access management
Auto Added by WPeMatico
Auto Added by WPeMatico
ForgeRock filed its form S-1 with the Securities and Exchange Commission (SEC) this morning as the identity management provider takes the next step toward its IPO.
The company did not provide initial pricing for its shares, which will trade on the New York Stock Exchange under the symbol FORG. The IPO is being led by Morgan Stanley and J.P. Morgan Chase & Co., with the company being valued as high as $4 billion, according to Bloomberg, which is a significant uplift over the $730 million post-money value that PitchBook had for the company after its last round in 2020.
With the ever-increasing volume of cybersecurity attacks against organizations of all sizes, the need to secure and manage user identities is of growing importance. Based in San Francisco, ForgeRock has raised $233 million in funding across multiple rounds. The company’s last round was a $93.5 million Series E announced in April 2020, which was led by Riverwood Capital alongside Accenture Ventures. At that time, CEO Fran Rosch told TechCrunch that the round would be the last before an IPO, which was also what former CEO Mike Ellis told us after the startup’s $88 million Series D in September 2017.
While the timing of its IPO might have been unclear over the last few years, the company has been on a positive trajectory for growth. In its S-1, ForgeRock reported that as of June 30, its annual recurring revenue (ARR) was $155 million, representing 30% year-over-year growth.
While revenue is growing, losses are narrowing as the company reported a $20 million net loss down from $36 million a year ago. There certainly is a whole lot of room to grow, as the company estimates that the total global addressable market for identity services to be worth $71 billion.
Among the many competitors that ForgeRock faces is Okta, which went public in 2017 and has been growing in the years since. In March, Okta acquired cloud identity startup Auth0 for $6.5 billion in a deal that raised a few eyebrows. Another competitor is Ping Identity, which went public in 2019 and is also growing, reporting on August 4 that its ARR hit $279.6 million in its quarter ended June 30, for a 19% year-over-year gain. There have also been a few big exits in the space over the years, including Duo Security, which was acquired by Cisco for $2.35 billion in 2018.
“ForgeRock has a good access management tool and they continue to be a strong player in customer identity and access management (CIAM),” commented Michael Kelley, senior research director at Gartner.
Kelley noted that in 2020, ForgeRock converted most of its core access management services to a SaaS delivery model, which helped the company catch up with the rest of the market that already offered access management as SaaS. Also last year the company expanded into identity governance, introducing a brand new identity, governance and administration (IGA) product.
“I think one of the more interesting products that ForgeRock offers is ForgeRock Trees, which is a no-code/low-code orchestration tool for building complex authentication and authorization journeys for customers, which is particularly helpful in the CIAM market,” Kelly added.
ForgeRock was founded in 2010, but its roots go back even further to an open-source single sign-on project known as OpenSSO that was created by Sun Microsystems in 2005. When Oracle acquired Sun Microsystems in early 2010, a number of its open-source efforts were left to languish, which is what led a number of former Sun employees to start ForgeRock.
Over the last decade, ForgeRock has expanded significantly beyond just providing a single sign-on to providing an identity platform that can handle consumer, enterprise and IoT use-cases. The company’s platform today handles identity and access management as well as identity governance.
The ability to scale is a key selling point that ForgeRock makes in the S-1, noting that its platform can handle over 60,000 user-based access transactions per second per customer.
“As of June 30, 2021, we had four customers with 100 million or more licensed identities, the company stated in the S-1. “Our ability to serve mission-critical needs in complex environments for large customers enables us to grow our base of large customers and expand within each of them. “
Powered by WPeMatico
Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.
Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.
“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”
The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.
“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.
“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”
What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.
“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”
The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.
Powered by WPeMatico
It seems Los Angeles is becoming an enterprise software hotspot.
LA saw its first big enterprise exit in recent memory with the recent acquisition of Signal Sciences for $775 million, and less than a month later a hometown startup, Britive has raised $5.4 million from LA’s own venture fund, Upfront Ventures and a clutch of security experts.
For chief executive Artyom Poghosyan and chief technology officer Alex Gudanis, Britive is simply the latest initiative in a decades-long effort to reshape security technology.
Both Poghosyan and Gudanis have long histories in identity and access management; back in 2009 Poghosyan founded Advancive Technology Solutions, which was acquired by Optiv in 2015 to bulk up its identity access management service.
Now, he and Gudanis are trying to solve the issues of identity access management that the new, ubiquitous cloud computing model presents for security officers and developers.
“When Optiv acquired us, we were already seeing interesting and strong signals in the technolog space about the disruption that was being driven by cloud technologies,” said Poghosyan.
Those cloud technologies presented new challenges for the kind of privileged access management technologies that Poghosyan had developed.
The solution that Britive pitches is a dynamic model for granting permissions for access, Poghosyan said. Instead of granting permanent access, there are policy-based pre-authorizations that a company can set up defined for specific tasks and roles.
Based on a developer’s role and work, they can request and receive access automatically based on the specific parameters defined by a company or security officer.
The company already has more than a dozen customers using its technology after launching merely two years ago. It’s a customer base that includes one of the world’s largest carmakers and a global clothing brand — companies Poghosyan declined to identify, citing contractual obligations.
The company charges based on the number of users who are requesting permission for access, Poghosyan said.
