Ron Sharon

Cybersecurity and Technology Leader

This Cybersecurity Startup Aimed At Taking Down VPNs Is Now Worth $400 Million

This article originally appeared on Source link

In the eyes of Twingate CEO Tony Huie, only one company in the world has successfully implemented the cybersecurity approach of the future: Google. After a series of cyberattacks by Chinese hackers in 2009, the tech giant built from scratch a “zero trust” security system. Instead of giving users access to Google’s internal services based on the network—in some cases, a virtual private network, or VPN—to which they connected, the approach authenticates users’ identities and devices.

Twingate hopes to help more companies follow Google’s path, and the rise of remote work has offered early promise to its idea. On Thursday, the Redwood City, California-based startup announced a $42 million raise led by Bond Capital that valued it at $400 million. The Series B round includes participation from existing backers 8VC, SignalFire and Jeffrey Katzenberg’s WndrCo, which together incubated the startup three years ago. Bond’s Jay Simons becomes a board observer; but the company’s board remains limited to two seats: Huie and WndrCo managing partner Sujay Jaswa. “I think about it as keeping it tight and nimble, particularly for like a company of our stage. Board construction is something you build over time,” Huie says.

Zero trust has a simple premise, says Huie: “Should this user, on this device, with this context about them, be able to access whatever they’re trying to access?” When he and cofounders Alex Marshall and Lior Rozner were brainstorming the company in 2019, the concept had already been around for decades. Hundreds of IT and security experts they spoke to were largely in agreement that this was the future of cybersecurity. But building the tech to support the concept is easier said than done. “Google spent four years and, by my estimation, probably hundreds of millions of dollars to build an internal solution,” Huie says.

Twingate offers the first steps to help companies set up a “zero trust” system, foremost by removing the need for users to connect to VPNs. Instead, the software checks for the identity of a user based on markers—for example, the device being used, IP address and location—and integrations with verification apps like Okta and OneLogin. “The predominant way companies have thought about securing themselves is to assume everyone’s in an office and invest in infrastructure to make the office environment bulletproof,” Huie says. VPNs did not figure heavily into that thinking, but a shift to remote work has necessitated more employees connecting to their company’s network from home, making the user experience clunkier—and increasingly prone to cyberattacks.

The product originally launched in October 2020, around the time Twingate raised its last funding round, and demand has continued to increase, Huie says. Neither Huie nor his investors would share the startup’s revenue, but Katzenberg said it was growing at a “very, very strong trajectory” after having amassed about 250 customers in its first year of business. “The launch has been around small and medium businesses,” Katzenberg says. “We’ve got a handful of customers that are enterprise scale, but we haven’t gone yet to the world of companies with multiple tens of thousands of users.” Customers include tech companies like Cameo and Blend, but also Hollywood studio Miramax and a number of city governments, Huie says.

“I think a company like Twingate is eventually going to win the Facebooks and Atlassians and Microsofts because there should be a technology that does more simply and elegantly what even the most sophisticated companies are trying to do on their own,” says Simons, who was president of Atlassian before he joined Bond. To get there, Huie thinks the path forward is to continue to concentrate on product development. He’s optimistic that Twingate has an added appeal to customers by combining security with the “product and design DNA” that he and cofounder Marshall picked up from working at Dropbox. “Product-led growth has not manifested in security,” he says. “My view is this industry needs as much of that approach as any software category.”

One of Huie’s top priorities with the product is to build out Twingate’s automated controls—for example, an IT administrator can limit access to an app like Elastic to a certain set of users or specific time of day. By unifying these parameters in Twingate, Huie hopes that in the long term, his company’s “zero trust” approach can introduce more user-oriented security measures. “You can actually go think about things like getting rid of passwords because you’ve got all these other factors that suddenly become much more secure than relying on a password,” he says.