May
20
2020
--

Identity management startup Truework raises $30M to help you verify your work history

As organizations look for safe and efficient ways of running their services in the new global paradigm of increased social distancing, a startup that has built a platform to help people verify their work details in a secure way is announcing a round of growth funding.

Truework, which provides a way for banks, apartment-rental agencies, and others to check the employment details of an applicant in a quick and secure manner online, has raised $30 million, money that CEO and co-founder Ryan Sandler said in an interview that it would use both grow its existing business, as well to explore adding more details — both via its own service and via third-party partnerships — to the identity information that it shares.

The Series B is being led by Activant Capital — a VC that focuses on B2B2C startups — with participation also from Sequoia Capital and Khosla Ventures, as well as a number of high profile execs and entrepreneurs — Jeff Weiner (LinkedIn); Tom Gonser (Docusign); William Hockey (Plaid); and Daniel Yanisse (Checkr) among them.

The LinkedIn connection is an interesting one. Both Sandler and co-founder Victor Kabdebon were engineers at LinkedIn working on profile and improving the kind of data that LinkedIn sources on its users (the third co-founder, Ethan Winchell, previously worked elsewhere), and while Sandler tells me that the idea for Truework came to them after both left the company, he sees LinkedIn “as a potential partner here,” so watch this space.

The problem that Truework is aiming to solve is the very clunky, and often insecure, nature of how organizations typically verify an individual’s employment information. Details about salary and where you work, and the job you do, are typically essential for larger financial transactions, whether it’s securing a mortgage or another financing loan, or renting an apartment, or for others who might need to verify that information for other purposes, such as staffing agencies.

Typically that kind of information gathering is time-consuming both to reach out to get and to confirm (Sandler cites statistics that say on average an HR person spends over 1,000 hours annually answering questions like these). And some of the systems that have been put in place to do that work — specifically consumer reporting agencies — have been proven not be as watertight in their security as you would hope.

“Your data is flowing around lots of third party platforms,” Sandler said. “You’re releasing a lot of information about yourself and you don’t know where the data is going and if it’s even accurate.”

Truework’s solution is based around a platform, and now an API, that a company buys into. In turn, it gives its employees the ability to consent to using it. If the employee agrees, Truework sources a worker’s place of employment and salary details. Then when a third party wants to verify that information for the person in question, it uses Truework to do so, rather than contacting the company directly.

Then, when those queries come in, Truework contacts the individual with an email or text about the inquiry, so that he/she can okay (or reject) the request. Truework’s Sandler said that it uses ISO27001, SOC2 Type 1 & 2 protections, but he also confirmed that it does store your data.

Currently the idea is that if you leave your job, your next employer would need to also be a Truework customer in order to update the information it has on you: the startup makes money by charging both larger enterprises to make the platform accessible to employees as well as those organizations that are querying for the information/verifications (small business employers using the platform can use it for free).

Over time, the plan will be to configure a way to update your profiles regardless of where you work.

So far, the concept has seen a lot of traction: there are 20,000 small businesses using the platform, as well as 100 enterprises, with the number of verifiers (its term for those requesting information) now at 40,000. Customers include The College Board, The Real Real, Oscar Health, The Motley Fool, and Tuft & Needle.

While all of this was built at a time before COVID-19, the global health pandemic has highlighted the importance of having more efficient and secure systems for doing work, especially at a time when many people are not in the office.

“Our biggest competitor is the fax machine and the phone call,” Sandler said, “but as companies move to more remote working, no one is manning the phones or fax machines. But these operations still need to happen.” Indeed, he points out that at the end of 2019, Truework had 25,000 verifiers. Nearly doubling its end-user customers speaks to the huge boost in business it has seen in the last five months.

That is part of the reason the company has attracted the investment it has.

