID-19 crisis emerged.

Trends and Opportunities

Connecting Remote Workers With The Systems And Services That They Need To Perform Their Jobs.

Problem — While most companies have the infrastructure for remote employee connectivity (VPN, etc.), very few have the capacity to provide for a fully remote workforce for months at a time. The first weeks of lockdown were a scramble for hardware capacity, circuit upgrades, and hasty network configuration changes with a view of ‘it’s an emergency, we’ll clean this up later’, and the associated security headaches. Employee productivity was often hampered by poor network performance, as over-taxed VPN infrastructure was forced to scale beyond its design.

Opportunity — “Support of large scale remote working” as a highly available, performance service is now a budgetary item for every company that employs knowledge workers. Most forward-thinking companies will iterate beyond the traditional centralized VPN architecture, and move to a ‘zero trust’ architecture, as popularized by Google’s own corporate network with their ‘Beyond Corp’ design. The Zero Trust model assumes that there are hackers both within and outside the network, which effectively prevents any machine from being automatically trusted. Zero Trust ultimately shifts access controls from the perimeter (ie. a VPN gateway) to internally authenticating and verifying individual devices and computers. This allows employees to work securely from any location without the need for a traditional VPN. This will serve as a major technology refresh for most large companies and their ‘traditional’ VPN device vendors will not be able to accommodate this change with their existing holistic solutions. There are no standout ‘incumbent’ players in this massive market, and opportunities exist across all areas of this architecture.

Securing And Tracking Remote Employee Assets.

Problem — There are in essence two problems at work here. First, most large IT infrastructures have been built with the physical office in mind, and remote workers are an afterthought. Existing management systems and security tooling are often subpar for remote devices. Second, the biggest security problem that most companies have is understanding their existing device inventory; solid asset management and inventory are the cornerstones of any good security program — for example, you can’t patch unaccounted-for inventory. The Equifax breach, which happened through a staging server that was ‘forgotten’, is an illustrative example. Remote working further exacerbates this problem as the assets are pushed out beyond the traditional network edge.

Opportunity — A significant amount of security budget dollars have been spent on plugging ’security devices’ into internal networks over the past twenty years (intrusion detection, etc.). As the design of the network changes towards a model where both ‘on network’ and remote workers are treated equally as first class citizens, we can expect a whole new category of security control to emerge. The billions of dollars spent on security hardware will move into software. Similarly, as companies move to a ‘zero trust’ networking architecture, they will be fully reliant on their asset management and inventory systems being up to date to ensure that they are only providing data access to devices that they actively manage and maintain.

Business Continuity Planning & Execution.

Problem — While most companies have some form of a business continuity plan, it’s usually a neglected 45 page document at the bottom of a drawer, with little understanding of its practical use. During COVID-19, boards, investors and key customers were all asking for details on business continuity plans, often requiring a copy of the actual document, and specifics on how it has been tested and updated over time.

Opportunity —Business continuity planning is a fairly specialized practice, with ‘control owners’ spread across all parts of the organization. It’s extremely laborious to create, test, update and attain management approval for these plans, and they are almost always missing some key types of ‘disaster’ — how many companies had ‘pandemic’ as a realistic risk to plan for in 2020? Now that companies have executed their plans (often for the first time), and been forced into transparency with their key stakeholders, we can expect to see renewed focus on building and maintaining a comprehensive disaster recovery/business continuity plan. There are opportunities for software to streamline this process, from guiding the organization through best practices in creating the plan, to managing control ownership across the organization, to ensuring regular testing of the plan and providing board visibility.

Physical Security/Safety of Employees.

Problem — While most travel has been eliminated from company budgeted expenses for the second and third quarter of 2020, many foresee a steady return to normal business travel later this year and into early 2021. Companies are responsible for the safety of their employees while they are on business travel or working in remote offices, and employee health (exposure to outbreaks, etc.), and safety (civil unrest, quarantine rules, etc.), will be a top priority. It has been some time since the average employee contemplated their safety while traveling for business. If business travel is really necessary for a job function, expect employees to hold their employer to a higher standard when it comes to safeguarding their health.

Opportunity — The largest and most forward-thinking companies already track and provide support to their employees while on business travel. As both employer and employee fully internalize who really owns the risks of business travel, expect these types of ‘global security operations centers’ to become more commonplace at large organizations, and to trickle down into smaller companies. Opportunities exist for software to support these functions, with integrations into corporate travel systems and automated integrations with government travel advisories.


