Accessing Your Full TAM

By Jeff Klemens

Defining Your TAM

As a growth investor, one of the major factors we debate for each of our potential investments is the size of the total addressable market or TAM.  The larger a company’s TAM, the more upside it should have, all things equal.  We aren’t unique in scrutinizing this important investment factor, as the earliest stage venture firms all the way to public market funds are constantly assessing how TAM impacts their investment lens.  In fact, in their 2021 initiating coverage report on the software sector, Goldman Sachs Research cited “quantifying the total available market” as the first of eight key criteria in their framework to drive returns.

Management teams, and their bankers (as applicable), very much understand that convincing potential investors of a large market size can impact valuation.  Every management presentation I’ve seen takes a very liberal approach to defining their TAM, often highlighting how their solution sits at the “intersection” of multiple $bn sub-sectors covered by Forrester or Gartner, despite the uncertainty of addressing many of these areas with products on the company’s roadmap.  The most egregious example I’ve seen was an inbound from a banker claiming a “$7T+” market for a company they were representing.  To put that TAM into context, $7 trillion is the equivalent of the GDP of India, the UK and Canada combined, or about 1/3 of the US GDP, so count us skeptical.  The fact they needed to add the “+” in case $7 trillion wasn’t big enough was equally amusing.

The most thoughtful of the teams with which we engage will do a bottoms-up analysis, showing the number of potential customers that fit their ideal customer profile (ICP) multiplied by the price of their current offering.  In the B2B world, ICP tends to revolve around the size of the company, typically measured by revenue or employees, end market, and geography.  Showing how the product roadmap can increase both the available pricing for a given customer, but also expand the definition of the ICP is a discussion we enjoy having.  We also pay close attention to factors and themes causing the TAM to grow – being pushed by tailwinds is much more enjoyable than fighting headwinds.

U.S. Federal: An Under-Addressed TAM

There is one significant part of the market that most companies ignore when discussing their TAM, and that is the US Federal market.  The US Federal Government and its agencies spent about $90bn on Information Technology in its fiscal year 2021, over $50bn of which was by Civilian Agencies, making the US government by far the largest consumer of IT in the world.  Within that, just over $9bn was spent on cloud computing, a figure that has been growing strongly over the past five years.

So why is it that cloud startups often ignore this significant and growing part of their market?  For starters, the selling motion to the government is very different than a commercial sale, so it typically requires dedicated resources.  For public policy reasons the government also can’t commit to long contracts with a vendor but must regularly put the contract out to bid.  And finally, the government has strict and complex compliance and security requirements, especially for cloud technology companies, which can require major investments.

To help standardize the security and compliance required for cloud vendors to sell to the US government, the government devised the FedRAMP program in 2012.  Now any cloud vendor that services the US Federal Government must be FedRAMP certified, attaining what’s called a FedRAMP Authority to Operate (ATO).  Obtaining its ATO allows a vendor to re-use that authorization amongst many different agencies, rather than go through a rigorous audit and authorization for each one.  Despite best intentions, the process to get FedRAMP certified remains difficult and expensive, with most industry analysts estimating it takes up to two years and $2mm to get FedRAMP approval, plus another $1mm in annual monitoring expenses to remain compliant.  Given that, it is no surprise that to date just over 200 companies have been approved through the FedRAMP process.  Their reward for getting through this arduous process is being one of a limited group of vendors that can serve a large market that is looking for solutions.  Indeed, recent executive and congressional announcements underscore that cloud adoption is a priority, demonstrating urgent demand for all types of cloud solutions, only to be met with limited supply.  This dynamic is the opposite of most markets we evaluate, where many highly funded start-ups are spending millions of dollars on expensive customer acquisition campaigns.

It is that FedRAMP bottleneck that we were excited to help solve when we invested in Anitian earlier this year.  Anitian has developed a common framework and technology stack that helps automate and standardize the FedRAMP security and compliance process for cloud vendors seeking approval.  A typical Anitian customer can be FedRAMP audit-ready in 60 days and at a fraction of the cost of a more traditional, professional services-heavy approach.  Since FedRAMP is such a strict standard, with over 325 security controls for the “moderate” level, many customers are also beginning to leverage Anitian’s framework for their commercial cloud environments to demonstrate security best practices to their broader customer base.

We would encourage all cloud companies to examine closely their US Federal TAM.  With solutions like Anitian’s, some of the historical hurdles that existed to serving that market have been lowered.  While not $7T+, at $9bn in cloud spend and only 10% cloud penetration, addressing the US Federal market can provide a significant boost to your true TAM that should see good growth going forward.