“Truework’s platform sits at the center of consumers’ most important transactions and life events – from purchasing a home, to securing a new job,” said Steve Sarracino, founder and partner at Activant Capital, in a statement. “Up until now, the identity verification process has been painful, expensive, and opaque for all parties involved, something we’ve seen first-hand in the mortgage space. Starting with income and employment, Truework is setting the standard for consent-based verifications and unlocking the next wave of the digital economy. We’re thrilled to be partnering with this exceptional team as they continue to scale the platform.” Sarracino is joining the board with this round.

While a big focus in the world of tech right now may be on building more and better ways of connecting goods and services to people in as contact-free a way as possible, the bigger play around identity management has been around for years, and will continue to be a huge part of how the internet develops in the future.

The fax and phone may be the primary tools these days for verifying employment information, but on a more general level, there are companies like Facebook, Google and Apple already playing a big role in how we “log in” and use all kinds of services online. They, along with others focused squarely on the identity and verification space (and Truework works with some of them), and using a myriad of approaches that include biometrics, ‘wallet’-style passports that link to information elsewhere, and more, will all continue to try to make the case for why they might be the most trusted provider of that layer of information, at a time when we may want to share less and especially share less with multiple parties.

That is the bigger opportunity that investors are betting on here.

“The increasing momentum Truework has seen since its founding in 2017 demonstrates the critical need for transformation in this space,” said Alfred Lin, partner at Sequoia, in a statement. “Privacy, especially around identity data, is becoming increasingly top of mind for consumers and how they make transactions online.”

Truework has now raised close to $45 million, and it’s not disclosing its valuation.

Apr
21
2020
--

ForgeRock nabs $93.5M for its ID management platform, gears up next for an IPO

For better or worse, digital identity management services — the process of identifying and authenticating users on networks to access services — has become a ubiquitous part of interacting on the internet, all the more so in the recent weeks as we have been asked to carry out increasingly more of our lives online.

Used correctly, they help ensure that it’s really you logging into your online banking service; used badly, you feel like you can’t innocently watch something silly on YouTube without being watched yourself. Altogether, they are a huge business: worth $16 billion today according to Gartner but growing at upwards of 30% and potentially as big as $30.5 billion by 2024, according to the latest forecasts.

Now, a company called ForgeRock, which has built a platform that is used to help make sure that those accessing services really are who they say are, and help organizations account for how their services are getting used, is announcing a big round of funding to continue expanding its business amid a huge boost in demand.

The company is today announcing that it has raised $93.5 million in funding, a Series E it will use to continue expanding its product and take it to its next step as a business, specifically investing in R&D, cloud services and its ForgeRock Identity Cloud, and general global business development.

The round is being led by Riverwood Capital, and Accenture Ventures, as well as previous investors Accel, Meritech Capital, Foundation Capital and KKR Growth, also participated.

Fran Rosch, the startup’s CEO, said in an interview that this will likely be its final round of funding ahead of an IPO, although given the current static of affairs with a lot of M&A, there is no timing set for when that might happen. (Notably, the company had said its last round of funding — $88 million in 2017 — would be its final ahead of an IPO, although that was under a different CEO.)

This Series E brings the total raised by the company to $230 million. Rosch confirmed it was raised as a material upround, although he declined to give a valuation. For some context, the company’s last post-money valuation was $646.50 million per PitchBook, and so this round values the company at more than $730 million.

ForgeRock has annual recurring revenues of more than $100 million, with annual revenues also at over $100 million, Rosch said. It operates in an industry heavy with competition, with some of the others vying for pole position in the various aspects of identity management including Okta, LastPass, Duo Serurity and Ping Identity.

But within that list it has amassed some impressive traction. In total it has 1,100 enterprise customers, who in turn collectively manage 2 billion identities through ForgeRock’s platform, with considerably more devices also authenticated and managed on top of that.

Customers include the likes of the BBC — which uses ForgeRock to authenticate and log not just 45 million users but also the devices they use to access its iPlayer on-demand video streaming service — Comcast, a number of major banks, the European Union and several other government organizations. ForgeRock was originally founded in Norway about a decade ago, and while it now has its headquarters in San Francisco, it still has about half its employees and half its customers on the other side of the Atlantic.

