SGNL.ai, a company developing enterprise authorization software, today announced that it raised $12 million in seed funding led by Costanoa Ventures with participation from Fika Ventures, Moonshots Capital and Resolute Ventures. CEO Scott Kriz said the proceeds will be used to develop the company's core products and hire the initial team, as well as work with design partners to refine SGNL's solution.
In an interview with TechCrunch, Kriz asserted that authorization is increasingly becoming a concern for management at every level. He's not wrong. According to Gartner, organizations running cloud infrastructure services will suffer a minimum of 2,300 violations of least privilege policies -- i.e. when a user is given privileges above what they need to do their job -- per account each year by 2024. Meanwhile, the average global cost of a data breach reached a record $4.24 million in 2021, IBM recently reported, increasing by 10% from 2019 as more people transitioned to remote work.
Kriz and SGNL's second co-founder, Erik Gustavson, spent roughly a decade developing identity solutions at Bitium, which they co-launched in 2011, before conceiving of SGNL. After Google acquired Bitium in 2017, Gustavson joined the tech giant as an engineering manager working on "next-generation" identity access management for G Suite (now Google Workspace). Kriz also spent several years at Google on the product, identity and authorization team.
"From our vantage point working in multiple, identity-focused areas at Google, it was clear to Gustavson and I that few companies had been able to effectively solve enterprise authorization at scale," Kriz said. "Seeing a critical need to help companies keep user and customer data safe, we founded SGNL in 2021 to address the challenge. We quickly attracted a core team of identity industry experts who are passionate about pushing the boundaries of what is possible in enterprise authorization."
SGNL aims to provide "just-in-time" access to enterprise data to a company's employees based on business context, such as business needs or justifications. Rather than relying on relatively static roles or attributes, the startup's platform only grants access to software resources and data when a user needs them.
A glance at SGNL.ai's dashboard, which lets admins review authorizations across teams, divisions and individual employees. Image Credits: SGNL
Beyond this, SGNL attempts to unify existing systems-of-record such as corporate directories, HR directories, customer relationship management platforms and ticketing systems, building a graph of workforce and customer data that can be used to determine dynamic access rights. Access can be audited in real time, ostensibly making it easier for managers to produce compliance reports and analyze historical authorizations.
"The pandemic and broader shift in working patterns -- hybrid, remote work, extended workforces, etc. -- makes the problem of authorization and access management more urgent for the enterprise. The modern workforce is no longer operating from inside a corporate firewall using only on-premise applications," Kriz added. "This creates ideal conditions for bad actors to exploit overly broad ambient access rights to attack the enterprise ... SGNL's platform helps contain the blast radius by reducing ambient access and determining access to sensitive data on a just-in-time basis."
Kriz declined to reveal the size of SGNL's customer base or the company's current revenue. But he noted identity management has attracted much investment over the past few years as new hurdles emerge across the enterprise security landscape. According to Crunchbase, $3.2 billion in venture dollars went into the identity management space in 2021, about 2.5 times the amount of investment from 2020's $1.3 billion, which was already a record.
SGNL's challenge will be attracting customers away from rival vendors like Opal, whose software automatically discovers databases, servers, internal tools and apps to delegate access requests to employees. ConductorOne, another identity and access management automation platform, recently nabbed a $15 million investment. Identity and access management software provider ForgeRock filed for an IPO last September after raising over $700 million in VC cash.
Kriz says he's confident, though, that the current slowdown in tech will be a tailwind for SGNL as companies face pressure to purchase solutions instead of building them in-house. To his point, there's some evidence to suggest IT teams are overwhelmed with tasks related to managing identity and access. For example, in a 2020 poll conducted by 1Password, responding IT personnel said that they burn a full month of work -- 21 days -- resetting passwords and tracking app usage.
"The number and cost of data breaches is only increasing ... SGNL is positioned well with the shift in most enterprise organizations to increase security, ensure compliance and reduce expenses," Kriz said.
Palo Alto-based SGNL, which currently has 28 employees, expects to hire seven more people by the end of the year.