This week privileged access management vendor CyberArk completed the acquisition of SaaS identity and access player Idaptive. The price was approximately $70 million.
What impact will this have on CyberArk’s go to market and potentially the rest of the privileged access management market?
CyberArk Key Facts:
- Founded: 1999
- HQ: Greater Boston Area, USA
- Founders: Alon Cohen, Udi Mokady
- IPO Date: Sept 2014
- Total Funding: ~$570 million
- Number of Acquisitions: 6
- Employees: ~1500 (19% year on year growth)
Source: Crunchbase and LinkedIn
CyberArk Q1 2020 Performance:
- Q1 2020 global revenue was approximately $106.8 million, up 11% from Q1 2019
- Revenue was split roughly 50:50 between license and professional services
- End of Q1 cash (and cash equivalents) stood at $1.2 billion (up from $509.7 million Q1 2019)
- Q2 2020 revenue prediction to be between $95 million and $105 million
Source: CyberArk Q1 2020 investor relations release
CyberArk Key Features:
- Privileged Access Security – high value account management; centralised; multi-layered; human/service/IoT; monitoring; session management; least privilege management, 500 application integrations; credential rotation; scaleable; cloud/SaaS/on-premises
- Application Access Manager – devops secrets manager; non-human credentials management; identity and permissions management; container-first; policy driven for machine Ids; out of the box CI/CD integration; compliance reporting (what has access to what); open source component under the name Conjur
- CyberArk SaaS Portfolio – cloud delivered functionality; rapid start; on-premise/cloud/hybrid credential management; integration via CyberArk Marketplace; CyberArk Alero VPN-less management of remote users to on-premise systems via one time QR; Cyber Endpoint Privilege Manager for Mac/Windows endpoint protection removing need for admin accounts with analytics via lightweight agent
Idaptive Key Facts:
- Founded: 2018 (spin off from Centrify)
- HQ: San Francisco Bay Area, USA
- Founders: Danny Kibel
- Employees: ~122 (down 4% year on year growth)
Source: Crunchbase and LinkedIn
Idaptive Key Features:
- Multi Factor Authentication – protection of apps (cloud/hybrid) by network/device/user behaviour context; factors include FIDO/2, SMS, OTP, wearables, OATH; adaptive response based on context; simple administration, reporting and enrolment
- Single Sign On – cloud, mobile and legacy application integration; directory integration into the Idaptive Identity Platform; basic user profile management for single set of credentials; integrates with Idaptive Gateway for on-premise application protection; contextual access management based on machine learning and user behaviour analysis; application catalogue that contains thousands of templates to standards based applications
- Provisioning & Life-cycle Management – user and credential association management; see who has access to what; manage via visibility and workflow; role mapping between Idaptive Identity Platform and downstream application entitlements; integration with HR systems
- Risk Analytics – user behaviour monitoring; anomaly analysis and risk reduction dashboard
- Device Security Management – corporate and BYOD for Android, iOS, Windows and Mac endpoints; policy driven to identify trusted devices; enforce device best practice; remote lock
- App Gateway – on-premise VPN-less application protection for remote users; integrates with MFA and adaptive access
Go To Market Impact
The acquisition clearly broadens CyberArk’s capability set. By branching out into the non-privileged identity space, CyberArk can start to operate an end-to-end identity security platform. The interesting aspect, is that Idaptive was spun out from Centrify back in 2018. Centrify is a direct competitor of CyberArk in the privileged access management space, and in 2018, Centrify announced the setup and spin off Idaptive. So what prompted that?
At the time, the newly named Centrify CEO Tim Steinkopf acknowledged “The more we looked at our business, the clearer it became that a huge opportunity existed to create two organizations that can each better focus on innovation, accelerate their respective roadmaps, and ensure customer success”.
The acquisition of Idaptive, was CyberArk’s sixth acquistion, with the previous 5 being:
| Date | Acquired Company | Details |
| Mar 2018 | Vaultive | Cloud provider of network proxy technology; private enterprise; continued focus by CyberArk on cloud enabling technology. No price given. |
| May 2017 | Conjur | $42 million purchase; cloud automation company |
| Mar 2016 | Agata Solutions | Israeli deep packet inspection company. No price given. |
| Oct 2015 | ViewFinity | $30.5 million purchase; least privilege and access control solution; agent based |
| Aug 2015 | Cyverintel | $20 million purchase; Israeli threat intelligence |
The above entities have all been wrapped within the CyberArk umbrella, being re-branded as per their key features listed above. But what does the Idaptive acquisition lead to? Clearly another of set of tools and personnel with cloud experience, will help to potentially transition more revenue to their cloud offerings. The branch into the more standard identity use cases away from high net worth credentials, may open CyberArk to further competition from traditional identity and access management vendors who may look to add in “lite versions” of privileged access management.
It will be interesting to see if the other privileged access management vendors start further acquisition activity.