Cloud identity and access management startup OneLogin closed a $100 million Series D round, bringing its total funding to $175 million. It’s the latest in a flurry of cloud security funding and acquisition announcements in the opening days of 2019.
San Francisco-based OneLogin, founded in 2009, developed a cloud-based platform that makes it easier for companies to secure and manage their on-premises and cloud workloads. It does this by unifying access to both software-as-a-service (SaaS) and data center applications across networks and devices using cloud infrastructure. The company says it saw annual recurring revenue nearly triple over the last three years driven by its platform.
More than 2,500 enterprises globally use OneLogin’s platform, the company claims. These customers include California transit agency Bay Area Rapid Transit (BART), New York technology and real estate startup Compass, and Broward College.
New investors Greenspring Associates and Silver Lake Waterman led the latest financing round, which also included existing investors CRV and Scale Venture Partners. The Series D follows a June 2018 funding round that raised $22.5 million.
OneLogin says it will use the money to “accelerate adoption of its new products” including its multi-factor authentication. It also plans to increase its North American and European footprints.
“Every business needs Unified Access Management, and our solution is mission critical for all of our customers across both cloud and hybrid cloud environments,” said OneLogin CEO Brad Brooks in a statement.
Cloud Security M&A
Founded in 2017, Avid Secure makes an artificial intelligence (AI)-based cloud security platform. It provides analytics and automates governance, risk, and compliance across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Customers include include Shutterfly, IDT Corporation, Belong.co, and Aspiring Minds.
Sophos, a network and endpoint security vendor, said it will use the startup’s technology to boost its cloud security offerings. “With the cloud workload protection and the cloud security posture management software from Avid Secure, Sophos will expand its current capabilities in cloud security and drive leadership in this growing space,” said Dan Schiappa, senior vice president and general manager of products at Sophos, in a statement.
Meanwhile, Akamai said it will add Janrain’s cloud identity and access management technology to its Intelligent Edge platform. This will help customers improve their bot management threat intelligence.
“Janrain’s Identity Cloud, working together with Akamai’s Intelligent Edge Platform, will provide an added layer of security to allow our customers to know more about their end users and potentially drive additional revenues from that deepened relationship,” said Rick McConnell, president of Akamai Technologies and general manager of Akamai’s web division.
What’s In Store for 2019
The acquisitions follow some high-profile cloud security purchases in late 2018. In October, Palo Alto Technologies announced a deal to buy public cloud threat detection and response startup RedLock for $173 million in cash. It also scooped up Secdo, a security company that does endpoint detection and response, in April. And a month prior it bought Evident, a startup that does public cloud infrastructure security, for $300 million.
Also in October 2018, Check Point Software acquired Dome9 for $175 million in a deal to boost its cloud security portfolio.
These recent acquisitions — and OneLogin’s late-stage funding — also point to what’s to come in the security landscape in 2019.
Cloud security is becoming increasingly important, both to customers and vendors. Doug Cahill, senior analyst at Enterprise Strategy Group (ESG), said a recent survey of more than 600 IT decision makers found that cloud security is at a tipping point. “It’s not a matter of if the cloud is secure, but how do you secure it,” he said. “More vendors are now expanding their product portfolio to enable customer to meet their end of the shared responsibility model.”
According to the ESG survey, 85 percent of organizations currently use public cloud services. And 49 percent are using public cloud infrastructure-as-a-service (IaaS) for production applications. This is important because it means businesses need to retool their security posture for a multi-cloud environment.
“That’s why you’re starting to see acquisition and incremental investments,” Cahill said. “On the supply side of the market, vendors are also retooling. It’s very much a technology refresh cycle that cloud adoption is driving.”
Demand for Unified Security
The need for cloud identity and access management tools will continue as companies adopt multi-cloud environments connected to a growing number of users and devices.
“One of the things that analysts like me talk about when it comes to cloud is the eroding network perimeter, but it’s more that we now have multiple perimeters and they all need to be secure,” Cahill said. “Identity is one of the new perimeters.”
And Cahill expects to see customer demand for a more unified approach to security — across environments and application types — to drive activity in the security industry this year.
“The theme is breadth and depth,” he said. “The need for breadth across different types of application infrastructure — containers, VMs [virtual machines], functions-as-a-service — but also depth up and down the application stack. From the application tier to make sure my web application isn’t being compromised all the way down to the operating system and the underlying hypervisor. I do think we’ll continue to see more M&A activity driven by the customer requirement for unified security across application stacks that are deployed across multiple clouds.”