In mid-1996, Sabeer Bhatia and Jack Smith revolutionized the internet by making e-mail open to access from anywhere in the world by starting Hotmail. That revolution relied on password-based identity verification. In 1999, a flaw was discovered – the use of the password ‘eh’ along with a short login script would enable anyone to access any account. This was probably the first major identity crisis of the early internet, though it is laughable to imagine today. Even though security systems online have got better since that time, the threats today are more complex than hobbyist hackers, and the stakes are much higher. The number of people affected by identity fraud increased by 8% to 16.7 million US consumers in 2017 over the previous year, causing them a loss of $16.8 billion. Today, a data breach can directly affect not just companies’ channels of communication, but lead to the compromise of user financial assets, health records, and personal safety and/or privacy. Clearly, identity verification still lies at the heart of safeguarding consumer experiences on the internet.
Auth0, a Seattle-based Identity-as-a-Service (IDaaS) startup with offices in Buenos Aires, London, Sydney and Tokyo and 300 employees believes it can make the internet safer with a new way to identify users. With a view to capturing some part of the Identity Access Management (IAM) market – projected to surpass $13 billion by 2021 – Auth0 provides developers and enterprise customers with a secure and extensible identity platform, enabling them to resolve various different scales of identity use cases. The company authenticates more than 40 million logins daily and boasts an impressive roster global enterprise partners that includes companies like Atlassian, NVIDIA, Dow Jones, Mozilla, AMD, and Schneider Electric.
Their growth has been sustained since being founded in 2013; revenue in 2017 doubled over 2016, and the company added 1500 new customers in the last year alone. According to CEO and co-founder, Eugenio Pace, this was indicative of the need and demand in the market for an end-to-end identity solution.
The Auth0 Story
Eugenio (pictured here, courtesy Auth0) met co-founder and current CTO Matias Woloski at Microsoft in 2006 as a Product Manager, while Matias was an Enterprise Architect at Southworks – one of Microsoft’s biggest global vendors based out of Argentina. They collaborated together and bootstrapped the company to build a minimum viable product between 2012 and 2013. After a few large customer wins, more traction and visibility in the identity market, they brought Jon Gelsey on board as CEO in January 2014, who had been Microsoft’s Director, Strategy and M&A. By September 2014, when Auth0 received its seed funding of $2.4 million, it had several clients; most notably, Berkshire Hathaway’s travel insurance arm and Schneider Electric. The seed round was led by Bessemer Venture Partners with participation from K9 Ventures, Portland Seed Fund, and NXTP Labs.
The company has raised a total of $54.3 million, with the latest round in June 2017 at a $250 million evaluation. It has undergone three rounds of funding after the seed, with renewed participation from Bessemer and K9 showing sustained investor interest. The company also added Trinity Ventures which led its Series B in 2016, before going international with Japan-based NTT DOCOMO Ventures and Australia-based Telstra Ventures joining in the 2017 Series C. The company grew considerably during Jon’s tenure as CEO, becoming a multinational corporation with a development, marketing, sales, finance, and operations team catering to customers in more than 70 countries.
The company leveraged their former Microsoft credentials to add to their team, with many of its most prominent executives coming from their former employer, headquartered in neighboring Redmond, merely 15 minutes away from Auth0’s Bellevue office. The company used its growing team to fuel product development, evolving its offerings both in terms of scope and features. In June 2015, it was focusing on APIs, identity management for IoT devices, and had recently unveiled multifactor authentication functionality. By August 2016, it added passwordless authentication, support for extensions, and anomaly detection tools to its product features, making a space for itself in the growing identity management space.
The increased need for identity management for the digital ecosystem
Driven by an increased expectation of seamless platform, service, and product interoperability in a world increasingly reliant on cloud and mobile technologies, the demand for robust identification systems has only increased since Auth0 was born. To ensure access across multiple devices while safeguarding privacy, companies active in the digital domain – SaaS, e-commerce players, and their ilk – rely on identity verification systems. Users rely on such systems to prevent misuse and also to safeguard their bank account and/or medical records. Ordinarily, any developer needing to verify user identity would have to write complex lines of code and integrate into existing technology infrastructure to develop a robust identity verification system. Further, they have to develop architectures and hierarchies to provide differentiated access to their various programs and modules to different levels of users, and also help provide access control across web, mobile, IoT, and internal applications.