Currently ForgeRock provides services to businesses related to identity management including password and username creation, identity governance, directory services, privacy and consent gates, which they in turn provide both to their human customers as well as to devices accessing their services, but we’re in a period of change right now when it comes to identity management. It stays away from direct-to-consumer password management services and Rosch said there are no plans to move into that area.

These days, we’ve become more aware of privacy and data protection. Sometimes, it’s been because of the wrong reasons, such as giant security breaches that have leaked some aspect of our personal information into a giant database, or because of a news story that has uncovered how our information has unwittingly been used in ‘legit’ commercial schemes, or other ways we never imagined it would.

Those developments, combined with advances in technology, are very likely to lead us to a place over time where identity management will become significantly more shielded from misuse. These could include more ubiquitous use of federated identities, “lockers” that store our authentication credentials that can be used to log into services but remain separate from their control, and potentially even applications of blockchain technology.

All of this means that while a company like ForgeRock will continue to provide its current services, it’s also investing big in what it believes will be the next steps that we’ll take as an industry, and society, when it comes to digital identity management — something that has had a boost of late.

“There are a lot of interesting things going on, and we are working closely behind the scenes to flesh them out,” Rosch said. “For example, we’re looking at how best to break up data links where we control identities to get access for a temporary period of time but then pull back. It’s a powerful trend that is still about four to five years out. But we are preparing for this, a time when our platform can consume decentralised identity, on par with logins from Google or Facebook today. That is an interesting area.”

He notes that the current market, where there has been an overall surge for all online services as people are staying home to slow the speed of the coronavirus pandemic, has seen big boosts in specific verticals.

Its largest financial services and banking customers have seen traffic up by 50%, and digital streaming has been up by 300% — with customers like the BBC seeing spikes in usage at 5pm every day (at the time of the government COVID-19 briefing) that are as high as its most popular primetime shows or sporting events — and use of government services has also been surging, in part because many services that hadn’t been online are now developing online presences or seeing much more traffic from digital channels than before. Unsurprisingly, its customers in hotel and travel, as well as retail, have seen drops, he added.

“ForgeRock’s comprehensive platform is very well-positioned to capitalize on the enormous opportunity in the Identity & Access Management market,” said Jeff Parks, co-founder and managing partner of Riverwood Capital, in a statement. “ForgeRock is the leader in solving a wide range of workforce and consumer identity use cases for the Global 2000 and is trusted by some of the largest companies to manage millions of user identities. We have seen the growth acceleration and are thrilled to partner with this leadership team.” Parks is joining the board with this round.

Apr
01
2020
--

Okta launches Lifecycle Management Workflows to make building identity-centric processes easy

Okta, the popular identity and access management service, today used its annual (and now virtual) user conference to launch Lifecycle Management Workflows, a new tool that helps IT teams build and manage IFTTT-like automated processes with the help of an easy to use graphical interface.

The new service is an extension of Okta’s existing automation tools. But the key here is that IT teams and developers can now easily build complex identity-centric workflows across a wide range of applications. With this, these teams can easily automate an onboarding process, where setting up a new Okta account also immediately kicks off processes on third-party services like Box, Salesforce, ServiceNow and Slack to set up accounts there. The same goes for offboarding workflows and username creation. A lot of companies still do this manually, which is not just a hassle but also error-prone.

“Adopting more technology is incredibly beneficial for enterprises today, but complexity is a significant side effect of a changing technology ecosystem and workforce. There is no better example of the potential challenges it can create than with lifecycle management,” said Diya Jolly, chief product officer at Okta. “Okta’s vision of enabling any organization to use any technology goes deeper than just access; it’s about improving how organizations use technology. Okta Lifecycle Management Workflows improves the efficiency and security of enterprises through its simple user experience and broad applicability, keeping organizations secure and efficient without requiring the complexity of writing code.”

