Capital may be harder to come by than ever in startup land, but some companies are bucking the trend — hard. Take Descope, for example, which announced today that it had raised a whopping $53 million in seed funding for its developer-first authentication and user management platform.
The money came from Lightspeed Venture Partners and GGV Capital with additional funds contributed by Dell Technologies Capital, TechAviv, J Ventures, Cerca, Unusual Ventures, Silicon Valley CISO Investments and individual investors CrowdStrike CEO George Kurtz and Microsoft Chairman John W. Thompson. It will be used, says Descope co-founder and CEO Slavik Markovich, to grow Descope’s product capabilities, invest in research and support open source initiatives around authentication, authorization and user management.
“The Descope platform helps developers add authentication, user management, and authorization capabilities to their business-to-consumer and business-to-business apps with just a few lines of code,” Markovich told AapkaDost in an email interview. “It helps apps speed time to market, increase the efficiency of their technical resources, reduce friction between users, and prevent a wide variety of identity-based cyber-attacks.”
Why the big injection of cash – especially big for a seed round – into a developer-focused startup, you might ask? Markovich says it came down to timing. In tight economies, organizations feel the pressure to shift their software development efforts to initiatives that drive business forward. Descope enables them to achieve this, Markovich claims, by outsourcing many necessary — but not revenue-generating — app components for authentication and user management, freeing up development teams.
Descope was founded last April by the members of the core team that built the security platform Demisto, which Palo Alto Networks acquired in March 2019. At Demisto, the team says they experienced the pain of building authentication and user management functionality, including password management, single sign-on, tenant management, and roles and permissions — first hand. It became a multi-year investment, says Markovich, not to mention a huge waste of time.
“With Descope, the team’s vision is to ‘descope’ authentication and user management (hence the name) from every app developer’s day-to-day work, so they can focus on mission-critical initiatives without having to worry about building, update and maintain authentication,” Markovich said.
Markovich does not deny that there is a lot of competition in the user authentication field, such as ConductorOne, Stytch, Transmit Security and Okta-backed Auth0. (In 2021, VC investment in identity management startups will hit $3.2 billion, according to Crunchbase — a record at the time.) But he claims Descope stands out for its workflow and screen editor, which are drag-and-drop as opposed to code-based. and intended to let developers customize authentication flows for apps without having to write any code.
“This significantly speeds up time to market and also makes it easier to customize and update user journeys over time,” said Markovich. “These no-code workflows abstract away the complexities of building authentication while still allowing app builders control over their user experience and user interface.”
In addition to the editors, Descope offers a set of software development kits and APIs that allow customers to add passwordless authentication methods (think biometrics, risk-based authentication, and multi-factor authentication) to existing apps and services. Security teams are given app security flows that they can review and monitor for compliance.
So why launch Descope now? After all, there’s no shortage of rival apps. But Markovich says the team felt the industry had reached a turning point. More than 66% of smartphone users are expected to use device-native biometrics instead of passwords by 2024, he noted, citing data from Mercator, while authentication protocols such as FIDO2, WebAuthn and passkeys have laid the foundation for a passwordless future. The next step, Markovich says, is to enable developers to easily add passwordless authentication methods alongside others such as social logins, one-time passwords, and magic links to their apps.
There is question to be sure. According to a recent survey by Enterprise Strategy Group, 85% of IT and cybersecurity professionals agree that adopting passwordless technology is one of their most important strategic initiatives.
“Passwords are not only the number one cause of security breaches, but they are also known to create friction throughout the user journey – leading to customer churn and a negative experience for end customers,” Markovich continued. “The proliferation of cybersecurity attacks due to poor identity and authentication practices, such as credential stuffing, bot attacks, session hijacking, brute force attacks, and other types of password compromise. Authentication and user management are crucial parts of any digital application.”
Either way, it’s a tough time to launch a startup, with less access to capital and uncertainty in the wider economic landscape. Descope doesn’t have much traction either – the platform is in a private beta, and Markovich declined to comment on revenue or the size of the company’s customer base.
Still, Markovich argues that Descope is “well-positioned” to weather a slowdown in technology, and may even be uniquely positioned, as challenging economies often come with rising fraud and cyber-attacks.
“The Descope team is full of seasoned startup operators who have built companies in both bull and bear markets,” said Markovich. “They have experience in allocating capital to initiatives that drive business forward in a sustainable, customer-centric and efficient manner.”
We’ll have to wait and see if that turns out to be the case.