Ridge Trailblazers: Cerby Illuminates $400 Billion Shadow IT Problem
This shadow IT stopper is in a league of its own
In February, Ridge Ventures led an investment in Cerby, the startup that’s addressing the $400 billion “shadow IT” problem. It sounds like the title of a Tom Clancy novel, but shadow IT is actually when a non-IT employee uses an unauthorized app and subsequently unlocks a Pandora’s box of security vulnerabilities.
This issue is more common than originally thought. Companies building SaaS apps struggle to ensure a robust security layer around the identity layer. While many do integrate into an identity access management solution (IAM) like Okta, several applications only support individual account use. Social media apps, for example, which have largely been used by consumers and now are central to being used by corporate teams, aren’t fit for enterprise identity management. Other examples include systems mandated by regulators to be used by companies.
Enterprise execs, particularly CIOs and other IT higher-ups, are desperate for a remedy. Cerby is the best — and for now the only realistic — option they have. No other tool significantly lowers shadow IT risk by incentivizing non-IT users to register their shadowy apps while automating the entire app lifecycle.
I know a singular (and category-creating) solution when I see one. After five stints as a CIO and three as a CISO, I’ve encountered the issue of non-IT-managed apps firsthand and certainly could have used Cerby before I transitioned over to the venture business.
The Ridge team knows Cerby is a gem as well. We’ve collectively backed a slew of security solutions, including Deduce, Asimily, and Productiv, which amplifies our understanding of the landscape and excitement over Cerby’s upside.
Here is why we’re excited about Cerby’s potential as they tackle the ever-so-sneaky shadow IT predicament.
Shedding light on shadow IT
Shadow IT was already a problem, then the pandemic happened. The resultant shift to distributed work made it worse, as 71 percent of users in the US purchase unsanctioned apps to increase productivity.
Productivity is great, cybersecurity risk is not. Bad actors see non-IT-managed apps as easy money, particularly marketing apps. A report from Gartner expected shadow IT to cause one third of enterprise cybersecurity attacks by 2020 — a scary number considering this prediction was made well before the pandemic.
Social media apps represent a significant portion of shadow IT cases. Companies can sometimes deploy hundreds of apps for their social media accounts alone, many sans IT oversight. The separate login credentials for each of these apps — often shared between colleagues via Excel sheets or managed by contractors/outside agencies — increase the likelihood of account takeover, a subsequent data breach, and potentially a major hit to organizational reputation. Single-sign-on (SSO) solutions, like Okta or OneLogin, would normally enable secure access, but most social media apps aren’t compatible with enterprise architecture and corporate security systems.
Cerby solves for this need, making it the perfect complement to unsanctioned social media apps as well as an awesome integration for users of Okta or other corporate identity platforms. Other apps that do not conform to standard SAML and SSO provider protocols, such as those in the financial reporting and compliance realm, can also experience Cerby’s magic.
Cerby utilizes several key functions to plug shadow IT security gaps. End-users can log in securely, store login data, and share this data with collaborators. IT teams can set policy at the application, team, and company level. All the while, Cerby is discovering and monitoring authentication and authorization paths for non-conforming applications.
The net result for IT and non-IT buyers? An automated, stress-free solution that fixes shadow IT liabilities efficiently and facilitates collaboration.
Protecting the non-conformists
Given its lack of direct competition, Cerby’s outlook is incredibly bright — and hard to quantify. What can be said is that half of the apps used in the workplace are purchased by a non-IT buyer ($400 billion globally). By any calculus, that’s a lot of IT teams in need of some serious fraudster proofing.
A major differentiator for Cerby — and why it’s creating its own lane — is its seamless integration with existing Okta customers (and those from other identity management tools). Zeroing in on securing non-conforming apps, rather than positioning itself as a complete security solution, crowns Cerby as the de facto shadow IT stopper within a sizeable niche.
Looking ahead, Cerby could end up as the Okta equivalent for the thousands of business apps that don’t conform to SAML and SSO protocols, and thus aren’t compatible with Okta, OneLogin, etc. (Mailchimp is worth $12 billion but is non-conforming.) This conformity gap, so to speak, will continue to widen and Okta isn’t looking to solve it anytime soon. Evident in its support of Cerby’s funding round, Okta is clearly willing to leverage Cerby to reach non-conforming customers, which certainly bodes well for Cerby’s future.
It starts at the top
Cerby’s approach to fixing the shadow IT mess is one of one. But its two co-founders are just as special, and why the company is primed for a long, profitable journey.
CEO Belsasar Lepe previously co-founded Ooyala, a video platform that exited twice for more than $440 million, and served as Head of Product at Impira, an automated data platform. CTO Vidal Gonzalez has held the same role at three other companies (Cerby, Wizeline, Inviko). Between Ooyala and Wizeline, Belsasar and Vidal generated more than $1 billion despite pivots and changes to the business models over time. Exemplary as Cerby’s product is, Belsasar and Vidal’s domain expertise and extensive experience leading startups sealed the deal for us.
With two phenomenal leaders behind the controls, and a solution that’s finally shedding some light on shadow IT, Cerby is the textbook definition of a Ridge Trailblazer.
Keep it up, Cerby team! Excited to be part of this company and represent it as your honorary sales rep!