Mar
03
2021
--

Okta acquires cloud identity startup Auth0 for $6.5B

As Okta announced earnings today after the bell, it revealed that it’s buying cloud identity startup Auth0 for a hefty $6.5 billion. The company had a valuation of $1.92 billion when it raised $120 million led by Salesforce Ventures last July.

With Auth0, Okta gets a cloud identity company that helps developers embed identity management into applications, adding an entirely new dimension to its identity platform. Okta co-founder and CEO Todd McKinnon says the acquisition gives his company broad coverage in the identity space and the acquisition has the power to lift identity to a first-class cloud category along with infrastructure, enterprise software like collaboration and CRM and others.

“There are a few other [primary cloud categories], but one of those has to be identity. And for identity to rise to that status, it has to cover all the use cases. It’s got to be both workforce and customer. So workforce [has been] our [primary] business traditionally, and customer is newer,” McKinnon told me.

The customer piece involves having your customers use Okta/Auth0 on the back end to sign onto your platform, rather using it as just your corporate credentials. Having coverage across both areas is what has McKinnon so excited.

Eugenio Pace, co-founder and CEO Auth0, sees his company together with Okta as powerful combination in the identity management space, and he’s not just hyping the deal when he says that. “Together, we can offer our customers workforce and customer identity solutions with exceptional speed, simplicity, security, reliability and scalability. By joining forces, we will accelerate our customers’ innovation and ability to meet the needs and demands of consumers, businesses and employees everywhere,” Pace said in a statement.

Pace and co-founder Matias Woloski came from Microsoft where they worked until launching their startup in 2013. As McKinnon points out this is a substantial company with 800 employees. It is expected to reach $200 million in revenue this year.

“So they have this mindset of building a service that is flexible and API-driven and great tools for developers and all the extensibility or customizability, that developers would need. And you can’t do that later, you have to start from the beginning.”

McKinnon says while they share some common customers, there will be net new ones as well and the nature of the two companies coverage areas means that they can sell Auth0 into traditional Okta customers and vice versa. The combined entities could fill in a soup-to-nuts kind of identity offering.

As Pace told TechCrunch’s Zack Whittaker in 2019, it has always been focused on developers:

“We’re not profitable because we’ve chosen to reinvest and continue to sustain the high scale of growth,” he said. “But we are more efficient every day — in the way we acquire customers, the way we service customers, in the way we ship new design capabilities.”

The question is how much this will change under Okta, but Auth0 users can breathe a sigh of relief in that McKinnon says that the company will operate as an independent unit inside of Okta as they look for paths to integration in the coming months. What’s more, McKinnon says he has a relationship with the two founders going back years and it sounds like there is an element of trust there.

Okta had a pretty good quarter too while it was at it, announcing $234.7 million in revenue up 40% year over year, but Wall Street appears to be unhappy with the deal with the stock price down 6.9% in after hours trading.

Auth0 was founded in 2013 and raised more than $300 million along the way. In addition to Salesforce Ventures, other investors included Sapphire Ventures, Bessemer Venture Partners and Meritech Capital Partners.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included in each for audience questions and discussion.


Feb
19
2021
--

SailPoint is buying SaaS management startup Intello

SailPoint, an identity management company that went public in 2017, announced it was going to be acquiring Intello, an early-stage SaaS management startup. The two companies did not share the purchase price.

SailPoint believes that by helping its customers locate all of the SaaS tools being used inside a company, it can help IT make the company safer. Part of the problem is that it’s so easy for employees to deploy SaaS tools without IT’s knowledge, and Intello gives them more visibility and control.

In fact, the term “shadow IT” developed over the last decade to describe this ability to deploy software outside of the purview of IT pros. With a tool like Intello, they can now find all of the SaaS tools and point the employees to sanctioned ones, while shutting down services the security pros might not want folks using.

Grady Summers, EVP of product at SailPoint, says that this problem has become even more pronounced during the pandemic as many companies have gone remote, making it even more challenging for IT to understand what SaaS tools employees might be using.

