Company Key Facts
 | Web – https://sgnl.ai/ LinkedIn – https://www.linkedin.com/company/sgnl-ai/ Twitter – https://twitter.com/SGNL_ai |
| Founded Date | 2021 |
| Founders | Scott Kriz, Erik Gustavson |
| Headcount | 31 |
| Total Funding | $12 million |
| Locations | Palo Alto, USA, hybrid working |
| In Their Own Words | “Modern Enterprise Authorization. We enable just-in-time access, at enterprise scale, for the modern workforce.” |
Funding
SGNL has raised a total of $12M in funding over 1 round. This was a Seed round announced on Oct 27, 2022.
| Announced Date | Transaction Name | Number of Investors | Money Raised | Lead Investors |
| Oct 27, 2022 | Seed Round – SGNL | 4 | $12M | Costanoa Ventures |
Source: Crunchbase
Technology Key Facts
| Go To Market Message | “Just-in-time access for the enterprise is now here.” |
| Solutions | Enterprise Authorization / |
| Product / Platform | Just in Time Access / Fine-Grained Authorization / Intuitive Policy |
| Useful Links | Blog Request a Demo |
Target Customers
| Organization | Persona | Use Cases / Problems Being Solved |
| Medium to large enterprise in regulated industry (5000 – 10000 employees) | IAM architect | The externalization of access control logic from a protected application, with just-in-time data to be a factor during run time access decision evaluation. |
| Medium to large enterprise | Application owner | The ability to design fine-grained access policies in a centralized location, with policies that are human readable. |
| Medium enterprise | Security architect | The ability to provide REST based policy decision point for the evaluation of access control to consumer PII based on customer support personnel context. |
| Large enterprise | Compliance Specialist | Reduce the need for access certifications and separate IGA workflows for access decisions by integrating directly with systems of record. Layer over RBAC to dynamically elevate or reduce permissions based on ticket assignments, lead assignment, etc. |
| Medium to large enterprise (5000-10000+ employees) | CIO, CISO | Increased business agility via always on, simplified administration and including auditable trails to determine why access was granted |
Technology Review
Capabilities
SGNL provides several capabilities in the field of external authorization. Organizations of varying sizes are now feeling the pinch of the limitations with respect to homegrown access control solutions. Stale permissions, excessive permissions, hard coded users and groups, a lack of visibility and difficulties with integration are all limiting organizational ability to collaborate, share data and support customers.
SGNL is tackling the access control problem with a set of modern, enterprise-ready capabilities and features. Firstly an extensible policy engine allows an agnostic approach for downstream integrations. The objects requiring access control protection can query the SGNL policy engine with any associated identity context, before receiving direction with respect to allowing access. Whilst this model is quite common, the addition of a graph directory (technically acting as a policy information point) is quite novel.
Source: SGNL YouTube channel
The use of graph technology has been on the rise within the IAM space, due to the power of being able to make inferences with respect to relationships and complex interactions. Historically identity profile and permission data was stored in LDAP directories. Directory storage is based on the DIT – directory information tree – where relationships are described hierarchically – which by design can be quite limiting in the type of queries that can be created.
In today’s hyper connected world, relationships between subjects and objects are ever increasing, as is the contextual data that is available to overlay into the access decision making process. This context from SGNL’s world, seems to be more volatile data – support personnel associations with customer tickets, Salesforce associations and so on.
These temporal relationships and data which are not necessarily known up front – and needs to be constructed and inspected at access request run-time.
Another feature that SGNL are promoting is the human readable nature of the authorization policies. Policy based access again has been around for some time – and often created and managed by technical personnel within the organization. Typically application owners or identity administrators. SGNL is promoting the focus on the human readable nature of policy design – with a near natural language approach to describing the subject to object relations.
This could potentially open up the access control demand to other parts of the organization, such as line of business managers and product managers, as well as those that actually define policies for an enterprise.
The Cyber Hut Comment
Authorization has seen a huge upswing in demand in recent years. Funding has increased and demand for both B2E (employee) and B2C (consumer) data and service protection above and beyond the coarse grained models based on RBAC and ABAC are high. A main concern many organizations have is the ability to have a centralized model for access control – where a variety of protected systems can leverage a consistent policy based model that associates the correct subjects to the correct objects at the correct time – along with the fine grained representation of the actions they can perform. SGNL’s approach to leverage both graph technology to integrate multiple disparate sources of identity and permission related data along with a more just-in-time and zero standing privileges model taken from the PAM world looks to deliver a different approach to the common authorization problems of 2022.
Projects looking to move towards a zero trust identity centric approach or protect customer PII should look to investigate such approaches.