Okta Catches SpydrSafe In Its Enterprise Web

Update: Okta has still not explicitly confirmed the acquisition of SpydrSafe, but its cofounder today retweeted our story about the sale after Okta unveiled a new Mobility Management service. That new product is much of what I describe below, combining Okta’s existing ID management service with a larger product that will let businesses manage permissions and security and data across apps installed on employees’ mobile devices. More on that from Ron, here. Original story below.

Okta, the enterprise startup whose cloud-based platform lets enterprises manage and authenticate user identity across multiple applications, may have quietly made an acquisition — its first, or at least the first that we have uncovered. It looks like it has purchased a company called SpydrSafe, a mobile security startup that built a platform for companies to manage access to data across the mobile apps used by its employees.

The acquisition appears to signal an intention by Okta to expand the kinds of services it offers to its users beyond identity management. That would help it better compete against others in the space like Centrify, which provides authentication but also mobile device and app management services for enterprises directly and via partners like Samsung.

It comes on the heels of Okta announcing a $75 million round of funding, possibly its last before going public. Its investors include Khosla Ventures, Greylock, Andreessen Horowitz, Sequoia, Altimeter Capital, Janus, Floodgate, SV Angel and more.

Okta is gearing up for its user conference next week, when it’s going to be unveiling new products and updating the public on its business strategy.

Okta CEO Todd McKinnon would not comment for this story (even when I tracked him down in Dublin, Ireland), and no one contacted from SpydrSafe responded to enquiries about the deal — which we heard about through a tip.

But digging around, we found conclusive proof of a sale of SpydrSafe, and a subsequent connection to Okta:

— One of SpydrSafe’s investors, ScaleFinance, noted in an investment update that “SpydrSafe’s assets and team were acquired, the details of which are highly confidential and undisclosed as of the closing of the transaction in early 2014.”

— Another investor, the Center for Innovative Technology Fund, notes simply that the company exited.

— A more direct link to Okta lies in SpydrSafe’s IP. A listing for one patent originally assigned to SpydrSafe co-founder and CTO Kevin Sapp and “employee number one” Victor Ronin, is now assigned to Okta. The patent is for “Systems and Methods for Providing and Managing Distributed Enclaves,” and describes “a method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices.”

— Both Sapp and Ronin — who had worked together at Trust Digital (before and after it was acquired by McAfee) now list themselves as located in San Francisco, where Okta is headquartered. SpydrSafe was founded in 2011 in McLean, Virginia. My guess is that these two moved to join Okta with the sale.

(SpydrSafe’s CEO and other co-founder, Michael Pratt, was the COO and CFO of Trust Digital when it was sold to McAfee, and had been involved in a number of other startup sales before and after that. He’s now a managing partner at Select VP, a VC firm that focuses on East Coast investments.)

SpydrSafe’s website is offline, and public profiles in places like Twitter have not been updated since January of this year, confirming the timing noted by one of the investors.

The wider picture of the mobile enterprise space has seen a growing trend of consumerization among business users.

That is to say, the enterprise world is turning off cumbersome, legacy enterprise apps and locked-down, antiquated mobile devices and laptops and bringing in their own phones and other gadgets to help them work.

Along with that, those users are adopting and adapting consumer apps, and businesses are also jumping into the ring, developing and buying in apps to give their employees products that they want to use. This mix has in turn given rise to companies to make sure that whatever ends up getting used, it’s secure.

Identity management graphicThis is where Okta fits in with its single sign-on service, which has been described as the “Facebook connect” for the business world, letting users log into private company data on the intranet as well as into third party apps and platforms like Box, Google Apps and so on, with IT admins able to administer this across a range of devices.

Now it could be that Okta is looking to go deeper by helping its customers manage data within those apps once users have been signed in. While McKinnon wouldn’t talk about SpydrSafe, he did repeat to me that Okta has high ambitions and is seeing a lot of demand from its customers.

This would also be part of a bigger consolidation trend within mobile enterprise services.

“I think what’s happening is that identity vendors are realising that the bigger challenges of mobility are more important than ID alone, so those vendors are following the lead of companies like Centrify and offering more mobile and device management solutions,” one observer says.