“This has led to a sharp rise in ungoverned SaaS sprawl and unprotected data that is being stored and shared within these apps. With little to no visibility into what shadow access exists within their organization, IT teams are further challenged to protect from the cyber risks that have increased over the past year,” Summers explained in a statement. He believes that with Intello in the fold, it will help root out that unsanctioned usage and make companies safer, while also helping them understand their SaaS spend better.

Intello has always seen itself as a way to increase security and compliance and has partnered in the past with other identity management tools like Okta and OneLogin. The company was founded in 2017 and raised $5.8 million according to Crunchbase data. That included a $2.5 million extended seed in May 2019.

Yesterday, another SaaS management tool, Torii, announced a $10 million Series A. Other players in the SaaS management space include BetterCloud and Blissfully, among others.

Sep
25
2020
--

Privacy data management innovations reduce risk, create new revenue channels

Privacy data mismanagement is a lurking liability within every commercial enterprise. The very definition of privacy data is evolving over time and has been broadened to include information concerning an individual’s health, wealth, college grades, geolocation and web surfing behaviors. Regulations are proliferating at state, national and international levels that seek to define privacy data and establish controls governing its maintenance and use.

Existing regulations are relatively new and are being translated into operational business practices through a series of judicial challenges that are currently in progress, adding to the confusion regarding proper data handling procedures. In this confusing and sometimes chaotic environment, the privacy risks faced by almost every corporation are frequently ambiguous, constantly changing and continually expanding.

Conventional information security (infosec) tools are designed to prevent the inadvertent loss or intentional theft of sensitive information. They are not sufficient to prevent the mismanagement of privacy data. Privacy safeguards not only need to prevent loss or theft but they must also prevent the inappropriate exposure or unauthorized usage of such data, even when no loss or breach has occurred. A new generation of infosec tools is needed to address the unique risks associated with the management of privacy data.

The first wave of innovation

A variety of privacy-focused security tools emerged over the past few years, triggered in part by the introduction of GDPR (General Data Protection Regulation) within the European Union in 2018. New capabilities introduced by this first wave of innovation were focused in the following three areas:

Data discovery, classification and cataloging. Modern enterprises collect a wide variety of personal information from customers, business partners and employees at different times for different purposes with different IT systems. This data is frequently disseminated throughout a company’s application portfolio via APIs, collaboration tools, automation bots and wholesale replication. Maintaining an accurate catalog of the location of such data is a major challenge and a perpetual activity. BigID, DataGuise and Integris Software have gained prominence as popular solutions for data discovery. Collibra and Alation are leaders in providing complementary capabilities for data cataloging.

Consent management. Individuals are commonly presented with privacy statements describing the intended use and safeguards that will be employed in handling the personal data they supply to corporations. They consent to these statements — either explicitly or implicitly — at the time such data is initially collected. Osano, Transcend.io and DataGrail.io specialize in the management of consent agreements and the enforcement of their terms. These tools enable individuals to exercise their consensual data rights, such as the right to view, edit or delete personal information they’ve provided in the past.

May
20
2020
--

Identity management startup Truework raises $30M to help you verify your work history

As organizations look for safe and efficient ways of running their services in the new global paradigm of increased social distancing, a startup that has built a platform to help people verify their work details in a secure way is announcing a round of growth funding.

Truework, which provides a way for banks, apartment-rental agencies, and others to check the employment details of an applicant in a quick and secure manner online, has raised $30 million, money that CEO and co-founder Ryan Sandler said in an interview that it would use both grow its existing business, as well to explore adding more details — both via its own service and via third-party partnerships — to the identity information that it shares.

The Series B is being led by Activant Capital — a VC that focuses on B2B2C startups — with participation also from Sequoia Capital and Khosla Ventures, as well as a number of high profile execs and entrepreneurs — Jeff Weiner (LinkedIn); Tom Gonser (Docusign); William Hockey (Plaid); and Daniel Yanisse (Checkr) among them.

The LinkedIn connection is an interesting one. Both Sandler and co-founder Victor Kabdebon were engineers at LinkedIn working on profile and improving the kind of data that LinkedIn sources on its users (the third co-founder, Ethan Winchell, previously worked elsewhere), and while Sandler tells me that the idea for Truework came to them after both left the company, he sees LinkedIn “as a potential partner here,” so watch this space.

