Governance & Risk Management , Identity Governance & Administration
SailPoint Buys SecZetta to Safeguard Non-Employee IdentitiesSailPoint's First M&A Under Thoma Bravo to Help Lower Third-Party Identity Risk
SailPoint has made its first acquisition since joining private equity firm Thoma Bravo, scooping up a third-party identity risk startup established by a Massachusetts Air National Guard veteran.
See Also: Preparing for New Cybersecurity Reporting Requirements
The Austin, Texas-based identity governance vendor says purchasing Fall River, Massachusetts-based SecZetta will give customers more visibility into employee, third-party contractor and temporary worker identities from a single platform. The SecZetta deal will make it easier for SailPoint customers to fully validate non-employee identities, which now make up nearly half of today's enterprises, the firm says.
"Most enterprises no longer rely solely on full-time employees to keep their business running," says SailPoint Executive Vice President of Product Grady Summers. "Yet not all of these companies have considered how this change impacts their approach to identity security. With SecZetta, we can quickly give our customers the consolidated intelligence and visibility they need to ensure proper oversight."
SecZetta, founded in 2019, employs 75 people and has raised $30.5 million in two rounds of outside funding, according to LinkedIn and Crunchbase. SecZetta was founded and led by Massachusetts Air National Guard Veteran David Pignolet - who isn't mentioned in the acquisition press release - and employed "father of identity management" Richard Bird as its chief product officer for nearly a year (see: Despite Fervor for the Cloud, Here's Why Hybrid Is Forever).
Taking Advantage of Thoma Bravo's Balance Sheet
Terms of the SecZetta transaction weren't disclosed. It is SailPoint's first acquisition since being taken private by Thoma Bravo in August for $6.9 billion. The private equity firm subsequently purchased identity and access management vendor Ping Identity in October for $2.8 billion and agreed that same month to take Ping rival ForgeRock private for $2.3 billion (see: Identity Firm SailPoint to Be Bought by Thoma Bravo: $6.9B).
SailPoint executives weren't immediately available for additional comment to Information Security Media Group.
"With Thoma's balance sheet and our thoughts on how the market is evolving, we will probably be able to look at some bigger things," SailPoint Founder and CEO Mark McClain told ISMG in September. "We have some options of things we think that could make sense for us. And with Thoma, I think we'll get to investigate in those and see what makes the most sense and perhaps execute some of those."
Adding SecZetta to SailPoint's Identity Security Cloud platform will provide the necessary intelligence to better answer questions such as, "Who should have access to what?" SailPoint says. Combining the two organizations will also help customers merge and organize workforce data to create a centralized repository of identities, according to SailPoint.
This identity intelligence will be packaged to provide customers with risk management and governance around both employee and non-employee identities from a single platform, SailPoint says.
"Acquiring SecZetta allows us to quickly address an emerging threat to our customers' business not currently addressed by SailPoint - and that is the gap in visibility over non-employee identities," McClain says in a statement.
In the fiscal quarter ended Oct. 31, SecZetta added education service company Nelnet as a customer as well as Sentara Healthcare, a 12-hospital system in Virginia and North Carolina with roughly 30,000 employees. SecZetta also forged partnerships with technology vendors Beyond Identity, BeyondTrust and Cipher as well as service provider Ahead, according to a company press release.
Sixth Acquisition in SailPoint's History
The acquisition of SecZetta under Thoma Bravo comes after SailPoint made four transactions as a publicly traded vendor. In March 2021, SailPoint purchased startup ERP Maestro for $28.1 million to automate controls for access to SAP. A month earlier, SailPoint bought Intello for $42.9 million to help customers discover, manage and secure SaaS applications that are outside the IT organization’s purview.
In October 2019, SailPoint bought emerging vendors Orkus and OverWatchID for $37.5 million to help customers better control access to applications in public cloud environments. Those deals were intended to help SailPoint detect potential anomalies in the cloud, enforce access policies across all users and maintain compliance across all enterprise infrastructures.
Prior to going public, SailPoint in July 2015 bought Whitebox Security, which was focused on reducing security risk by identifying where sensitive data resides.
"We've mostly done what the market tends to call tuck-in acquisitions," McClain told ISMG in September. "We bought smaller, very smart groups of technology folks with generally either a barely-in-the-market product or early-in-the-market product with great tech and the opportunity to accelerate something we were thinking of doing."