We would encourage both startups and larger organizations to reflect on these four emerging trends in the privacy and security space and examine their own capabilities to address these concerns. First Ascent Ventures is confident that while these issues arose because of the massive work from home movement caused by COVID-19, enterprises will continue to keep privacy and security top of mind even after the world returns to normalcy (i.e. back to the office).

First Ascent Ventures is dedicated to working with companies and/or investors addressing these gaps in enterprise privacy. We hope to contribute and ensure that the next-generation of enterprise security is one that actively prepares companies for the future privacy challenges that lie ahead, rather than reacting after it is too late.

Please reach out to Noah@firstascent.vc to collaborate with us.

First Ascent Ventures — Who We Are And Behind the Name

Makalu as seen from the Summit of Everest. Photography by Tony van Marken, Founder, First Ascent Ventures

First Ascent Ventures was founded in 2015 and is a Toronto based VC fund that invests in emerging Canadian and U.S.-based technology companies that are building the next generation of disruptive, enterprise B2B software. www.firstascent.vc

In mountaineering, a first ascent is the first successful, documented summit of a mountain by an unclimbed route. First ascents are notable because they entail genuine exploration, with greater risks, challenges and recognition than climbing a route pioneered by others. This is not dissimilar to the challenges and risks involved in building a start-up technology company.



OTTAWA, ON, June 15, 2020 – Kinaxis® Inc. (TSX: KXS), the authority in driving agility for fast, confident decision-making in an unpredictable world, has signed a definitive agreement to acquire Toronto-based Rubikloud, a disruptive, emerging provider of AI solutions that automate supply chain prescriptive analytics and decision-making in the retail and consumer packaged goods (CPG) industries.

Globally-recognized retailers and CPG manufacturers in the health and beauty, household and grocery segments use Rubikloud’s AI-based products today. Their offerings include demand forecasting and automation to manage and optimize trade promotions, pricing and assortment to drive product demand and dramatically improve financial results. Kinaxis will enhance RapidResponse’s demand planning capabilities with the Rubikloud offerings, anticipating initial opportunities in the company’s rapidly-growing CPG customer base and over time for other industries such as life sciences. The acquisition also offers Kinaxis a springboard into the enterprise retail industry.

“Rubikloud has capabilities and value that we can offer our CPG customers today, leads us into the retail industry with some bellwether accounts, and adds a group of approximately 80 people to an already-impressive AI and machine learning (ML) team here at Kinaxis. Over time, this enhanced group will contribute to new and existing AI-powered capabilities across the full Kinaxis RapidResponse® platform and applications,” said John Sicard, President and CEO of Kinaxis. “This acquisition reflects the growing importance of AI and ML to power intelligent automation and augment human decision-making to better deliver on customer promises, remove waste and increase resiliency for effective risk management.”

Rubikloud’s SaaS-based ML offerings empower retail and CPG manufacturers to transform their core operations by improving and automating complex, profit-generating decisions. Rubikloud’s proven AI capabilities and intuitive tools enable users to leverage disparate data sources to improve forecast accuracy, site-level allocations, inventory availability and promotion plans by allowing users to run boundless simulations in real time.

“We founded Rubikloud with the belief that purpose-built AI could be used to solve some of the most complex industry problems and we have spent the last seven years building a fantastic product that receives validation from global customers every day,” said Kerry Liu, CEO, Rubikloud. “We’re excited at the prospect of joining Kinaxis, which helps us bring our innovations to a much broader customer base at a faster pace than on our own. Not only that, being two strong Canadian companies we see great cultural synergy and look forward to working on the complex problems we know RapidResponse and concurrent planning can solve for customers.”

Terms of Agreement
Kinaxis will acquire Rubikloud for US$60 million in an all-cash transaction that is expected to close within 60 days. Based on Rubikloud’s current revenue and expense profile, the company’s fiscal 2020 revenue and Adjusted EBITDA guidance, as reiterated in its May 6, 2020 news release, remains unchanged. The transaction is subject to customary closing conditions.

About Kinaxis Inc. 
Everyday volatility and uncertainty demand quick action. Kinaxis® delivers the agility to make fast, confident decisions across integrated business planning and the digital supply chain. People can plan better, live better and change the world. Trusted by innovative brands, we combine human intelligence with AI and concurrent planning to help companies plan for any future, monitor risks and opportunities and respond at the pace of change. Powered by an extensible, cloud-based platform, Kinaxis delivers industry-proven applications so everyone can know sooner, act faster and remove waste. For more Kinaxis news, follow us on LinkedIn or Twitter.