The problem that Truework is aiming to solve is the very clunky, and often insecure, nature of how organizations typically verify an individual’s employment information. Details about salary and where you work, and the job you do, are typically essential for larger financial transactions, whether it’s securing a mortgage or another financing loan, or renting an apartment, or for others who might need to verify that information for other purposes, such as staffing agencies.

Typically that kind of information gathering is time-consuming both to reach out to get and to confirm (Sandler cites statistics that say on average an HR person spends over 1,000 hours annually answering questions like these). And some of the systems that have been put in place to do that work — specifically consumer reporting agencies — have been proven not be as watertight in their security as you would hope.

“Your data is flowing around lots of third party platforms,” Sandler said. “You’re releasing a lot of information about yourself and you don’t know where the data is going and if it’s even accurate.”

Truework’s solution is based around a platform, and now an API, that a company buys into. In turn, it gives its employees the ability to consent to using it. If the employee agrees, Truework sources a worker’s place of employment and salary details. Then when a third party wants to verify that information for the person in question, it uses Truework to do so, rather than contacting the company directly.

Then, when those queries come in, Truework contacts the individual with an email or text about the inquiry, so that he/she can okay (or reject) the request. Truework’s Sandler said that it uses ISO27001, SOC2 Type 1 & 2 protections, but he also confirmed that it does store your data.

Currently the idea is that if you leave your job, your next employer would need to also be a Truework customer in order to update the information it has on you: the startup makes money by charging both larger enterprises to make the platform accessible to employees as well as those organizations that are querying for the information/verifications (small business employers using the platform can use it for free).

Over time, the plan will be to configure a way to update your profiles regardless of where you work.

So far, the concept has seen a lot of traction: there are 20,000 small businesses using the platform, as well as 100 enterprises, with the number of verifiers (its term for those requesting information) now at 40,000. Customers include The College Board, The Real Real, Oscar Health, The Motley Fool, and Tuft & Needle.

While all of this was built at a time before COVID-19, the global health pandemic has highlighted the importance of having more efficient and secure systems for doing work, especially at a time when many people are not in the office.

“Our biggest competitor is the fax machine and the phone call,” Sandler said, “but as companies move to more remote working, no one is manning the phones or fax machines. But these operations still need to happen.” Indeed, he points out that at the end of 2019, Truework had 25,000 verifiers. Nearly doubling its end-user customers speaks to the huge boost in business it has seen in the last five months.

That is part of the reason the company has attracted the investment it has.

“Truework’s platform sits at the center of consumers’ most important transactions and life events – from purchasing a home, to securing a new job,” said Steve Sarracino, founder and partner at Activant Capital, in a statement. “Up until now, the identity verification process has been painful, expensive, and opaque for all parties involved, something we’ve seen first-hand in the mortgage space. Starting with income and employment, Truework is setting the standard for consent-based verifications and unlocking the next wave of the digital economy. We’re thrilled to be partnering with this exceptional team as they continue to scale the platform.” Sarracino is joining the board with this round.

While a big focus in the world of tech right now may be on building more and better ways of connecting goods and services to people in as contact-free a way as possible, the bigger play around identity management has been around for years, and will continue to be a huge part of how the internet develops in the future.

The fax and phone may be the primary tools these days for verifying employment information, but on a more general level, there are companies like Facebook, Google and Apple already playing a big role in how we “log in” and use all kinds of services online. They, along with others focused squarely on the identity and verification space (and Truework works with some of them), and using a myriad of approaches that include biometrics, ‘wallet’-style passports that link to information elsewhere, and more, will all continue to try to make the case for why they might be the most trusted provider of that layer of information, at a time when we may want to share less and especially share less with multiple parties.

That is the bigger opportunity that investors are betting on here.

“The increasing momentum Truework has seen since its founding in 2017 demonstrates the critical need for transformation in this space,” said Alfred Lin, partner at Sequoia, in a statement. “Privacy, especially around identity data, is becoming increasingly top of mind for consumers and how they make transactions online.”

Truework has now raised close to $45 million, and it’s not disclosing its valuation.

