Aaron Fleishman, Partner
Even with the rise of solutions like Okta and Sailpoint, identity and access management continues to confound organizations, both large and small. Product Led Growth (PLG) and remote work have only exacerbated the situation as employees sign up for multiple new apps and services across their workplace.
Gartner forecasts the identity and access management
space to be a $19B market by 2024
Within this space, there are also a wide range of submarkets, some are more mature (e.g. authentication, where Okta and Microsoft dominate), while others are more dynamic (e.g. multi-cloud Identity Governance or Privileged Access Management).
Identity governance and privileged access management are particularly difficult problems to solve because both customer environments and customer organizations must be served, and there are significant unmet customer needs combined with strong demand for solutions.
On the environment side, companies have a mix of on-prem assets, cloud infrastructure, and SaaS apps which all have unique identity characteristics and their own identity stack, and these stacks are connected to varying degrees by authentication providers like Okta and Microsoft Azure Active Directory.
On the organization side, the teams that operate the technology stacks cater to different users and use cases (on top of the fact that no two companies have technology stacks that look alike). Identity products today primarily cater to the identity team within IT, but they have secondary users in the security teams, who have different needs and priorities.
As a hypothesis-focused firm, Tola has spent years trying to
find the right next-gen company to invest in within the
identity space.
The Enterprise Leadership Council at Tola includes an incredible set of Chief Information Security Officers (CISOs). We spend time with these software buyers and decision makers quarterly and host CISO dinners at RSA’s annual conference.
Identity has been a top-three priority for this group for the past 5+ years. With the proliferation of SaaS apps, security teams have lost not just control, but also visibility into what products and services (both cloud and on-prem) their employees are logging into every day. This makes it virtually impossible to enforce policies and ensure compliance.
Tola has been specifically focused on finding a company
within the identity space that serves the security teams
and CISOs.
There is a gap in the market for truly security-focused identity solutions. Security teams want to be able to understand threats and risk across their identity stacks, without managing the actual directory themselves or directly taking responsibility for removing or adding users. They also don’t want to have to write scripts that translate across different identity stacks to pull the data and create alerting.
Enter Zilla Security.
When we first met co-founders Deepak Taneja and Nitin Sonawane in Boston, it was clear they not only shared our thesis, but that the founder-market-fit was very strong. Deepak has already had two successful exits in the identity space with Aveksa (acquired by EMC/RSA) and Netegrity (acquired by CA). They deeply understand the problem. With Zilla Security, organizations can continuously monitor and remediate who has access to what across all their applications, systems, and cloud platforms.
Zilla Security’s Vision: To build the intelligent control center
for identity and access for security teams.
The foundation of the platform is a broad set of integrations which pull identity and access data from all on-prem, SaaS, and cloud assets and normalize them into a consistent taxonomy. These integrations are extremely broad – including hundreds of APIs, providing broad coverage of any company’s identity landscape – and are a key differentiator in the marketplace.
Out-of-box integrations
In order to maintain this advantage, Zilla recently launched its Zilla Universal Sync (ZUS) product, a no-code platform for building integrations that is powered by robotic automation. This game changing technology enables identity and access monitoring to scale with the business while ensuring employees remain productive.
Zilla provides a clear value proposition by enabling security posture management to high-risk access before it can be exploited; automated access reviews for compliance like SOC2 and HIPPA; and identification of high-risk changes in the identity posture (e.g. external accounts with privileged access). Security teams can monitor and leverage collected data to enforce policies and deliver on the holy grail of AI-based, automated remediation of risks/issues. Best of all, CISOs experience immediate value in the simplicity and coverage that Zilla’s solution offers.
The power of Zilla’s approach is resonating; in 2021
revenues grew 1,000%+.
We are excited to announce today that we led Zilla’s $13.5M Series A round. This incredible team is building the next generation identity company and we are thrilled to be part of that journey. You can read more here.