Okta, of course, had lifecycle management features before, but now it is also putting its acquisition of Azuqua to work and using that company’s graphical interface and technology for making it easier to create these automation processes. And while the focus right now is on processes like provisioning and de-provisioning accounts, the long-term plan is to expand Workflows with support for more identity processes.

As Okta also stresses, administrators can also manage very granular access across the supported third-party tools like assigning territories in Salesforce or access to specific group channels in Slack, for example. For temporary employees, admins can also set up automatic de-provisioning workflows that revoke access to some tools but maybe leave access to payroll services open for a while longer. There are also built-in tools for automatically managing conflicts when two people have the same name.

“Millions of people rely on Slack every day to make their working lives simpler, more pleasant and more productive,” said Tamar Yehoshua, chief product officer at Slack, one of the early adopters of this service. “Okta Lifecycle Management Workflows has significantly increased efficiency for us by automating the provisioning and de-provisioning of users from applications in our environment, without us ever having to write a line of code.”

This new feature is part of Okta’s new Platform Services, which the company also debuted today and which currently consists of core technologies like the Okta Identity Engine, Directories Integrations, Insights, Workflow and Devices. The core idea behind Platform Services is to give Okta users the flexibility to manage their unique identity use cases but also to give Okta itself a platform on which to innovate. One other new product that sits on top of the platform is Okta Fastpass, for example, which allows for passwordless authentication on any device.

Dec
04
2019
--

GitGuardian raises $12M to help developers write more secure code and ‘fix’ GitHub leaks

Data breaches that could cause millions of dollars in potential damages have been the bane of the life of many a company. What’s required is a great deal of real-time monitoring. The problem is that this world has become incredibly complex. A SANS Institute survey found half of company data breaches were the result of account or credential hacking.

GitGuardian has attempted to address this with a highly developer-centric cybersecurity solution.

It’s now attracted the attention of major investors, to the tune of $12 million in Series A funding, led by Balderton Capital . Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker, also participated in the round.

The startup plans to use the investment from Balderton Capital to expand its customer base, predominantly in the U.S. Around 75% of its clients are currently based in the U.S., with the remainder being based in Europe, and the funding will continue to drive this expansion.

Built to uncover sensitive company information hiding in online repositories, GitGuardian says its real-time monitoring platform can address the data leaks issues. Modern enterprise software developers have to integrate multiple internal and third-party services. That means they need incredibly sensitive “secrets,” such as login details, API keys and private cryptographic keys used to protect confidential systems and data.

GitGuardian’s systems detect thousands of credential leaks per day. The team originally built its launch platform with public GitHub in mind; however, GitGuardian is built as a private solution to monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.

Solomon Hykes, founder of Docker and investor at GitGuardian, said: “Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization.”

Do they have any competitors?

Co-founder Jérémy Thomas told me: “We currently don’t have any direct competitors. This generally means that there’s no market, or the market is too small to be interesting. In our case, our fundraise proves we’ve put our hands on something huge. So the reason we don’t have competitors is because the problem we’re solving is counterintuitive at first sight. Ask any developer, they will say they would never hardcode any secret in public source code. However, humans make mistakes and when that happens, they can be extremely serious: it can take a single leaked credential to jeopardize an entire organization. To conclude, I’d say our real competitors so far are black hat hackers. Black hat activity is real on GitHub. For two years, we’ve been monitoring organized groups of hackers that exchange sensitive information they find on the platform. We are competing with them on speed of detection and scope of vulnerabilities covered.”

Oct
03
2019
--

Osano makes business risk and compliance (somewhat) sexy again

A new startup is clearing the way for other companies to better monitor and manage their risk and compliance with privacy laws.

Osano, an Austin, Texas-based startup, bills itself as a privacy platform startup, which uses a software-as-a-service solution to give businesses real-time visibility into their current privacy and compliance posture. On one hand, that helps startups and enterprises large and small insight into whether or not they’re complying with global or state privacy laws, and manage risk factors associated with their business such as when partner or vendor privacy policies change.