Apr
21
2020
--

ForgeRock nabs $93.5M for its ID management platform, gears up next for an IPO

For better or worse, digital identity management services — the process of identifying and authenticating users on networks to access services — has become a ubiquitous part of interacting on the internet, all the more so in the recent weeks as we have been asked to carry out increasingly more of our lives online.

Used correctly, they help ensure that it’s really you logging into your online banking service; used badly, you feel like you can’t innocently watch something silly on YouTube without being watched yourself. Altogether, they are a huge business: worth $16 billion today according to Gartner but growing at upwards of 30% and potentially as big as $30.5 billion by 2024, according to the latest forecasts.

Now, a company called ForgeRock, which has built a platform that is used to help make sure that those accessing services really are who they say are, and help organizations account for how their services are getting used, is announcing a big round of funding to continue expanding its business amid a huge boost in demand.

The company is today announcing that it has raised $93.5 million in funding, a Series E it will use to continue expanding its product and take it to its next step as a business, specifically investing in R&D, cloud services and its ForgeRock Identity Cloud, and general global business development.

The round is being led by Riverwood Capital, and Accenture Ventures, as well as previous investors Accel, Meritech Capital, Foundation Capital and KKR Growth, also participated.

Fran Rosch, the startup’s CEO, said in an interview that this will likely be its final round of funding ahead of an IPO, although given the current static of affairs with a lot of M&A, there is no timing set for when that might happen. (Notably, the company had said its last round of funding — $88 million in 2017 — would be its final ahead of an IPO, although that was under a different CEO.)

This Series E brings the total raised by the company to $230 million. Rosch confirmed it was raised as a material upround, although he declined to give a valuation. For some context, the company’s last post-money valuation was $646.50 million per PitchBook, and so this round values the company at more than $730 million.

ForgeRock has annual recurring revenues of more than $100 million, with annual revenues also at over $100 million, Rosch said. It operates in an industry heavy with competition, with some of the others vying for pole position in the various aspects of identity management including Okta, LastPass, Duo Serurity and Ping Identity.

But within that list it has amassed some impressive traction. In total it has 1,100 enterprise customers, who in turn collectively manage 2 billion identities through ForgeRock’s platform, with considerably more devices also authenticated and managed on top of that.

Customers include the likes of the BBC — which uses ForgeRock to authenticate and log not just 45 million users but also the devices they use to access its iPlayer on-demand video streaming service — Comcast, a number of major banks, the European Union and several other government organizations. ForgeRock was originally founded in Norway about a decade ago, and while it now has its headquarters in San Francisco, it still has about half its employees and half its customers on the other side of the Atlantic.

Currently ForgeRock provides services to businesses related to identity management including password and username creation, identity governance, directory services, privacy and consent gates, which they in turn provide both to their human customers as well as to devices accessing their services, but we’re in a period of change right now when it comes to identity management. It stays away from direct-to-consumer password management services and Rosch said there are no plans to move into that area.

These days, we’ve become more aware of privacy and data protection. Sometimes, it’s been because of the wrong reasons, such as giant security breaches that have leaked some aspect of our personal information into a giant database, or because of a news story that has uncovered how our information has unwittingly been used in ‘legit’ commercial schemes, or other ways we never imagined it would.

Those developments, combined with advances in technology, are very likely to lead us to a place over time where identity management will become significantly more shielded from misuse. These could include more ubiquitous use of federated identities, “lockers” that store our authentication credentials that can be used to log into services but remain separate from their control, and potentially even applications of blockchain technology.

All of this means that while a company like ForgeRock will continue to provide its current services, it’s also investing big in what it believes will be the next steps that we’ll take as an industry, and society, when it comes to digital identity management — something that has had a boost of late.

“There are a lot of interesting things going on, and we are working closely behind the scenes to flesh them out,” Rosch said. “For example, we’re looking at how best to break up data links where we control identities to get access for a temporary period of time but then pull back. It’s a powerful trend that is still about four to five years out. But we are preparing for this, a time when our platform can consume decentralised identity, on par with logins from Google or Facebook today. That is an interesting area.”

He notes that the current market, where there has been an overall surge for all online services as people are staying home to slow the speed of the coronavirus pandemic, has seen big boosts in specific verticals.

