Identity has become a crucial aspect of security in the cloud services landscape, where vulnerabilities often arise from compromised or spoofed login credentials.

A startup called SGNL has developed a novel approach to securing identities and access to applications, leveraging the concept of zero-standing privilege, where user access is conditional rather than default. The company is now announcing a significant funding round of $30 million, highlighting its strong growth.

The funding is led by Brightmind Partners, a venture capital firm specializing in cybersecurity, alongside strategic investors Microsoft via M12 and Cisco Investments. Costanoa, which led SGNL’s seed round in 2022, also participated in the latest venture.

SGNL has now raised a total of $42 million, indicating its growing success. The company boasts “multiple” major enterprise customers, including one with extensive operations in media, entertainment, and technology, which successfully deployed SGNL to streamline access management across its cloud environments.

Despite withholding the identity of its customers, SGNL highlights notable breaches resulting from vulnerabilities in identity posture, such as the MGM ($100M), T-Mobile ($350M), AT&T, Microsoft, and Caesars breaches.

SGNL’s co-founders, Scott Kriz and Erik Gustavson, previously co-founded Bitium, a company acquired by Google in 2017. During their tenure at Google, they identified a gap in how identity services were managed across enterprise ID access tools.

Kriz noted that ID access requires context, including passwords and access privileges for each application. However, existing solutions, such as Okta and Microsoft, excelled at opening doors but struggled to close them, thereby creating potential vulnerabilities.

The breakthrough in addressing this gap came from Atul Tulshibagwale, an ex-Googler who invented the Continuous Access Evaluation Protocol (CAEP). CAEP has gained adoption by the OpenID Foundation, and Tulshibagwale now holds the position of Chief Technology Officer at SGNL.

Kriz emphasized that while CAEP is not exclusive to SGNL, the company has originated and popularized it, and it is now adopted by prominent companies such as Microsoft, Apple, and Cisco.

SGNL has developed a robust framework for access management, incorporating multiple access policies and conditions to determine who can access specific applications or data. The company’s AI-driven platform, known as the “data fabric,” enables seamless access management without requiring individual data sources to be up to date.

Several large companies, including CyberArt and SailPoint, are exploring zero-standing privilege solutions, but SGNL’s traction in the market has not deterred investors.

Stephen Ward, one of Brightmind’s founders and a former CISO of Home Depot and government security specialist, praised SGNL’s co-founders for their experience in developing and exiting successful companies, which has given them valuable insight into large enterprises. He believes that building a robust platform can create a significant competitive advantage.