Catching the M&A Waves

Cameron D’Ambrosi [00:00:09] Welcome everyone to this month’s Investing in Identity Forum. I am your guest host, Cameron Ambrosi, joined by my friend and colleague Dave Fields. Dave, how you feeling?

David Fields [00:00:22] All good. Just mourning the end of summer, but looking forward to seeing what happens in the fall. You and we’ve certainly had, you know, for August, I think we’ve got a couple of interesting deals to talk about. So, you know, let’s get to it, right.

Cameron D’Ambrosi [00:00:36] I mean, you’ve always struck me as a guy who could pull off wearing white after Labor Day. So. But don’t worry too much about these social constructs.

David Fields [00:00:45] Thank you. Appreciate it.

Cameron D’Ambrosi [00:00:48] So, you know, interesting news around the space this month. I think we’d be remiss to not lead right off the bat with Thoma Bravo acquiring ping identity for $2.8 billion. They already own sale point. This is a space that I think has already been the area of intense focus, especially with all of the latest news around that Twilio Hack and the use of identity and access management as a threat vector. What are your thoughts high level on this acquisition?

David Fields [00:01:24] Yeah. So, you know, big, you know, big deal, right? You know, $2.8 billion, you know, Thoma Bravo, you know, they’ve got to be, you know, almost, you know, their total assets under management got to be close to $100 billion at this point. I know their latest fund was $20 billion. So have purchase of sale point at 6.9, Thoma Bravo at 2.8. I’m sure there was some debt financing in those acquisitions, but nevertheless, they’re you know, you have a private equity sponsor making a multibillion dollar bet on the space, you know, so why write one, you know, the same secular, you know, demand trends that we all talk about. You know, so not we won’t rehash those, but like huge bet on the space, right? So continued validation that irrespective of any tech slowdown broadly or where we are in sort of the macroeconomic cycle around inflation, employment, etc., etc., people are still very confident in getting an identity. Right. You know, I think the second point, it would be know looking at paying, look at sell point, neither one of these have really been the stellar outperformers. I mean, for a while I thought it was doing very well. For a while, you know, you still had ping, you know, which really was kind of languishing. You know, they were about flat with where their IPO price was from 2019. So hadn’t really gone anywhere. So Tom Perrotta looks at it, says, look, we’ve got an asset that’s certainly built up to a decent scale in size, but needs to be repositioned a little bit and probably needs a lot of investment. And that’s probably best done in the private markets, not the public markets. You know, if you have a company that needs to adopt a new long term strategy, providing quarterly updates to the public markets and having to answer Q&A on an every 90 days is probably not the thing you want to be doing. If you’re going to kind of really re-architect your long term strategy and potentially be executing some sort of M&A roll up. So there’s kind of like those are the two things that I expect, you know, there’s going to be some some sort of product repositioning and I suspect that we’ll see sell point and trying to sell point and ping combined in the next 6 to 12 months. And then it’ll be interesting to see sort of what then the bolt on acquisitions are that they look to make. So, you know, acquisitions that won’t be in the multibillion dollar size anymore, but potentially in the hundreds of millions of dollars sort of check size in and given, you know, the you know, I think at this point it’s over well over a thousand companies that you guys track in the liminal landscape. There’s probably going to be ample opportunity as sort of companies peter out in that series B, Series C raise. It can’t make it to that next stage. I think we’re going to see a lot of companies gobbled up by whatever this new Thoma Bravo backed entity becomes. And so that’s what I see in this deal. And you know, Cameron, like you tell me, like, you know, what do you see? And maybe what did I miss?

Cameron D’Ambrosi [00:04:19] I mean, I think more than anything else, this is a full throated endorsement of this notion that digital identity and cybersecurity are becoming, you know, whether you want to call it one in the same or, you know, two hands shaking each other. Whatever analogy you want to choose, like you cannot have a robust enterprise security posture without putting identity at the heart of it. And I think Thoma Bravo, you know, I think man on the street, you asked him what time a Bravo is about. They’re going to say cyber security. The fact that they are going so heavily into the identity space, I think is a fantastic endorsement of what we have been saying, which is you need to put identity and the digital identity lifecycle at the center of your security posture. Because with, you know, the way that the modern security landscape looks, your endpoints are everywhere. Anchoring on identity is really the only way to make heads of tails. And I agree 100% that I think this is the first of many dominoes that are going to fall. You’re going to start seeing some bolt on acquisitions. And I also would not be surprised to see if they roll this sale point and those, you know, privileged access management capabilities into the broader pink stack. Because I think you are again beginning to see that whether you’re talking identity governance administration, whether you’re talking identity and access management, whether you’re talking customer identity and access management, or whether you’re talking privileged access management, these are all the same kinds of questions. It’s about like, what do I know about the person behind the device? And then what can they do? What should they be able to do once they come into the system and rolling all them through a unified view just inherently makes sense. So I think we’ll look to see those photons coming on hot and heavy here.