Its largest financial services and banking customers have seen traffic up by 50%, and digital streaming has been up by 300% — with customers like the BBC seeing spikes in usage at 5pm every day (at the time of the government COVID-19 briefing) that are as high as its most popular primetime shows or sporting events — and use of government services has also been surging, in part because many services that hadn’t been online are now developing online presences or seeing much more traffic from digital channels than before. Unsurprisingly, its customers in hotel and travel, as well as retail, have seen drops, he added.

“ForgeRock’s comprehensive platform is very well-positioned to capitalize on the enormous opportunity in the Identity & Access Management market,” said Jeff Parks, co-founder and managing partner of Riverwood Capital, in a statement. “ForgeRock is the leader in solving a wide range of workforce and consumer identity use cases for the Global 2000 and is trusted by some of the largest companies to manage millions of user identities. We have seen the growth acceleration and are thrilled to partner with this leadership team.” Parks is joining the board with this round.

Apr
01
2020
--

Okta launches Lifecycle Management Workflows to make building identity-centric processes easy

Okta, the popular identity and access management service, today used its annual (and now virtual) user conference to launch Lifecycle Management Workflows, a new tool that helps IT teams build and manage IFTTT-like automated processes with the help of an easy to use graphical interface.

The new service is an extension of Okta’s existing automation tools. But the key here is that IT teams and developers can now easily build complex identity-centric workflows across a wide range of applications. With this, these teams can easily automate an onboarding process, where setting up a new Okta account also immediately kicks off processes on third-party services like Box, Salesforce, ServiceNow and Slack to set up accounts there. The same goes for offboarding workflows and username creation. A lot of companies still do this manually, which is not just a hassle but also error-prone.

“Adopting more technology is incredibly beneficial for enterprises today, but complexity is a significant side effect of a changing technology ecosystem and workforce. There is no better example of the potential challenges it can create than with lifecycle management,” said Diya Jolly, chief product officer at Okta. “Okta’s vision of enabling any organization to use any technology goes deeper than just access; it’s about improving how organizations use technology. Okta Lifecycle Management Workflows improves the efficiency and security of enterprises through its simple user experience and broad applicability, keeping organizations secure and efficient without requiring the complexity of writing code.”

Okta, of course, had lifecycle management features before, but now it is also putting its acquisition of Azuqua to work and using that company’s graphical interface and technology for making it easier to create these automation processes. And while the focus right now is on processes like provisioning and de-provisioning accounts, the long-term plan is to expand Workflows with support for more identity processes.

As Okta also stresses, administrators can also manage very granular access across the supported third-party tools like assigning territories in Salesforce or access to specific group channels in Slack, for example. For temporary employees, admins can also set up automatic de-provisioning workflows that revoke access to some tools but maybe leave access to payroll services open for a while longer. There are also built-in tools for automatically managing conflicts when two people have the same name.

“Millions of people rely on Slack every day to make their working lives simpler, more pleasant and more productive,” said Tamar Yehoshua, chief product officer at Slack, one of the early adopters of this service. “Okta Lifecycle Management Workflows has significantly increased efficiency for us by automating the provisioning and de-provisioning of users from applications in our environment, without us ever having to write a line of code.”

This new feature is part of Okta’s new Platform Services, which the company also debuted today and which currently consists of core technologies like the Okta Identity Engine, Directories Integrations, Insights, Workflow and Devices. The core idea behind Platform Services is to give Okta users the flexibility to manage their unique identity use cases but also to give Okta itself a platform on which to innovate. One other new product that sits on top of the platform is Okta Fastpass, for example, which allows for passwordless authentication on any device.

Dec
04
2019
--

GitGuardian raises $12M to help developers write more secure code and ‘fix’ GitHub leaks

Data breaches that could cause millions of dollars in potential damages have been the bane of the life of many a company. What’s required is a great deal of real-time monitoring. The problem is that this world has become incredibly complex. A SANS Institute survey found half of company data breaches were the result of account or credential hacking.

GitGuardian has attempted to address this with a highly developer-centric cybersecurity solution.

