Editor’s Note: Christine Magee is an editor for CrunchBase.
As security breaches are reported for one major corporation after another, venture investors are writing bigger checks than ever in an attempt to buy some peace of mind.
From Target’s data breach that put a damper on last year’s holiday season to Bebe’s payment card data breach reported last week, we’ve seen countless examples of access management gone wrong. It’s become apparent that the present identity management solutions are just not cutting it, and investors are fully aware.
According to CrunchBase data, identity management startups have seen $350 million in venture dollars raised this year across 45 rounds — a big step up from last year’s $178 million raised over the same number of deals.
“Every time there’s a breach at one of these companies, we’ve seen enormous damages as a result,” says David Cowan of Bessemer Venture Partners, a frequent investor in the identity and security space.
“For businesses like Kmart and JP Morgan, these breaches cost them hundreds of millions of dollars,” says Cowan, and for users, “they’re able to steal your password from a website that you think is irrelevant to your life, and it turns out that’s the same password to your bank account and your Dropbox.”
BVP led the recent $22 million Series B round for password management platform Dashlane, one of the larger rounds seen by a consumer-focused identity management application. To date, the majority of venture dollars have gone into companies like Centrify or Okta that provide multi-platform access management solutions for enterprise customers.
“When companies controlled all their systems on premise, everybody had a username and a password into those systems,” explains Robin Vasan of Mayfield Fund, an early Centrify backer, “but now with mobile devices and SaaS applications, those systems are no longer in control.”
“Identity management has seen such a resurgence of interest because enterprises are realizing that an employee of theirs goes and buys a new mobile device or is using a laptop from home and is accessing cloud applications, and those resources are no longer under the control of the enterprise,” says Vasan.
Centrify and others are tackling this issue by providing enterprises with secure identity management and single sign-on services that allow employees to access cloud-based applications across multiple devices.
Venture funding front-runner Okta will let you into all related apps with a single login, and five-year-old Dashlane will remember all of your passwords for you. But recently startups like Nymi and EyeVerify have closed sizable deals to replace passwords completely with biometric technology.
“People lump in together the identity management, access management, permissions and authentications — and we’re all about decoupling that,” says Nymi founder Karl Martin. “There’s a simple philosophy around privacy — a system should only know as much about you as it needs to for that application.”
Nymi seeks to accomplish this through a wristband that identifies a user by their unique electrocardiogram signal and acts as a gateway to provide easy authentication for a number of applications.
“Biometrics are a very useful tool for identity management, but the danger there is that you’re collecting a massive database of biometrics, and that has many implications for security and privacy,” says Martin. It’s a legitimate concern — the idea of handing over more personal data to protect the data that’s already out there seems a bit backward at first.
But Nymi isn’t collecting or storing any of this data. “It’s not verifying who you are, just that you’re the same person that showed up before,” says Martin of the Nymi band. “We’re not actually managing your identity — that should be application specific, and you shouldn’t have all of your information in one place.”
Nymi has locked down a variety of partnerships, from password manager PasswordBox to MasterCard, and is in the process of closing more deals to become something like the single sign on for the world.
“I don’t think anybody has a sense that we have actually good solutions in operation now, there’s absolutely a need for new technology,” says Martin. “On the one side it’s kind of crazy what we’re doing, but on the other side, do you imagine ten years from now that we’ll still be using passwords?”