It feels like identity — which was unloved for so very long — is now being embraced.
Evidence for this can be found right in ConductorOne’s own market traction and success in reaching the enterprise. If you read our most recent press release, you know we’ve had an incredible year:
- 4x revenue growth over the past 12 months
- Massive enterprise adoption including customers such as Zscaler, Klaviyo, Brex, Instacart, and THG
- A strategic partnership with Guidepoint Security
And we’ve added… well, I can’t remember how many employees, but I know it’s hard to get conference rooms in the office these days. The perils of a fast-growth company.
We see others doing well too. CyberArk just announced plans to acquire Zilla, another company in the IGA space, and today SailPoint is going IPO for the second time.
It seems like identity has arrived. But why was it ignored for so long?
In times past, identity was considered a footnote in a larger security story that included highly visible tools such as endpoint protection, firewalls, even application scanners. Security leaders focused on those technologies and not so much on the people factor.
Gradually, as enterprise IT teams struggled to manage access for large workforces and to comply with increasingly strict data-protection regulations, the landscape gave rise to Identity Governance & Administration vendors. These early tools were incredibly expensive and hard to deploy and maintain, but considered a necessary evil. And very quickly they became legacy tech — architected for an earlier age, when identity was a headache for IT teams but not a foundational security concern.
As companies moved to the cloud and employees shifted to remote work, these solutions couldn’t keep up with the massive application sprawl that sprouted inside every organization. They weren’t built for cloud environments, and they simply weren’t flexible enough to adapt unless you had a dedicated team and a nearly unlimited budget.
Meanwhile, identity was quickly becoming a security problem. The identity attack surface became an irresistible target for bad actors, as organizations drowned in overpermissioned users, high-risk standing access, orphaned accounts, and stolen credentials. And that’s just in regard to human beings. Increasing numbers of non-human identities – service accounts, secrets, certificates, tokens, just to name a few – were stacked on top, exponentially expanding the potential for identity-related attacks.
But then bright points of light began appearing on the security landscape: small, forward-thinking vendors tackling identity from a modern perspective. Each had its own approach and unique strengths and weaknesses — some focused more on the developer experience, some focused on IT. (ConductorOne, for our part, takes a cross-team approach, building a platform to serve security, IT, and GRC as their responsibilities continue to evolve and overlap.) All of these companies found traction because the market was hungry for new approaches to identity.
We’re excited that identity seems to be having its day, and we’re excited about continuing our own incredible journey bringing our unique value to every enterprise we can. We don’t simply want to give security leaders a way to manage the identity lifecycle – we want to give them:
- Lightweight connectors that integrate with every possible cloud and on-prem application to pull in fine-grained data that ensures no identity is left behind
- The most flexible and customizable policies, satisfying even the most demanding security teams overseeing complex environments
- A solution that’s AI-powered at key points in the journey, giving users full context for making critical identity decisions
- A platform that’s easy to set up and deploy, and a pleasure for individual employees to use
This is an amazing time to be part of the identity landscape, and particularly to be part of the ConductorOne crew. Full speed ahead!
Want to learn more about us? Book a demo.