The company launched its privacy platform at Disrupt SF on the Startup Battlefield stage.

Risk and compliance is typically a fusty, boring and frankly unsexy topic. But with ever-changing legal landscapes and constantly moving requirements, it’s hard to keep up. Although Europe’s GDPR has been around for a year, it’s still causing headaches. And stateside, the California Consumer Privacy Act is about to kick in and it is terrifying large companies for fear they can’t comply with it.

Osano mixes tech with its legal chops to help companies, particularly smaller startups without their own legal support, to provide a one-stop shop for businesses to get insight, advice and guidance.

“We believe that any time a company does a better job with transparency and data protection, we think that’s a really good thing for the internet,” the company’s founder Arlo Gilbert told TechCrunch.

Gilbert, along with his co-founder and chief technology officer Scott Hertel, have built their company’s software-as-a-service solution with several components in mind, including maintaining its scorecard of 6,000 vendors and their privacy practices to objectively grade how a company fares, as well as monitoring vendor privacy policies to spot changes as soon as they are made.

One of its standout features is allowing its corporate customers to comply with dozens of privacy laws across the world with a single line of code.

You’ve seen them before: The “consent” popups that ask (or demand) you to allow cookies or you can’t come in. Osano’s consent management lets companies install a dynamic consent management in just five minutes, which delivers the right consent message to the right people in the best language. Using the blockchain, the company says it can record and provide searchable and cryptographically verifiable proof-of-consent in the event of a person’s data access request.


“There are 40 countries with cookie and data privacy laws that require consent,” said Gilbert. “Each of them has nuances about what they consider to be consent: what you have to tell them; what you have to offer them; when you have to do it.”

Osano also has an office in Dublin, Ireland, allowing its corporate customers to say it has a physical representative in the European Union — a requirement for companies that have to comply with GDPR.

And, for corporate customers with questions, they can dial-an-expert from Osano’s outsourced and freelance team of attorneys and privacy experts to help break down complex questions into bitesize answers.

Or as Gilbert calls it, “Uber, but for lawyers.”

The concept seems novel but it’s not restricted to GDPR or California’s upcoming law. The company says it monitors international, federal and state legislatures for new laws and changes to existing privacy legislation to alert customers of upcoming changes and requirements that might affect their business.

In other words, plug in a new law or two and Osano’s customers are as good as covered.

Osano is still in its pre-seed stage. But while the company is focusing on its product, it’s not thinking too much about money.

“We’re planning to kind of go the binary outcome — go big or go home,” said Gilbert, with his eye on the small- to medium-sized enterprise. “It’s greenfield right now. There’s really nobody doing what we’re doing.”

The plan is to take on enough funding to own the market, and then focus on turning a profit. So much so, Gilbert said, that the company is registered as a B Corporation, a more socially conscious and less profit-driven approach of corporate structure, allowing it to generate profits while maintaining its social vision.

The company’s idea is strong; its corporate structure seems mindful. But is it enough of an enticement for fellow startups and small businesses? It’s either dominate the market or bust, and only time will tell.

Aug
23
2019
--

Ping Identity files for $100M IPO on Nasdaq to trade as ‘PING’

Some eight months after it was reported that Ping Identity’s owners Vista Equity had hired bankers to explore a public listing, today Ping Identity took the plunge: the Colorado-based online ID management company has filed an S-1 form indicating that it plans to raise up to $100 million in an IPO on the Nasdaq exchange under the ticker “Ping.”

While the initial S-1 filing doesn’t have an indication of price range, Ping is said to be looking at a valuation of between $2 billion and $3 billion in this listing.

The company has been around since 2001, founded by Andre Durand (who is still the CEO), and it was acquired by Vista in 2016 for about $600 million — at a time when a clutch of enterprise companies that looked like strong IPO candidates were going the private equity route and staying private instead.

