Industry veterans from Google, Okta, Salesforce and Microsoft launch a new venture to address critical security gaps.
SGNL, the company modernizing enterprise authorization, has launched and is now generally available. SGNL was founded in 2021 with a $12 million seed round backed by Costanoa Ventures, Fika Ventures, Moonshots Capital and Resolute Ventures. Advisors include Andrew Peterson, Founder and CEO of Signal Sciences, Chuck Mortimore, VP of Identity Products at Disney, former SVP of Identity at Salesforce, and Yvonne Wassenaar, former CEO of Puppet.
“While there are many companies out there addressing the authentication side of the identity and access management market, just-in-time authorization doesn’t exist,” said Scott Kriz, Chief Executive Officer and Co-Founder of SGNL. “The conversations we’ve had with CISOs across industries makes me more confident than ever that our approach is unique, letting us solve problems that we were previously unable to contemplate.”A Novel Proactive Solution For A Business-Critical Problem
According to Gartner Inc., by 2024, organizations running cloud infrastructure services will suffer a minimum of 2,300 violations of least privilege policies, per account, every year.1
Enabling employees and contractors to access sensitive data in the right context and at the right time, without overly broad privileges, has been a long-term challenge for internal security teams. The weekly cadence of security breaches at large companies highlights the ever increasing need for a defense-in-depth strategy that looks at every access rather than the current static, role-based approach.
“Every CISO we introduced to the SGNL team asked ‘How soon can I use this?’,” said Greg Sands, founder and managing partner of Costanoa Ventures. “It was very clear the industry needed this and that this was the best team to solve the access management problem in a truly innovative way.”Just-In-Time Access To Reduce Permissions and Policy Sprawl
SGNL aims to provide just-in-time access to sensitive customer data to the right users at the right time based on business context such as current task, business need or justification. The SGNL team saw how important this problem was to solve and realized that current methods did not do enough to safeguard data while letting employees still get their jobs done.
“Too often access to customer data is the sum of all possible permissions resulting in overly broad access which provides a huge opportunity for malicious actors to exploit,” said Erik Gustavson, Chief Product Officer and Co-Founder of SGNL.
SGNL approaches enterprise authorization from a new perspective. Rather than using relatively static roles or attributes which inevitably encourages permission and policy sprawl, SGNL’s solution only grants access when the user needs it.
The SGNL solution includes:
- Dynamic Graph Directory: Unifies existing systems-of-record such as corporate directories, HR directories, CRMs, and ticketing systems to build a real-time graph of workforce and customer data that can be used to determine access rights.
- Just-in-Time Access Management: Ensures that any request for access to sensitive data has a business justification at the time of the request to use the specific data.
- Intuitive user interface: Allows for clear, concise, human readable policy statements to reflect changing business needs.
- Auditable by default: All actions are audited in real-time, making it easy for enterprises to produce compliance reports and analyze actions on demand.
Not Just A Win For Businesses, A Win For Their Customers
Just-in-time access isn’t just about saving companies from never-ending policy sprawl and serving as a bottom-line security practice. SGNL is also a way for companies to safeguard customers’ data to ensure trust.
“By 2024, organizations that adopt a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by 90%, on average”2 said Felix Gaehtgens, Vice President, Analyst, Identity and Access Management at Gartner.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