David Fields [00:06:06] Yeah. I mean, I think I think the other point to be made is also that it’s a you know, it’s a big validation of market size. It just, you know, to kind of put it in financial terms, what you were just saying, you know, it’s a huge validation market size because you couple of they’ve bought a couple of assets, neither of which were really the market leaders or the market juggernauts certainly reached an impressive scale. I don’t mean to diminish or in any way take anything away from their accomplishments like sale point and Ping Identity were both multibillion dollar public companies. Right? Like that’s impressive. Incredibly rare to do, but they weren’t the biggest in their category. And so Tana Bravo is a very smart firm, is effectively saying that like, look, we can take assets which are, you know, strong or of a certain scale, but not the market leaders. And we can still make investments in this space and generate a very attractive return. Right. Like they’re going to be looking to create to deliver a three 3 to 5 X multiplier, which means they’re taking companies which are going to be combined, you know, $10 billion of enterprise value. And they’re going to be looking to at least double that over the next call it, like 3 to 5 years. Right. And so that’s going to require, you know, both investment and and a lot of growth. Right. And so anybody who’s looking at the space should be excited that we’ve now got a huge validation point about just how big the market opportunity is. Love it. Yep. And so that maybe with that, let’s go on to the next one.

Cameron D’Ambrosi [00:07:35] Yeah. So, you know, history doesn’t repeat itself, but it often rhymes. Balkan I.D. The Ai-Powered Identity, Governance and Administration Suite that, you know, to hear TechCrunch and others tell it is a big competitor to SailPoint just raised another round. They extended a 2.36 million, I guess seed plus round, bringing their total raise to 8.1 million. And, you know, this comes fast on the heels of them even just existing as a company. They came out of stealth in May 2022 and apparently have found tremendous product market fit, really strong demand for the platform and struck while the iron is hot and then attacked a couple extra million dollars of of fundraising on.

David Fields [00:08:28] Yeah. And so, I mean, Karen, do you know where they’re currently getting their their uptake in adoption and what sort of either, you know, use cases and you know your cusThomas they have what the profile is because it’s curious is where where they’re actually finding their growth right now.

Cameron D’Ambrosi [00:08:44] No visibility in terms of industry type, but I know they are focused on cloud centric enterprises. You know, I wrote about this in our morning brief for members, but, you know, there was a drinking game we had going at the office for a while, which was any time there was a data breach and the headline started with a misconfigured Amazon S3 bucket. Yeah, these guys are seeking explicitly to solve that problem. So they use artificial intelligence to be constantly, effectively, you know, scanning your, you know, enterprise permissions and identity surfaced, uncovering, you know, a new contractor that we just brought on board got lumped into the permissions to see all of this Amazon S3 data that they shouldn’t and can go ahead and basically proactively and intelligently reposition those accounts if you enable it or, you know, generate the reports that enable your team to do it. So it’s kind of a fundamental shift in the historic, you know, approach to IGA, which has been we’re going to kind of just configure things manually or using kind of recipes, right? Like, okay, we have this employee of a type, we’re going to have a profile that applies to those. They’re going to come in and that’s going to be applied, but not as much dynamic. You look back auditing and real time analysis of, you know, some facts on the ground have changed across our multi-cloud perimeter and all of a sudden we’re exposed. This is really seeking to remedy that. You know, the notion of the best defense is a good offense comes to mind. They’re realizing, like the the amount of permissions that the average, even small to medium enterprise has to manage is rapidly evolving beyond the scope of what, you know, human beings can process and manage bringing AI to bear on that problem set. So I would expect to see more of these types of technologies being deployed across their competitors because, you know, we’ve spoken at length and in the past segment about how we really see Iam IGA coming together and I think AI is going to be the linchpin of that because, you know, bolting on a legacy, you know, IGA or a solution to your identity stack I don’t think makes much sense if you had nothing to begin with. Folks are looking to go to what is now the best in class and I think that’s air centric.

