Security experts often describe identity as “new perimeters” in the world of security. In the world of cloud services where network assets and apps are broadly balanced, the biggest vulnerabilities are leaked and cause login credentials.
A startup called SGNL has built a new approach that they consider to be great at ensuring how identity is used to access apps and more. This is based on a new concept of zero-standing privileges where user access is conditional rather than “standing”. And today it announces $30 million against strong growth.
Series A funding is led by BrightMind Partners, a new VC focused on cybersecurity (we haven’t announced their first fund yet, which is expected to be later this year). Also participating are Costanoa, who led the SGNL seed round in 2022, as well as strategic investors Microsoft (via M12) and Cisco Investments.
SGNL is currently raising $42 million and Pitchbook Data points to a $100 million valuation, but our sources show that this is inaccurate (and too low) . The company has not revealed any details on the evaluation aspect, but it claims SGNL is growing and has “multiple” major enterprise customers, including those with “major media, entertainment and technology operations.” It’s there. That cloud environment.
Although the startup does not disclose its customer list, please note that it includes examples of the kind of violations that arise from holes in identity posture that contain better plugs by using technologies like SGNL. -Mobile ($350 million), AT&T, Microsoft, and Caesars.
SGNL was the brainchild of Scott Kriz (CEO) and Erik Gustavson (CPO), and previously co-founded another identity access management company called Bitium. Google acquired its startup in 2017, where he and his team are not only responsible for directory services for products such as Google Workspace and Google Cloud Platform, but also for the company’s own identity access management, especially the way employees work. He said he is building and maintaining the company. Google has access to the data.
So Kriz and Gustavson saw a gap in how identity services were managed across the enterprise identity access tools of the time.
“I realized that in essence there is a solution that is not only unique in Google but across the industry, but also lost to identity security,” he said. “We wanted businesses to reach places where they didn’t have standing access.”
In short, ID access requires a level of context. Not only passwords for each app, but access permissions are required. “But even in the (service) that was being done, there was one Octa, Microsoft was another. They were very good at opening the doors. They weren’t very good at it. It was about closing that door.”
In other words, when one situation changes – not only is the employment situation most obvious, but access has not been closed, such as whether a particular job has been completed. It created potential vulnerabilities that malicious actors exploit.
Kriz said several factors have prevented security companies from closing their access to the past. The first was the lack of agreement between standard vendors. The breakthrough for this came from another former Googler called Atul Tulshibagwale, the inventor of CAEP (Continuous Access Evaluation Protocol) that underpins SGNL’s platform. CAEP has been adopted by the OpenID Foundation, and Tulshibagwale is currently the CTO of SGNL.
“It’s not unique to us, but we’re people you know and now it’s adopted by Microsoft, Apple, Cisco and large companies,” says Kriz.
The second development specific to SGNL is how we built what Kriz describes as the “rich context” used to build access management. This essentially allows businesses to set multiple access policies as well as many more criteria that they need to meet in order for someone to access a particular app or other data. .
SGNL has created not only the structure of how to allow (or close) access, but also what it describes as a “data fabric.” This is an ID graph that makes the system work without relying on the current state of individual data sources. Kriz points out that one of its customers has 400,000 employees and 30,000 roles within AWS, which helps reduce the six policies (and the multiple conditions associated with them). I did. (For the AI by that name, we use AI to build and manage this data fabric.)
Along with many startups, there are more big companies on zero standing privileges, including Cyberart and Sailpoint. But it doesn’t stop investors.
“I love the fact that they founded and left the company and spent quite a bit of time on Google. They’re very important. They understand how big companies work. ” said Stephen Ward, one of the founders of Brightmind (and he himself former CISO of Home Depot and Ex-Government Security Specialist). “It’s not about popular ventures, but with this big idea, you can create a big moat just by building a platform.”