Building Identity in the Cloud, Our Investment in OneLogin
The Lost World of the Microsoft Controlled Desktop
There is something to be said for a benign dictatorship. For all its faults, the world of the Microsoft PC desktop was an orderly one, and for IT administrators, an easy one to manage. The occasional "blue screen of death" was a reasonable price to pay for a compute environment where services like identity, security and monitoring could be provided efficiently across all applications using Active Directory, anti-virus and myriad PC management tools. By contrast, SaaS is like a democracy, lots of potential but messy, and to a control freak (and all great IT managers are a little bit controlling!) a little bit worrying.
Building the Desktop in the Cloud
End users are not going back to the PC desktop, so now IT has to re-create the desktop experience and the desktop management experience, but in the far more heterogeneous and disparate world of the cloud. Building the desktop in the cloud is a megatrend that will impact hundreds of tech companies. Google, Microsoft, Apple and Firefox are duking it out for browser market share, because the browser is the new OS. At the back end, there are hundreds of cloud-based SaaS applications. In the middle is a great big mess. In the absence of a dominant vendor that comes between all clients and all apps (the role Microsoft used to fill in the LAN), there are a host of new security, management, monitoring and identity products, all selling to IT to help control the world of cloud without destroying productivity.
In the world of PCs, identity was important, but in the cloud it is vital. With PCs, LANs, and the always hated VPN, IT could have a high degree of confidence in what applications were running and what devices they were running on. Today that is gone. Applications from SaaS providers are now purchased on credit cards and run outside of IT. End devices can be a tablet, a BYOD phone that the employee owns, or a PC. The IT "bag of tricks" for locking down devices and blocking access to applications is now completely irrelevant. What IT can still manage is identity, which is simply the list of current employees (plus vendors, customers and consultants), and what applications and what information these employees can have access to. If that list can be kept up to date via close integration with HR systems, and if that list can then be promulgated across all third-party applications in real time, then IT can use identity as the leverage point to seamlessly re-achieve control. That is the business OneLogin is in.
Single Sign On for Market Entry
In the new world, IT cannot make things worse for users just to make things better for IT. Users will go around them. In response, identity services and access control, which is what IT wants, has been cleverly packaged by vendors to appear to the user as Single Sign On (SSO), which is what users want. The idea is simple, if you are a typical knowledge worker today, you use an average of 13 different SaaS applications that you sign into regularly. Thirteen applications means thirteen passwords and thirteen opportunities to forget a password. With Single Sign On, you log in once, and you are automatically logged into all your applications.
For IT, this is a chance to roll out a user win that is also a huge long-term win for IT. Once users access all their applications through SSO, IT can then use SSO as a central clearinghouse to enforce stronger authentication (not just password but two-factor authentication), to do real-time provisioning of new employees (once an employee joins a company they get instant access to all relevant applications), and to do real-time de-provisioning (once an employee leaves or is asked to leave, they instantly lose access to all applications). This is not rocket science stuff, but if the average employee has 10 SaaS applications, and staff turnover is 15% per year, then a 1,000 person company has to provision and de-provision 1,500 different accounts annually.
This is a competitive market with a few direct competitors and many incumbents and adjacent players that are starting to tell a "we manage cloud identity" story to stay relevant. In this market we have been consistently impressed with the execution of the OneLogin team since we started tracking the company two years ago. The founders, Thomas (CEO) and brother Christian Pederson (CTO), have the classic immigrant entrepreneur story, literally building the first version of the product while living on ramen noodles in an apartment in Los Angeles. The company has moved to Silicon Valley, and Thomas has built a strong go-to-market team around him. What we particularly like is the focus on being partner friendly, including helping other SaaS vendors implement standards like SAML and now NAPPS (for mobile) by providing free toolkits to integrate these emerging standards.
The biggest challenge the company faces now is keeping up with the demands of an exploding marketplace. The company is hiring across sales, customer service and engineering. We are excited to be part of the team and look forward to working with Thomas, the team and the board to build the winner in the cloud-based identity market.
Originally published December 15, 2014.