But more recently, there has been a surge in demand for better IT security linked to identity and authentication management, so it seems that Vista Equity is selling up. The PE firm is taking advantage of the fact that the market’s currently very strong for tech IPOs, but there is so much M&A in enterprise right now (just yesterday VMware acquired not one but two companies, Carbon Black for $2.1 billion and Pivotal for $2.7 billion) that I can’t help but wonder if something might move here too.

The S-1 reveals a number of details on the company’s financials, indicating that it’s currently unprofitable but on a steady growth curve. Ping had revenues of $112.9 million in the first six months of 2019, versus $99.5 million in the same period a year before. Its loss has been shrinking in recent years, with a net loss of $3.1 million in the first six months of this year versus $5.8 million a year before (notably in 2017 overall it was profitable with a net income of $19 million. It seems that the change is due to acquisitions and investing for growth).

Its annual run rate, meanwhile, was $198 million for the first six months of the year, compared to $159.6 million in the same period a year ago.

The area of identity and access management has become a cornerstone of enterprise IT, with companies looking for efficient and secure ways to centralise how not just their employees, but their customers, their partners and various connected devices on their networks can be authenticated across their cloud and on-premise applications.

The demand for secure solutions covering all the different aspects of a company’s IT stack has grown rapidly over recent years, spurred not just by an increased move to centralised applications served through the cloud, but also by the drastic rise in breaches where malicious hackers have exploited vulnerabilities and loopholes in companies’ sign-on screens.

Ping has been one of the bigger companies building services in this area and tackling all of those use cases, competing with the likes of Okta, OneLogin, AuthO, Cisco and dozens more off-the-shelf and custom-built solutions.

The company offers its services on an SaaS basis, covering services like secure sign-on, multi-factor authentication, API access security, personalised and unified profile directories, data governance and AI-based security policies. It claims to be the pioneer of “Intelligent Identity,” using AI to help its system analyse user, device and network behavior to better identify potentially malicious activity.

More to come.

Jul
11
2019
--

OneTrust raises $200M at a $1.3B valuation to help organizations navigate online privacy rules

GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them in some serious hot water.

Now — to underscore the urgency and demand in the market — one of the bigger companies helping organizations navigate those rules is announcing a huge round of funding. OneTrust, which builds tools to help companies navigate data protection and privacy policies both internally and with its customers, has raised $200 million in a Series A led by Insight that values the company at $1.3 billion.

It’s an outsized round for a Series A, being made at an equally outsized valuation — especially considering that the company is only three years old — but that’s because of the wide-ranging nature of the issue, according to CEO Kabir Barday, and OneTrust’s early moves and subsequent pole position in tackling it.

“We’re talking about an operational overhaul in a company’s practices,” Barday said in an interview. “That requires the right technology and reach to be able to deliver that at a low cost.” Notably, he said that OneTrust wasn’t actually in search of funding — it’s already generating revenue and could have grown off its own balance sheet — although he noted that having the capitalization and backing sends a signal to the market and in particular to larger organizations of its stability and staying power.

Currently, OneTrust has around 3,000 customers across 100 countries (and 1,000 employees), and the plan will be to continue to expand its reach geographically and to more businesses. Funding will also go toward the company’s technology: it already has 50 patents filed and another 50 applications in progress, securing its own IP in the area of privacy protection.

OneTrust offers technology and services covering three different aspects of data protection and privacy management.

Its Privacy Management Software helps an organization manage how it collects data, and it generates compliance reports in line with how a site is working relative to different jurisdictions. Then there is the famous (or infamous) service that lets internet users set their preferences for how they want their data to be handled on different sites. The third is a larger database and risk management platform that assesses how various third-party services (for example advertising providers) work on a site and where they might pose data protection risks.

These are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.

The startup also has an interesting backstory that sheds some light on how it was founded and how it identified the gap in the market relatively early.

