Capital might be harder to come by than it once was in startup land, but some firms are bucking the trend — hard. Take Descope, for example, which today announced that it raised a whopping $53 million in seed funding for its “developer-first” authentication and user management platform.
The money came from Lightspeed Venture Partners and GGV Capital with additional funds contributed by Dell Technologies Capital, TechAviv, J Ventures, Cerca, Unusual Ventures, Silicon Valley CISO Investments and individual investors CrowdStrike CEO George Kurtz and Microsoft chairman John W. Thompson. It’ll be used, Descope co-founder and CEO Slavik Markovich says, to grow Descope’s product capabilities, invest in research and support open source initiatives around authentication, authorization and user management.
“The Descope platform helps developers add authentication, user management and authorization capabilities to their business-to-consumer and business-to-business apps with just a few lines of code,” Markovich told TechCrunch in an email interview. “It helps apps accelerate their time to market, increase the efficiency of their engineering resources, reduce user friction and prevent a wide variety of identity-based cyberattacks.”
Why the large cash infusion — particularly large for a seed round — in a dev-focused startup, you might ask? Markovich says that it came down to timing. In tight economies, organizations feel the pressure to shift software development efforts to initiatives that’ll move the needle for business. Descope enables them to achieve this, Markovich avers, by outsourcing many necessary — but not revenue-generating — authentication and user management app components, freeing up dev teams.
Descope was founded last April by the members of the core team that built the security operations platform Demisto, which Palo Alto Networks acquired in March 2019. While at Demisto, the team says that they experienced the pain of building authentication and user management functionality — including password management, single sign-on, tenant management and roles and permissions — firsthand. It turned into a multiyear investment, Markovich says — not to mention a massive time sink.
“With Descope, the team’s vision is to ‘descope’ (hence the name) authentication and user management from every app developer’s daily work, so that they can focus on business-critical initiatives without worrying about building, updating and maintaining authentication,” Markovich said.
Markovich doesn’t deny that there’s a wealth of competition in the user authentication space, like ConductorOne, Stytch, Transmit Security and Okta-backed Auth0. (In 2021, VC investment in identity management startups reached $3.2 billion, according to Crunchbase — a record at the time.) But he asserts that Descope is differentiated by its workflow and screen editor, which are drag-and-drop as opposed to code-based and intended to let developers customize authentication flows for apps without having to write any code.
“This greatly speeds up time to market and also makes it easier to modify and update user journeys flows with time,” Markovich said. “These no-code workflows abstract away the complexity of building authentication while still giving app builders control over their user experience and user interface.”
Beyond the editors, Descope offers a set of software development kits and APIs that allow customers to add passwordless authentication methods (think biometrics, risk-based authentication and multifactor authentication) to existing apps and services. Security teams get app security flows that they can review and audit for compliance.
So why launch Descope now? There’s no shortage of rival apps, after all. But Markovich says that the team felt the industry had reached an inflection point. Over 66% of smartphone users are expected to use device-native biometrics instead of passwords by 2024, he noted, citing data from Mercator, while authentication protocols like FIDO2, WebAuthn and passkeys have set the foundation for a passwordless future. The next step, Markovich argues, is enabling developers to easily add passwordless authentication methods alongside others such as social logins, one-time passwords and magic links to their apps.
There’s demand to be sure. According to a recent survey by Enterprise Strategy Group, 85% of IT and cybersecurity professionals agree the adoption of passwordless technology is among their top strategic initiatives.
“Passwords are not only the leading cause of security breaches, but are also known to cause friction throughout a user journey — leading to churn and a negative experience for end customers,” Markovich continued. “The proliferation of cybersecurity attacks due to poor identity and authentication practices such as credential stuffing, bot attacks, session hijacking, brute force attacks and other types of password compromise. Authentication and user management are critical parts of any digital application.”
It’s a tough time to launch a startup regardless, what with less access to capital and uncertainty around the wider economic landscape. Descope doesn’t have much traction to point to, either — the platform’s in private beta and Markovich declined to comment on revenue or the size of the company’s customer base.
Still, Markovich claims that Descope is “well-positioned” to weather a slowdown in tech, and perhaps even uniquely positioned considering challenging economies are frequently accompanied by increased fraud and cyberattacks.
“The Descope team is full of seasoned startup operators that have built companies in both bull and bear markets,” Markovich said. “They are experienced in allotting capital towards initiatives that move the needle for business in a sustainable, customer-centric and efficient manner.”
We’ll have to wait and see whether that turns out to be the case.