Auth0 provides developers and enterprise customers with a secure platform to integrate with, enabling them to resolve various different scales of identity use cases. Their platform currently secures 1.5 billion logins per month, preventing more than 1.3 million malicious logins over time. In a world where companies have to build complex digital ecosystems and regulate access between external customers, trusted business partners, and internal employees, the company looks to offer reliable and easily integrated identity management modules to the market. The company commissioned a Forrester Total Economic Impact report which found Auth0’s solutions helped improve conversion rates, gain increased business from partners, and restrict developer costs. These marque customers of the platform showed a cumulative increase of $2 million in revenue, and a reduction of $3.7 million in IAM-related management costs.
Market recognition for Auth0
Buoyed by this strong and in-demand value proposition, Auth0 is considered one of Seattle’s top 10 most highly valued SaaS startups. It used the funds from its latest funding round to power its international expansion, opening branches in London, Sydney, and Tokyo, and to expand its leadership team with industry leaders brought in as Chief Information Security Officer, Chief Marketing Officer, and as General Counsel. This is part of the company’s plans to raise the company’s profile, adding new sales, marketing, and customer success capacity in addition to engineering resources.
The company’s desire to raise its profile is impressive, given the accolades it has already collected. A sustained effort towards a welcoming work culture and ethos (including a remote working policy that relies on their own systems) was instrumental in making it one of Seattle’s top 10 employer brands according to Hired’s 2017 Global Brand Health Report. The company’s collection of industry-leading talent and targeted delivery of enterprise services even landed it on Business Insider’s list of 51 enterprise startups to bet your career on in 2018.
The present and the future
Over the past few years, Auth0 has become known as a company that provides a universal platform for any identity use case. This shift in strategy also comes as Jon Gelsey stepped down as CEO in December 2017, assisting in the transition as Founder Eugenio Pace took his place. As companies develop their own or rely on various cloud services to provide their services across a more networked world, Eugenio wants Auth0 to use single sign-on products to help manage this complexity.
Conventional IAM consisted of two distinct functions: authentication, i.e., the verification that the user is who they say they are, and subsequently authorization, i.e., providing access to different buckets of content on the basis of the authentication. If server-side systems can communicate with each other and convey authentication credentials, platforms will just need to link user authorization credentials and allow the user to access their account without logging in.
This is of immense potential in an era where data is being declared the world’s most valuable resource. Collecting user data allows today’s AI-driven algorithms to create statistical models on the basis of their behavior. Companies can use insights drawn from this data to personalize company offerings and provide opportunities for more targeted messaging. This helps companies increase their sales and conversion rates. But how is Auth0 communicating this value proposition to the market at large?
Martin Gontovnikas (Gonto), Auth0’s first marketer, says he beat the flat signup growth trap with a combination of data-driven analytics and empathy-driven human outreach. Under his instigation, the company’s approach is developer-focused and two-pronged. The company focuses on producing digital content targeted towards developers looking for a greenfield IAM solution. It also focuses on attending developer conferences, making human connections that have helped the company’s website reach the top 5000 in the country purely on the back of sustained developer interest. Further, their content strategy has resulted in an impressive 96% of its inbound leads driven by content, and have helped maintain a healthy monthly sign-up rate.
A new CEO, and a new Chairman on the Board, a rich history of product development and innovative marketing, a timely and in-demand value proposition – Auth0 has a lot of interesting variables going into 2018. But there’s one constant in IDaaS – reliability. As OneLogin, a company offering a similar product, found itself breached in 2017, there is some wariness about how secure these companies are. On Auth0’s part, it is continuing to push the envelope; it will be providing authentication services to Coinsource, the world’s largest Bitcoin ATM operator, and to Google Cloud customers through its platform partner program. The company has essayed an impressive growth story, established a strong brand presence, and crafted a popular solution to a universal problem; if the company can continue offering reliable IAM services and avoids breaches, it could have the potential to stand with the likes of Amazon, Microsoft, CostCo, Starbucks, and Redfin as one of Seattle’s most prominent companies.