Alan Dabbiere, who is the co-chairman of OneTrust, had been the chairman of Airwatch — the mobile device management company acquired by VMware in 2014 (Airwatch’s CEO and founder, John Marshall, is OneTrust’s other co-chairman). In an interview, he told me that it was when they were at Airwatch — where Barday had worked across consulting, integration, engineering and product management — that they began to see just how a smartphone “could be a quagmire of privacy issues.”

“We could capture apps that an employee was using so that we could show them to IT to mitigate security risks,” he said, “but that actually presented a big privacy issue. If [the employee] has dyslexia [and uses a special app for it] or if the employee used a dating app, you’ve now shown things to IT that you shouldn’t have.”

He admitted that in the first version of the software, “we weren’t even thinking about whether that was inappropriate, but then we quickly realised that we needed to be thinking about privacy.”

Dabbiere said that it was Barday who first brought that sensibility to light, and “that is something that we have evolved from.” After that, and after the VMware sale, it seemed a no-brainer that he and Marshall would come on to help the new startup grow.

Airwatch made a relatively quick exit, I pointed out. His response: the plan is to stay the course at OneTrust, with a lot more room for expansion in this market. He describes the issues of data protection and privacy as “death by 1,000 cuts.” I guess when you think about it from an enterprising point of view, that essentially presents 1,000 business opportunities.

Indeed, there is obvious growth potential to expand not just its funnel of customers, but to add more services, such as proactive detection of malware that might leak customers’ data (which calls to mind the recently fined breach at British Airways), as well as tools to help stop that once identified.

While there are a million other companies also looking to fix those problems today, what’s interesting is the point from which OneTrust is starting: by providing tools to organizations simply to help them operate in the current regulatory climate as good citizens of the online world.

This is what caught Insight’s eye with this investment.

“OneTrust has truly established themselves as leaders in this space in a very short time frame, and are quickly becoming for privacy professionals what Salesforce became for salespeople,” said Richard Wells of Insight. “They offer such a vast range of modules and tools to help customers keep their businesses compliant with varying regulatory laws, and the tailwinds around GDPR and the upcoming CCPA make this an opportune time for growth. Their leadership team is unparalleled in their ambition and has proven their ability to convert those ambitions into reality.”

Wells added that while this is a big round for a Series A it’s because it is something of an outlier — not a mark of how Series A rounds will go soon.

“Investors will always be interested in and keen to partner with companies that are providing real solutions, are already established and are led by a strong group of entrepreneurs,” he said in an interview. “This is a company that has the expertise to help solve for what could be one of the greatest challenges of the next decade. That’s the company investors want to partner with and grow, regardless of fund timing.”

May
21
2019
--

Google says some G Suite user passwords were stored in plaintext since 2005

Google says a small number of its enterprise customers mistakenly had their passwords stored on its systems in plaintext.

The search giant disclosed the exposure Tuesday but declined to say exactly how many enterprise customers were affected. “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” said Google vice president of engineering Suzanne Frey.

Passwords are typically scrambled using a hashing algorithm to prevent them from being read by humans. G Suite administrators are able to manually upload, set and recover new user passwords for company users, which helps in situations where new employees are on-boarded. But Google said it discovered in April that the way it implemented password setting and recovery for its enterprise offering in 2005 was faulty and improperly stored a copy of the password in plaintext.

Google has since removed the feature.

No consumer Gmail accounts were affected by the security lapse, said Frey.

“To be clear, these passwords remained in our secure encrypted infrastructure,” said Frey. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google has more than 5 million enterprise customers using G Suite.

Google said it also discovered a second security lapse earlier this month as it was troubleshooting new G Suite customer sign-ups. The company said since January it was improperly storing “a subset” of unhashed G Suite passwords on its internal systems for up to two weeks. Those systems, Google said, were only accessible to a limited number of authorized Google staff, the company said.

“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords,” said Frey.