David Fields [00:11:07] Yeah, no, I mean, look, it’s interesting. Like we’ve certainly seen a lot of AI and, you know, you know, part of the benefits of an approach like this, right, is that even if you’re a small or medium sized enterprise, you know, you’re now have a vendor who has visibility into configurations across many enterprises. And so you can actually benefit your enterprise or company can then benefit from like likely configuration mistakes or practices that are seen elsewhere. And obviously, while you’re not going to be you’re not going to be revealed how other people are configuring things, like they will then be able to look into yours and say, look, we’ve seen this mistake elsewhere and we have a very broad, incredibly broad and large data set that to, you know, to then develop these insights from. Right. It’s the same thing that we see in like fraud and risk and all the machine learning players that have gotten a huge uptake in like, you know, in the payments space and things like that. Behavioral biometrics, you know, that data, it’s really a similar application just now, something that’s being done really like within the enterprise and for its own users purposes. You know, in a B2B to see context, which is, you know, where we’ve seen most of the, you know, the fraud, you know, all of these machine learning applications in progress really take off. So it’s interesting to see that approach now being applied in just a straight enterprise context.

Cameron D’Ambrosi [00:12:19] All right, last one here. Truework. 50 million series. See some big names involved. G Squared led the round returning investors Sequoia Capital, Activement Khosla Ventures. Rumor has it that Beach Access was not included in the deal, but my sources are still confirming that. So Dave, what do you think about your work?

David Fields [00:12:43] So, look, I think it’s a good deal. The highlight right now, I think. You know, we’ve talked a lot about the slowdown. I think this is a good example of companies who can raise, can raise, but those who have to raise, i.e., those who are potentially running out of funding, are going to really struggling the challenge right now. So this tells me that this is a company that had really has continued to grow throughout whatever the market pullback was. You know, they’re geared to credit things like mortgage applications, auto loans, areas where we’re still seeing like the credit markets being pretty healthy as opposed to things like buy now, pay later or, you know, the robinhood’s of the world. You know, we talk a lot about identity verification and where there may be slowdowns or challenges there, given how geared they were towards, you know, the crypto exchanges, Robinhood kind of market speculation, things that were geared more to speculation like they’re we’ve seen a pullback. I think we’re going to see some challenges. But this is just much more like bread and butter parts of the economy where the consumer is actually still pretty healthy and there’s still sort of like pent up demand. Right. So a company that’s doing very well that raised a seriously, you know, $50 million growth round, which is something where we haven’t seen a ton of market activity. So I thought it was like good to highlight this deal. And then the last thing I mentioned is that I think it’s another example of the thesis of look for use cases which are still done in paper and then look to modernize and auThomate them through APIs. Right? Like a lot of income and employment verification, we’re still, you know, still done through letters from, like the head of h.r. At your employer. And this is obviously like a much more effective and speedy way to do things. And so it’s a good company, a good space, obviously, you know, pinwheels out there, they’re another, you know, competitor. It’ll be interesting if a company like Plaid pushes into a space like this down the road. Obviously, like API’s that connect data with you to, you know, financial services providers is kind of their bread and butter. And so it’ll be interesting to watch how this space evolves over the next 24 months. But clearly you’ve got to focus players on it right now, and I think there are some others that are looking at at the space as well. And so, you know, let’s see what happens over the next 12 to 24 months, certainly a space that I think everybody should continue to track. And I suspect we’ll be talking about it again in the next in the next couple of quarters.