It’s now attracted the attention of major investors, to the tune of $12 million in Series A funding, led by Balderton Capital . Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker, also participated in the round.

The startup plans to use the investment from Balderton Capital to expand its customer base, predominantly in the U.S. Around 75% of its clients are currently based in the U.S., with the remainder being based in Europe, and the funding will continue to drive this expansion.

Built to uncover sensitive company information hiding in online repositories, GitGuardian says its real-time monitoring platform can address the data leaks issues. Modern enterprise software developers have to integrate multiple internal and third-party services. That means they need incredibly sensitive “secrets,” such as login details, API keys and private cryptographic keys used to protect confidential systems and data.

GitGuardian’s systems detect thousands of credential leaks per day. The team originally built its launch platform with public GitHub in mind; however, GitGuardian is built as a private solution to monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.

Solomon Hykes, founder of Docker and investor at GitGuardian, said: “Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization.”

Do they have any competitors?

Co-founder Jérémy Thomas told me: “We currently don’t have any direct competitors. This generally means that there’s no market, or the market is too small to be interesting. In our case, our fundraise proves we’ve put our hands on something huge. So the reason we don’t have competitors is because the problem we’re solving is counterintuitive at first sight. Ask any developer, they will say they would never hardcode any secret in public source code. However, humans make mistakes and when that happens, they can be extremely serious: it can take a single leaked credential to jeopardize an entire organization. To conclude, I’d say our real competitors so far are black hat hackers. Black hat activity is real on GitHub. For two years, we’ve been monitoring organized groups of hackers that exchange sensitive information they find on the platform. We are competing with them on speed of detection and scope of vulnerabilities covered.”

Oct
03
2019
--

Osano makes business risk and compliance (somewhat) sexy again

A new startup is clearing the way for other companies to better monitor and manage their risk and compliance with privacy laws.

Osano, an Austin, Texas-based startup, bills itself as a privacy platform startup, which uses a software-as-a-service solution to give businesses real-time visibility into their current privacy and compliance posture. On one hand, that helps startups and enterprises large and small insight into whether or not they’re complying with global or state privacy laws, and manage risk factors associated with their business such as when partner or vendor privacy policies change.

The company launched its privacy platform at Disrupt SF on the Startup Battlefield stage.

Risk and compliance is typically a fusty, boring and frankly unsexy topic. But with ever-changing legal landscapes and constantly moving requirements, it’s hard to keep up. Although Europe’s GDPR has been around for a year, it’s still causing headaches. And stateside, the California Consumer Privacy Act is about to kick in and it is terrifying large companies for fear they can’t comply with it.

Osano mixes tech with its legal chops to help companies, particularly smaller startups without their own legal support, to provide a one-stop shop for businesses to get insight, advice and guidance.

“We believe that any time a company does a better job with transparency and data protection, we think that’s a really good thing for the internet,” the company’s founder Arlo Gilbert told TechCrunch.

Gilbert, along with his co-founder and chief technology officer Scott Hertel, have built their company’s software-as-a-service solution with several components in mind, including maintaining its scorecard of 6,000 vendors and their privacy practices to objectively grade how a company fares, as well as monitoring vendor privacy policies to spot changes as soon as they are made.

One of its standout features is allowing its corporate customers to comply with dozens of privacy laws across the world with a single line of code.

You’ve seen them before: The “consent” popups that ask (or demand) you to allow cookies or you can’t come in. Osano’s consent management lets companies install a dynamic consent management in just five minutes, which delivers the right consent message to the right people in the best language. Using the blockchain, the company says it can record and provide searchable and cryptographically verifiable proof-of-consent in the event of a person’s data access request.


“There are 40 countries with cookie and data privacy laws that require consent,” said Gilbert. “Each of them has nuances about what they consider to be consent: what you have to tell them; what you have to offer them; when you have to do it.”

Osano also has an office in Dublin, Ireland, allowing its corporate customers to say it has a physical representative in the European Union — a requirement for companies that have to comply with GDPR.

And, for corporate customers with questions, they can dial-an-expert from Osano’s outsourced and freelance team of attorneys and privacy experts to help break down complex questions into bitesize answers.

Or as Gilbert calls it, “Uber, but for lawyers.”