Google said it’s notified G Suite administrators to warn of the password security lapse, and will reset account passwords for those who have yet to change.

A spokesperson confirmed Google has informed data protection regulators of the exposure.

Google becomes the latest company to have admitted storing sensitive data in plaintext in the past year. Facebook said in March that “hundreds of millions” of Facebook and Instagram passwords were stored in plaintext. Twitter and GitHub also admitted similar security lapses last year.

Read more:

Apr
03
2019
--

Okta unveils $50M in-house venture capital fund

Identity management software provider Okta, which went public two years ago in what was one of the first pure-cloud subscription-based company IPOs, wants to fund the next generation of identity, security and privacy startups.

At its big customer conference Oktane, where the company has also announced a new level of identity protection at the server level, chief operating officer Frederic Kerrest (pictured above, right, with chief executive officer Todd McKinnon) will unveil a $50 million investment fund meant to back early-stage startups leveraging artificial intelligence, machine learning and blockchain technology.

“We view this as a natural extension of what we are doing today,” Okta senior vice president Monty Gray told TechCrunch. Gray was hired last year to oversee corporate development, i.e. beef up Okta’s M&A strategy.

Gray and Kerrest tell TechCrunch that Okta Ventures will invest capital in existing Okta partners, as well as other companies in the burgeoning identity management ecosystem. The team managing the fund will look to Okta’s former backers, Sequoia, Andreessen Horowitz and Greylock, for support in the deal sourcing process.

Okta Ventures will write checks sized between $250,000 and $2 million to eight to 10 early-stage businesses per year.

“It’s just a way of making sure we are aligning all our work and support with the right companies who have the right vision and values because there’s a lot of noise around identity, ML and AI,” Kerrest said. “It’s about formalizing the support strategy we’ve had for years and making sure people are clear of the fact we are helping these organizations build because it’s helpful to our customers.”

Okta Ventures’ first bet is Trusted Key, a blockchain-based digital identity platform that previously raised $3 million from Founders Co-Op. Okta’s investment in the startup, founded by former Microsoft, Oracle and Symantec executives, represents its expanding interest in the blockchain.

“Blockchain as a backdrop for identity is cutting edge if not bleeding edge,” Gray said.

Okta, founded in 2009, had raised precisely $231 million from Sequoia, Andreessen Horowitz, Greylock, Khosla Ventures, Floodgate and others prior to its exit. The company’s stock has fared well since its IPO, debuting at $17 per share in 2017 and climbing to more than $85 apiece with a market cap of $9.6 billion as of Tuesday closing.

Mar
08
2019
--

Okta to acquire workflow automation startup Azuqua for $52.5M

During its earnings report yesterday afternoon, Okta announced it intends to acquire Azuqua, a Seattle, Wash. workflow automation startup, for $52.5 million.

In a blog post announcing the news, Okta co-founder and COO Frederic Kerrest saw the combining of the two companies as a way to move smoothly between applications in a complex workflow without having to constantly present your credentials.

“With Okta and Azuqua, IT teams will be able to use pre-built connectors and logic to create streamlined identity processes and increase operational speed. And, product teams will be able to embed this technology in their own applications alongside Okta’s core authentication and user management technology to build…integrated customer experiences,” Kerrest wrote.

In a modern enterprise, people and work are constantly shifting and moving between applications and services and combining automation software with identity and access management could offer a seamless way to move between them.

This represents Okta’s largest acquisition to-date and follows Stormpath almost exactly two years ago and ScaleFT last July. Taken together, you can see a company that is trying to become a more comprehensive identity platform.

Azuqua, which has raised $16 million since it launched in 2013, appears to have given investors a pretty decent return. When the deal closes, Okta intends to move the Azuqua team to its Bellevue offices, increasing its presence in the Northwest. Okta’s headquarters are in San Francisco. Azuqua customers include Airbnb, McDonald’s, VMware and HubSpot,

Okta was founded in 2009 and raised over $229 million before going public April, 2017.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com