There is further consolidation taking place in the world of cybersecurity, specifically around services to help organizations manage identity and access. Today, An identity – which provides tools to manage “zero trust” access to systems, as well as to run records management and other governance services for enterprises – announced that it has acquired OneLogin, rival of companies like Okta, Ping and others in the area of secure login services for end users.
Terms of the acquisition, which officially closed last week on October 1, have not been disclosed, but we are trying to find out. By some background, One Identity today is part of Quest Software, which is privately owned by physical education firm Francisco Partners. Before that, it was part of Dell. Francisco originally partnered with Elliott to acquire Quest and related assets from Dell in 2016 as part of the latter’s rationalization efforts, in a deal that at the time was reportedly worth around $ 2 billion. The company has about 7,500 business clients and says it manages about 250 million identities.
ORneLogin, meanwhile, last revealed funding in 2019: a $ 100 million Series D which valued it at $ 330 million, according to PitchBook data. (Note: You will notice that PItchBook lists another fundraiser after this, but does not specify a date or amount.) OneLogin has about 5,500 customers, including Airbus, Stitch Fix, AAA and Pandora. Together, the companies will handle about 290 million identities under management, Quest CEO Patrick Nichols told TechCrunch in an interview. This figure includes not just “people” but M2M-style nodes in the systems, he added.
Mergers and acquisitions come amid major change in the security industry. In the years since Dell sold its assets and OneIdentity raised money, cybersecurity threats have only grown, driven by the continued shift toward more cloud services and people and organizations doing more business digitally. (OneLogin, citing data from IBM, estimates that the average cost of infringement now amounts to $ 3.86 million, although that also does not include the significant cost to an organization’s reputation and trust with its users.)
Within that larger trend, identity management, and often more likely mismanagement, has been a particularly vulnerable area, with malicious hackers using a variety of techniques that rely on both sophisticated technology and human error to access the systems.
When considering the different threat vectors in today’s market, “70% of them are the direct result of poor identity management,” Nichols said, citing research from Verizon. And the threat is particularly serious in part because the number of endpoints is growing rapidly, not because more people are accessing networks, but because more devices are connected. Half of the endpoints in a system are typically devices rather than specific individuals, he said, “and once they are breached, it’s like stealing a password.”
And at the same time, after years of using point solutions for different aspects of their cybersecurity strategies, companies are increasingly looking for larger platforms and toolsets that can handle multiple functions for a more unified picture of system activity. and make sure it exists There is less risk of two different cybersecurity tools inadvertently conflicting.
All of this points to further consolidation. In the specific case of One Identity, the company sees an opportunity to provide a more complete set of services to customers beyond those to help them manage networks internally, adding more end-user oriented tools. Similarly, it is thought that OneLogin customers might also be interested in bringing more of their cyber strategy to a single platform.
“Right now, organizations see a double benefit from consolidating around one platform player in cybersecurity,” said Nichols. The first is “increasing efficiency” but the other, he noted, is legislation. With increased regulatory oversight in the way companies are handling their cybersecurity challenges, the pressure is on them to make their systems more resilient, and having too many components becomes a challenge to manage for that reason as well.
“Joining One Identity gives us the ability to further accelerate our growth and provide additional value for our two clients,” added Brad Brooks, CEO of OneLogin, in a statement. “With OneLogin’s robust unified platform for both workforce and CIAM, combining forces with One Identity’s suite of products, including its PAM solution, will enable new and existing customers, on a global scale, to access the the only unified identity security platform on the market. “
It will be interesting to see how and if we continue to see more M&A movements in the space. Okta has been a very acquisitive player to date, and there are still several companies on the market that cover different aspects of the identity challenge that are still independent. (Jumio is an example).
The combined company will cover a number of services, including Privileged Access Management (PAM); Governance and Identity Management (IGA); Active Directory Management and Security; and now iIdentity and Access Management (AMI).
“With the proliferation of human and machine identities, the rush to the cloud and the rise of remote working, identity is fast becoming the new edge, and protecting identity from end to end has never been more important.” Bhagwat said. Swaroop, president and CEO of One Identity, in a statement. “By adding OneLogin to our portfolio and incorporating it into our cloud-first unified identity security platform, we can help clients comprehensively correlate all identities, verify everything before granting access to critical assets, and provide real-time visibility into suspicious login activity. With identity at the center, customers can now implement an adaptive zero-trust strategy and dramatically improve their overall cybersecurity posture. “