Everyone knows that venture is a long game. Funds have ten-year lives (at least). It usually takes a long time for an investment at company formation to get to a successful exit. And sometimes the people you meet and the relationships you form don’t immediately lead to a great investment. But somehow, saying no the right way early can lead to the right “yes” later on. The story of SGNL and its founders, Scott Kriz and Erik Gustavson, is a great reminder of those lessons.
I met Scott and Erik when they were fundraising for their last company, Bitium. While we did not end up investing in Bitium, I realized immediately that they were the kinds of founders that we were looking to back. I remember thinking, “These guys are great people who are going to create some amazing things together.” And it turns out that I was right (which – admit it – we all love.)
So we stayed in touch and I watched, impressed, by how they thought through challenges, made adjustments, hired great people, and how those people raved about working with them. Erik and Scott were clearly strategic thinkers and grinders – the kinds of founders willing to do the hard work of building a company – the kinds of things press releases don’t usually highlight but that are a key to building a lasting company.
After Bitium’s successful exit to Google in 2017, they continued working on Identity and Access Management (IAM). They also got to experience new problems at Google-scale, and built new solutions that inform their work at SGNL. As a result, they are probably the two best people in the world to build a totally new way to do just-in-time access management for large enterprises.
That’s why we’re so excited about SGNL, which has the chance to be one of the best investments we’ve ever made. Enterprise authorization is clearly a huge problem. AuthN (authentication – verifying a user is who they say they are) has largely been solved by companies like Okta. AuthZ (authorization – the ability to verify a user’s ability to view content and take action based on their role or context) has not. Right now, each system uses disparate frameworks and tools. And there are holes throughout. Too much access. Changes that aren’t made in real time. Permissions granted (like which customer service rep has access to which customer records) that are rarely re-evaluated.
SGNL is a next-gen AuthZ solution. It solves that problem by granting Just-In-Time Access Management (JITAM), giving users access to information when they need it, not just based on who they are or what role they fill at a point in time.
We’re fortunate to have made some excellent security investments at Costanoa, including AppOmni, Kenna, BugCrowd and Cyberhaven. Those helped me recognize the potential impact of what Scott and Erik were trying to do, and how meaningful it could be to enterprises with thousands (or tens of thousands) of employees, multiple divisions or lines of business, and literally unfathomable amounts of sensitive data.
The real revelation for us was in talking to customers. As we always try to do with prospective investments, we decided to go on some sales calls together. Our Partner Jim Wilson set up calls with several CISOs in our Advisor Network. The feedback was immediate and raving. From the CISO at a major multinational telecommunications company: “When can I buy??” From a leading Web Security provider: “I get one priority a year and this is mine for 2022.”
This feedback made our early theories about the market a lot more concrete. It gave us a lot more insight and even more enthusiasm than we already had (which was a lot.)
And, as good as we thought SGNL would be, it’s even better than we expected. We thought this team was good, but WOW! Their hiring and early product execution has been fun to watch. They’re playing an important role in shaping standards and expectations. Including ours. We could not be more excited to be on the path with the SGNL team, helping to solve one of the great challenges for companies as they work to protect themselves and their consumers.