As more companies move to remote work in the COVID-19 era and distributed teams become the norm, streamlining the provisioning and access management process for companies is going to become even more important.
Undoubtedly, that’s why Britive was able to land investors like Upfront Ventures and why their partner, Kara Nortman, is joining the company’s board of directors. It’s also the reason the company was able to attract some of LA’s leading enterprise executives to back the company, including Andrew Peterson, CEO of Signal Sciences and Dave Cole, CEO of Open Raven.
Powered by WPeMatico
Ryan Easter couldn’t believe he was being asked to run a pandemic business continuity test.
It was late October, 2019 and Easter, IT Director and a principal at Johnson Investment Counsel, was being asked by regulators to ensure that their employees could work from home with the same capabilities they had in the office. In addition, the company needed to evaluate situations where up to 50% of personnel were impacted by a virus and unable to work, forcing others to pick up their internal functions and workload.
“I honestly thought that it was going to be a waste of time,” said Easter. “I never imagined that we would have had to put our pandemic plan into action. But because we had a tested strategy already in place, we didn’t miss a beat when COVID-19 struck.”
In the months leading up to the initial test, Johnson Investment Counsel developed a work anywhere blueprint with their technology partner Evolve IP. The plan covered a wide variety of integrated technologies including voice services, collaboration, virtual desktops, disaster recovery and remote office connectivity.
“Having a strategy where our work anywhere services were integrated together was one of the keys to our success,” said Easter. “We manage about $13 billion in assets for clients across the United States and provide comprehensive wealth and investment management to individual and institutional investors. We have our own line of mutual funds, a state-chartered trust company, a proprietary charitable gift fund, with research analysts and traders covering both equity and fixed income markets. Duct taping one-off solutions wasn’t going to cut it.”
Easter continued, “It was imperative that our advisors could communicate with clients, collaborate with each other and operate the business seamlessly. That included ensuring we could make real-time trades and provide all of our other client services.”
Five months later, the novel coronavirus hit the United States and Johnson Investment Counsel’s blueprint test got real.
Powered by WPeMatico
Like all business leaders, chief information security officers (CISOs) have shifted their roles quickly and dramatically during the COVID-19 pandemic, but many have had to fight fires they never expected.
Most importantly, they’ve had to ensure corporate networks remain secure even with 100% of employees suddenly working from home. Controllers are moving millions between corporate accounts from their living rooms, HR managers are sharing employees’ personal information from their kitchen tables and tens of millions of workers are accessing company data using personal laptops and phones.
This unprecedented situation reveals once and for all that security is not only about preventing breaches, but also about ensuring fundamental business continuity.
While it might take time, everyone agrees the pandemic will end. But how will the cybersecurity sector look in a post-COVID-19 world? What type of software will CISOs want to buy in the near future, and two years down the road?
To find out, I asked six of the world’s leading CISOs to share their experiences during the pandemic and their plans for the future, providing insights on how cybersecurity companies should develop and market their solutions to emerge stronger:
The good news is, many CISOs believe that cybersecurity will weather the economic storm better than other enterprise software sectors. That’s because security has become even more top of mind during the pandemic; with the vast majority of corporate employees now working remotely, a secure network has never been more paramount, said Rinki Sethi, CISO at Rubrik. “Many security teams are now focused on ensuring they have controls in place for a completely remote workforce, so endpoint and network security, as well as identity and access management, are more important than ever,” said Sethi. “Additionally, business continuity and disaster recovery planning are critical right now — the ability to respond to a security incident and have a robust plan to recover from it is top priority for most security teams, and will continue to be for a long time.”
That’s not to say all security companies will necessarily thrive during this current economic crisis. Adrian Ludwig, CISO at Atlassian, notes that an overall decline in IT budgets will impact security spending. But the silver lining is that some companies will be acquired. “I expect we will see consolidation in the cybersecurity markets, and that most new investments by IT departments will be in basic infrastructure to facilitate work-from-home,” said Ludwig. “Less well-capitalized cybersecurity companies may want to begin thinking about potential exit opportunities sooner rather than later.”
Powered by WPeMatico
WeWork announced today that it will acquire Waltz, a building access and security management startup, for an undisclosed amount. Waltz’s smartphone app and reader allows users to enter different properties with a single credential and will make it easier for WeWork’s enterprise clients, such as GE Healthcare and Microsoft, to manage their employees’ on-demand memberships to WeWork spaces.
WeWork’s announcement said “with deep expertise in mobile access and system integrations, Waltz has the most advanced and sophisticated products to provide that single credential to our members and to help us better connect them with our spaces.” Waltz was founded in 2015 by CEO Matt Kopel and has offices in New York and Montreal. After the acquisition, Waltz will be integrated into WeWork, but maintain its current customer base.
WeWork has been on an acquisition spree over the past year as it evolves from co-working spaces to a software-as-a-service provider. Companies it has bought include office management platforms Teem (for $100 million) and Managed by Q, as well as Euclid, a “spatial analytics platform” that allows companies to analyze the use of workspaces by their employees and participation at meetings and other events.
Likewise, Waltz isn’t just an alternative to keys or access cards. Its cloud-based management portal gives companies data about who enters and exits their buildings and also allows teams to set “Door Groups,” which restricts the use of some spaces to certain people. According to Waltz’s help site, it can also be used to make revenue through ads displayed in its app.
Powered by WPeMatico