Surf’s Up, Taxes Down

Why some tech companies are moving to Hawaii. Plus: outsourcing security.
CFO StaffMarch 1, 2003

Spectacular beaches and topnotch surfing opportunities weren’t the reasons Landmark Networks Inc., a Silicon Valley, Calif.-based wireless start-up with no profits or customers, decided to move to Hawaii late last year.

Instead it was the favorable investing climate, including a 100 percent state tax credit for high-tech investments (Act 221 credit), that prompted the relocation. “Moving to Hawaii gave us the best chance of succeeding, because the credit reduces the risk for early-stage investors,” says CEO Tareq Hoque, who helped raise $1.5 million from Hawaiian investors.

Along with such recently instituted incentives as a 20 percent tax refund for research-and-development activities (paid regardless of tax liability), nonexpiring net-loss carryforwards, and no state taxes on stock-option gains, the credits are designed to draw more ventures, as well as R&D units of established firms, to the Aloha State.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

“The whole purpose of the incentives is to nurture business in Hawaii, so that more companies will think about moving part or all of their business here,” says John Maughan, a tax partner in KPMG LLP’s Honolulu office. More than 100 firms, mostly in software and biotech, have officially qualified for the Act 221 credits.

Even if a company doesn’t have taxable operations in Hawaii, it can benefit from the investment credits, he says, thanks to partnership mechanisms that allow the credits to be swapped for cash or larger equity stakes.

So far, though, the hoped-for tsunami of venture funding hasn’t yet flooded the state: just over $240 million was invested in four businesses in 2002, according to VentureOne, including one $224 million infusion into Pihana Pacific Inc. (now part of Equinix Inc.) by Goldman Sachs, GE Capital, and others.

In fact, most of the money offered so far has gone into movies filmed in the state — like 2001’s Blue Crush — rather than into start-ups. As a result, the state legislature is expected to tighten the language this year to make the credit more specific to development-oriented ventures. It is also expected to crack down on other types of abuses, such as shell companies that are used solely for funneling capital expenditures. Mainland companies “would probably have a hard time if they were trying to carve out their IT departments as qualified high-tech enterprises,” says Maughan.

Security Ins and Outs

As with any other facet of IT, security is a function that can be outsourced. Managed security services providers (MSSPs), like their application service provider cousins, have had a rough time of it of late, but Gartner predicts 17 percent market growth this year, up from 10 percent last year. Eric Hemmendinger, research director for security and privacy at consulting firm Aberdeen Group Inc., says the companies that have survived have learned valuable lessons and may be poised to grow. “A lot of [venture capital] money was poured into this space in the late ’90s,” he says, “and companies generally took one of two tracks, either focusing on a specific security need, such as intrusion detection, or on a family of products and services.”

In part, the focused companies had better success because customers were wary of outsourced solutions that reached too far into the enterprise — they felt more secure with services that protected the edge of the network but did not, for example, monitor internal traffic or otherwise touch the “family jewels” of corporate data. And yet, “once clients get comfortable with a vendor providing a limited service,” says Hemmendinger, “they often look to that company to provide additional services. So we may see some M&A activity among these focused companies as they try to broaden their offerings.”

Leading makers of security software, such as Symantec and ISS, also act as MSSPs; their software revenues provide financial stability, although analysts say that to succeed as MSSPs they must move beyond a reliance on their own products and become technology-agnostic.

Major outsourcing firms, including IBM and EDS, also offer security services, which may prompt a CFO to ask: What level of security are such firms providing for routine IT outsourcing arrangements? Security expert Mark Doll says CFOs must scrutinize contracts because “in general, outsourcing deals are designed to reward efficiency, not security.” Some analysts say that outsourcers do take security seriously, because of the devastating publicity a hacker attack would produce. Kelly Kavanagh, a Gartner analyst focused on security, agrees that most service-level agreements for routine IT outsourcing balance security with efficiency. However, he recommends that contracts clearly spell out who is responsible for what forms of protection, because “it can be tough to determine how an intrusion happened, and even tougher to assign blame.”