The concept seems novel but it’s not restricted to GDPR or California’s upcoming law. The company says it monitors international, federal and state legislatures for new laws and changes to existing privacy legislation to alert customers of upcoming changes and requirements that might affect their business.

In other words, plug in a new law or two and Osano’s customers are as good as covered.

Osano is still in its pre-seed stage. But while the company is focusing on its product, it’s not thinking too much about money.

“We’re planning to kind of go the binary outcome — go big or go home,” said Gilbert, with his eye on the small- to medium-sized enterprise. “It’s greenfield right now. There’s really nobody doing what we’re doing.”

The plan is to take on enough funding to own the market, and then focus on turning a profit. So much so, Gilbert said, that the company is registered as a B Corporation, a more socially conscious and less profit-driven approach of corporate structure, allowing it to generate profits while maintaining its social vision.

The company’s idea is strong; its corporate structure seems mindful. But is it enough of an enticement for fellow startups and small businesses? It’s either dominate the market or bust, and only time will tell.

Aug
23
2019
--

Ping Identity files for $100M IPO on Nasdaq to trade as ‘PING’

Some eight months after it was reported that Ping Identity’s owners Vista Equity had hired bankers to explore a public listing, today Ping Identity took the plunge: the Colorado-based online ID management company has filed an S-1 form indicating that it plans to raise up to $100 million in an IPO on the Nasdaq exchange under the ticker “Ping.”

While the initial S-1 filing doesn’t have an indication of price range, Ping is said to be looking at a valuation of between $2 billion and $3 billion in this listing.

The company has been around since 2001, founded by Andre Durand (who is still the CEO), and it was acquired by Vista in 2016 for about $600 million — at a time when a clutch of enterprise companies that looked like strong IPO candidates were going the private equity route and staying private instead.

But more recently, there has been a surge in demand for better IT security linked to identity and authentication management, so it seems that Vista Equity is selling up. The PE firm is taking advantage of the fact that the market’s currently very strong for tech IPOs, but there is so much M&A in enterprise right now (just yesterday VMware acquired not one but two companies, Carbon Black for $2.1 billion and Pivotal for $2.7 billion) that I can’t help but wonder if something might move here too.

The S-1 reveals a number of details on the company’s financials, indicating that it’s currently unprofitable but on a steady growth curve. Ping had revenues of $112.9 million in the first six months of 2019, versus $99.5 million in the same period a year before. Its loss has been shrinking in recent years, with a net loss of $3.1 million in the first six months of this year versus $5.8 million a year before (notably in 2017 overall it was profitable with a net income of $19 million. It seems that the change is due to acquisitions and investing for growth).

Its annual run rate, meanwhile, was $198 million for the first six months of the year, compared to $159.6 million in the same period a year ago.

The area of identity and access management has become a cornerstone of enterprise IT, with companies looking for efficient and secure ways to centralise how not just their employees, but their customers, their partners and various connected devices on their networks can be authenticated across their cloud and on-premise applications.

The demand for secure solutions covering all the different aspects of a company’s IT stack has grown rapidly over recent years, spurred not just by an increased move to centralised applications served through the cloud, but also by the drastic rise in breaches where malicious hackers have exploited vulnerabilities and loopholes in companies’ sign-on screens.

Ping has been one of the bigger companies building services in this area and tackling all of those use cases, competing with the likes of Okta, OneLogin, AuthO, Cisco and dozens more off-the-shelf and custom-built solutions.

The company offers its services on an SaaS basis, covering services like secure sign-on, multi-factor authentication, API access security, personalised and unified profile directories, data governance and AI-based security policies. It claims to be the pioneer of “Intelligent Identity,” using AI to help its system analyse user, device and network behavior to better identify potentially malicious activity.

More to come.

Jul
11
2019
--

OneTrust raises $200M at a $1.3B valuation to help organizations navigate online privacy rules

GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them in some serious hot water.

Now — to underscore the urgency and demand in the market — one of the bigger companies helping organizations navigate those rules is announcing a huge round of funding. OneTrust, which builds tools to help companies navigate data protection and privacy policies both internally and with its customers, has raised $200 million in a Series A led by Insight that values the company at $1.3 billion.

