SGNL, a cybersecurity startup, has developed a new approach to identity-based application access, leveraging the emerging concept of zero-standing privileges—where user access is conditional rather than continuously granted. Today, the company has announced a $30 million funding round to support its rapid growth.
This Series A funding round was led by BrightMind Partners, a newly established VC firm specializing in cybersecurity (which is yet to announce its first official fund, expected later this year). Other participants include Costanoa Ventures (which led SGNL’s seed round in 2022), as well as strategic investors Microsoft (via M12) and Cisco Investments, whose involvement dates back to 2023.
SGNL has now raised $42 million in total. While PitchBook data suggested a $100 million valuation, sources indicate that this figure is incorrect and actually much lower. The company has not disclosed its valuation but claims to have multiple large enterprise customers. One of these customers, operating in the media, entertainment, and technology sectors, reportedly uses SGNL’s technology to streamline cloud-based access management.
Addressing Security Gaps in Identity Management
While SGNL hasn’t disclosed its client list, it pointed out that breaches resulting from identity-related vulnerabilities have cost major companies millions, citing incidents involving MGM ($100M), T-Mobile ($350M), AT&T, Microsoft, and Caesars Entertainment.
SGNL was co-founded by Scott Kriz (CEO) and Erik Gustavsson (CPO), who previously launched and sold another identity access management company called Bitium. During their time at Google, they were responsible for directory services and identity access management for products like Google Workspace and Google Cloud Platform. This experience revealed a significant gap in enterprise identity security.
"We realized there was a missing piece in identity security—not just for Google, but for the entire industry," said Kriz. "Companies wanted to eliminate standing privileges altogether."
The issue, he explained, is that while authentication systems like Okta and Microsoft Azure AD are excellent at opening access doors, they’re not as effective at closing them once conditions change—such as an employee leaving or a project ending. This leaves security gaps that malicious actors can exploit.
Zero-Standing Privileges & Context-Based Access
SGNL’s solution introduces context-aware access control, ensuring permissions are granted only when needed and revoked immediately afterward. A key enabler of this approach is Continuous Access Evaluation Protocol (CAEP), developed by Atul Tulshibagwale, a former Google engineer who is now SGNL’s CTO. CAEP has been adopted by the OpenID Foundation and integrated by major tech companies, including Microsoft, Apple, and Cisco.
While CAEP is an industry standard, SGNL has built a proprietary system that dynamically adjusts access permissions based on real-time context. This allows organizations to define multiple access policies and conditions for users to meet before gaining access to sensitive applications and data.
Instead of relying on static user roles and entitlements, SGNL structures access through a "data fabric", an identity graph that eliminates dependence on individual data sources. One of SGNL’s clients, which has 400,000 employees and 30,000 roles in AWS, used this system to reduce its access policies to just six, significantly improving security and efficiency.
Competing in the Zero-Trust Security Space
SGNL is entering a growing market where companies like CyberArk, SailPoint, and other zero-trust startups are also innovating. However, investors remain confident in SGNL’s differentiated approach.
"I love that they’ve built and exited a company before and spent time at Google," said Stephen Ward, co-founder of BrightMind and a former CISO at Home Depot. "With such a big idea, they can carve out a major moat just by building the right platform."
By focusing on real-time identity verification and dynamic access control, SGNL aims to redefine how enterprises manage identity security—eliminating standing privileges and closing security loopholes that traditional identity management systems fail to address.
Posts
0 Comments