Cameron D’Ambrosi [00:15:02] Yeah. I mean, you know, Equifax with the work number has really been that thousand pound gorilla in the space for a long time. And, you know, I think investors are hoping that that these guys can kind of crack that nut and emerge as a true alternative. Then I think the strength of their ability to kind of go out and get some of these newer data sources, you know, they they have key partnerships with platforms like gusto, like zenefits, bamboo, h.R. You know, if you think about the types of employees that are not in, you know, in ADP, right, the kind of legacy employment that I think is very well integrated into the financial services fabric. Those folks have always been very easy to verify. And that closing the gap on that, you know, 20, 25% of folks with more nontraditional employment, whether it’s kind of online to offline platforms that some folks call gig work or just small to medium enterprises that are not as connected with again, some of those larger platforms has been a fundamental challenge. And I think it’s great to see because, you know, I’m a big fan of inclusion from the moral perspective, but I also think it’s great business, right? I mean, anytime you have a pool of cusThomas who wants to transact and they’re being prevented from doing so by structural issues, huge market opportunity for rectifying those structural issues. So, so great to see the trauma team kind of stepping into that void.

David Fields [00:16:32] Yep, absolutely.

Cameron D’Ambrosi [00:16:34] So I think we are just about out of time here. But I know we wanted to do a quick hit on Microsoft, the launch of Android, the fact that their solution for kind of tying W3C compatible did directly to the legacy Microsoft as your Active Directory platform finally out in market. Dave, I know you have some thoughts here at a high level. How does this strike you?

David Fields [00:17:01] Yeah, I mean, look, I think I think what’s important about this is like there’s been a ton of companies who have raised we’re doing different things in dads or looking at how do you know what is what is identity access management meeting like a web three context. I know that’s very jargony. But, you know, so far we’ve had a lot of companies that have really been focused on like crypto native applications, whether it’s identity for decentralized finance applications or NetEase or, you know, Etherium wallet and how do we use it theory and wallets for solving like single sign on use cases and things of that sort. And so here’s what’s interesting is just like now we see, you know, one of the biggest arguably the biggest player in digital identity, certainly in the enterprise context, who’s now starting to incorporate, who now wants to incorporate dibs and like roll this out to their cusThomas. And so I don’t think anybody else is really positioned to do this. And, you know, I don’t really know. I mean, future proof is is like a term that’s thrown around a lot. Like, to be honest, like it’s such an eight Morpheus term, they’re not totally know what it means. But I’m curious to see who who takes this up and actually starts using this and actually what is the use case that they use? If you read some of the press release that Microsoft has done, they talk about things like employment verification, income verification. We were just talking about Truework. So like Microsoft sees a potential role in like that use case and like data sharing and portability. And so will this now be the first time where people are actually using crypto or blockchain based applications and they actually that’s invisible to the end user. So we actually have users who are using this now because they’re like Bitcoin or Ethereum fanatics and like, you know, religious ideologues about decentralization and people who are just using something because it is that magical. It just works, you know, feeling that we all get when we, when we use a new technology, right. So to me, it’s interesting. But like, I still want I want to hear a cusThoma come out and say these users or in this use case or in this context, we’ve been using this and people didn’t even really know or think about it. Right. And so that’s what’s exciting to me. And I’m like, I want to see. I want to see what they say and who’s actually willing to come out and put their name on this to say that. Yet they brought this out.

Cameron D’Ambrosi [00:19:16] Yeah. I think it’s positive direction all around. Obviously very hopeful for the future of decentralized identity. And I’m hopeful that this can kind of, again, bridge some of that gap between the folks who are maybe more ideological when it comes to the deployment of decentralized identity and the more pragmatic side, which by definition requires direct institution with both kind of more legacy oriented technologies as well as more centralized platforms. So, you know, this could be a situation where we can proverbially have our cake and eat it, too. And folks that want to be more in control of their identities and and more aggressive about their posture and interaction with centralized platforms, can pick and choose their spots where, if necessary, they can take their, you know, fully user centric, decentralized identity and tie it in to the legacy platforms that are maybe still running, you know, an Azure Active Directory and and get some of those benefits of maintaining control and self sovereignty while still not being kind of shut out of you know the more again legacy ecosystems that are oftentimes a necessity for for doing business in the 21st century. So I think it’s a wait and see for me, like would love to check back on this, you know, in six months a year and see, okay, like where has this actually been rolled out and and what kind of momentum are we seeing? So let’s. Well, we’ll mark this down as a feather in our cap for yeah. For later episode.

David Fields [00:20:49] Absolutely.

Cameron D’Ambrosi [00:20:51] Awesome. Well, on that note, everyone, enjoy your Labor Day weekend and we will see you back here next month.