It’s an outsized round for a Series A, being made at an equally outsized valuation — especially considering that the company is only three years old — but that’s because of the wide-ranging nature of the issue, according to CEO Kabir Barday, and OneTrust’s early moves and subsequent pole position in tackling it.

“We’re talking about an operational overhaul in a company’s practices,” Barday said in an interview. “That requires the right technology and reach to be able to deliver that at a low cost.” Notably, he said that OneTrust wasn’t actually in search of funding — it’s already generating revenue and could have grown off its own balance sheet — although he noted that having the capitalization and backing sends a signal to the market and in particular to larger organizations of its stability and staying power.

Currently, OneTrust has around 3,000 customers across 100 countries (and 1,000 employees), and the plan will be to continue to expand its reach geographically and to more businesses. Funding will also go toward the company’s technology: it already has 50 patents filed and another 50 applications in progress, securing its own IP in the area of privacy protection.

OneTrust offers technology and services covering three different aspects of data protection and privacy management.

Its Privacy Management Software helps an organization manage how it collects data, and it generates compliance reports in line with how a site is working relative to different jurisdictions. Then there is the famous (or infamous) service that lets internet users set their preferences for how they want their data to be handled on different sites. The third is a larger database and risk management platform that assesses how various third-party services (for example advertising providers) work on a site and where they might pose data protection risks.

These are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.

The startup also has an interesting backstory that sheds some light on how it was founded and how it identified the gap in the market relatively early.

Alan Dabbiere, who is the co-chairman of OneTrust, had been the chairman of Airwatch — the mobile device management company acquired by VMware in 2014 (Airwatch’s CEO and founder, John Marshall, is OneTrust’s other co-chairman). In an interview, he told me that it was when they were at Airwatch — where Barday had worked across consulting, integration, engineering and product management — that they began to see just how a smartphone “could be a quagmire of privacy issues.”

“We could capture apps that an employee was using so that we could show them to IT to mitigate security risks,” he said, “but that actually presented a big privacy issue. If [the employee] has dyslexia [and uses a special app for it] or if the employee used a dating app, you’ve now shown things to IT that you shouldn’t have.”

He admitted that in the first version of the software, “we weren’t even thinking about whether that was inappropriate, but then we quickly realised that we needed to be thinking about privacy.”

Dabbiere said that it was Barday who first brought that sensibility to light, and “that is something that we have evolved from.” After that, and after the VMware sale, it seemed a no-brainer that he and Marshall would come on to help the new startup grow.

Airwatch made a relatively quick exit, I pointed out. His response: the plan is to stay the course at OneTrust, with a lot more room for expansion in this market. He describes the issues of data protection and privacy as “death by 1,000 cuts.” I guess when you think about it from an enterprising point of view, that essentially presents 1,000 business opportunities.

Indeed, there is obvious growth potential to expand not just its funnel of customers, but to add more services, such as proactive detection of malware that might leak customers’ data (which calls to mind the recently fined breach at British Airways), as well as tools to help stop that once identified.

While there are a million other companies also looking to fix those problems today, what’s interesting is the point from which OneTrust is starting: by providing tools to organizations simply to help them operate in the current regulatory climate as good citizens of the online world.

This is what caught Insight’s eye with this investment.

“OneTrust has truly established themselves as leaders in this space in a very short time frame, and are quickly becoming for privacy professionals what Salesforce became for salespeople,” said Richard Wells of Insight. “They offer such a vast range of modules and tools to help customers keep their businesses compliant with varying regulatory laws, and the tailwinds around GDPR and the upcoming CCPA make this an opportune time for growth. Their leadership team is unparalleled in their ambition and has proven their ability to convert those ambitions into reality.”

Wells added that while this is a big round for a Series A it’s because it is something of an outlier — not a mark of how Series A rounds will go soon.

“Investors will always be interested in and keen to partner with companies that are providing real solutions, are already established and are led by a strong group of entrepreneurs,” he said in an interview. “This is a company that has the expertise to help solve for what could be one of the greatest challenges of the next decade. That’s the company investors want to partner with and grow, regardless of fund timing.”

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com