Sgnl Raises $30M to Revolutionize ID Security with Zero-Standing Privileges

The Evolving Landscape of Digital Security

In contemporary cybersecurity discourse, identity is increasingly recognized as the primary defense line. As organizations migrate to cloud-based services, with networks and applications extending across diverse locations, compromised and misused login credentials represent a significant source of vulnerability.

SGNL's Approach to Zero-Standing Privilege

SGNL, a burgeoning company, has developed a novel solution aimed at enhancing the security of identity access to applications and beyond. Its core principle revolves around zero-standing privilege – a paradigm where user access is granted conditionally, rather than being perpetually available – and the company has recently secured $30 million in funding to support its expansion.

Series A Funding and Key Investors

This Series A funding round was spearheaded by Brightmind Partners, a new venture capital firm specializing in cybersecurity, with its inaugural fund launch anticipated later this year. Costanoa, which previously led SGNL’s seed funding in 2022, also participated, alongside strategic investments from Microsoft (through M12) and Cisco Investments, the latter’s contribution originating in 2023.

Financial Standing and Customer Base

To date, SGNL has amassed $42 million in funding. While reported valuations of $100 million have circulated, sources indicate this figure is inaccurate and underestimates the company’s current worth. SGNL has not publicly disclosed its valuation but confirms substantial growth and a growing roster of enterprise clients, including a major player in the media, entertainment, and technology sectors utilizing its platform to optimize cloud access management.

Real-World Breach Examples

The startup refrains from revealing its client list but highlights that security gaps in identity posture – vulnerabilities that solutions like SGNL address – have contributed to high-profile breaches at organizations such as MGM ($100 million loss), T-Mobile ($350 million loss), AT&T, Microsoft, and Caesars.

Founding Team and Origins

SGNL was founded by Scott Kriz (CEO) and Erik Gustavson (CPO), both previously co-founders of Bitium, an identity access management company. Google acquired Bitium in 2017, after which Kriz and his team were responsible for directory services for Google Workspace and Google Cloud Platform, as well as managing internal ID access for Google employees.

Identifying a Critical Gap in Identity Management

During their time at Google, Kriz and Gustavson identified a deficiency in existing identity management practices, extending beyond their own organization. They observed a widespread need for solutions that could eliminate persistent access privileges.

The Need for Contextual Access Control

Kriz explained that effective identity access necessitates contextual awareness, encompassing not only passwords but also dynamically assigned access privileges for each application. However, even systems capable of implementing this – such as Okta and Microsoft – primarily focused on granting access, lacking robust mechanisms for revoking it.

The Problem of Persistent Access

Specifically, access rights were not consistently revoked when circumstances changed, such as employee termination or project completion. This created exploitable vulnerabilities for malicious actors.

CAEP and the Standardization of Continuous Access Evaluation

Several factors previously hindered the development of solutions capable of automatically revoking access. A key obstacle was the absence of industry-wide standards. This challenge was overcome by Atul Tulshibagwale, a former Google engineer who invented CAEP (Continuous Access Evaluation Protocol). CAEP, now adopted by the OpenID Foundation, forms the foundation of SGNL’s platform, and Tulshibagwale currently serves as SGNL’s CTO.

Industry Adoption of CAEP

“CAEP is not proprietary to us, but we were instrumental in its creation and it now enjoys adoption by major players including Microsoft, Apple, and Cisco,” Kriz stated.

SGNL’s Unique Contextual Access Management

Beyond CAEP, SGNL has developed a system for establishing “rich context” to inform access management decisions. This allows organizations to define multiple access policies, coupled with additional conditions that must be met for access to be granted to specific applications or data.

The “Data Fabric” and Identity Graph

SGNL has created a “data fabric” – an identity graph – that enables its system to function independently of the real-time accuracy of individual data sources. One customer, with 400,000 employees and 30,000 AWS roles, was able to consolidate these down to six policies, supplemented by numerous conditions.

Competitive Landscape

While several established companies, including CyberArt and SailPoint, and numerous startups are also pursuing zero-standing privilege solutions, this has not deterred investor interest.

Investor Perspective

Stephen Ward, a founder of Brightmind Partners and a seasoned security professional (formerly CISO of Home Depot and a government security specialist), emphasized the value of the founding team’s experience. “Their prior founding and exit experience, coupled with their time at Google, demonstrates a deep understanding of enterprise-level operations. Building a robust platform can create a significant competitive advantage, even with a groundbreaking idea.”