It’s not an overstatement to say that identity has always been at the core of the Internet. Indeed, the first transmission to ever be sent across the Internet in 1969 was an attempt to log into a system. The authentication session was famously cut short as the system crashed before the full word “login” could be typed. Only the L and the O made the full journey. Next on was server authorization. First centralized systems were built to manage access to servers. These systems were fairly simple, but did represent a big improvement over the manual management of system access.
The next wave of identity management systems came out almost a decade later and was focused on managing access to the cloud. These systems were more feature-rich and built atop standards that helped glue disparate parts of infrastructure together. With the proliferation of cloud apps and their entanglement into the business, it’s now clear that a new class of problems has emerged: how to manage authorization at scale.
Businesses are facing unprecedented access management challenges: businesses moved their infrastructure to the cloud and decentralized identity management and consequently, IT operations, businesses lost a central source of truth for managing access to systems. with the emergence. At the same time, employees were empowered to ‘DIY’ when it came to finding solutions to help them manage their work. With the emergence of the SaaS app economy, employees could simply find an app they need to do their jobs more effectively, enter the company credit card, and create an account – no IT team required.
All of these changes occurred under the backdrop of a sharp increase in data breaches and new compliance regulations established to build a trust framework for modern business. And IT teams everywhere are struggling to protect sensitive company data, meet compliance requirements, and ensure that only authorized users can access systems. It’s a seemingly impossible task, given the scale of systems spread across the cloud and the lack of visibility into the apps that employees are buying on their own. While the cloud identity management problem has largely been solved, this new access and authorization challenge are perplexing the modern business. There is now a need for new access management and identity governance solutions to manage the business.
Enter Lumos! We’ve been working with Andrej, Alan, and Leo for some time now and it was clear from the beginning that these are the kinds of founders we love to back. Lumos has been focused on solving the security, compliance, and business problems that have sprung up around identity in recent years. As the world has shifted from “bring your own device” to “bring your own app” and now “bring your own office” the challenge of shadow IT has only continued to compound. Additionally we’ve observed over the last two years that outages and security breaches are frequently being caused by poorly or unmanaged identities. The team at Lumos has been laser focused on addressing these issues.
While authentication has been made painless, authorization has become the next frontier of business challenges. Lumos has set out to help make user managed IT a reality, radically shifting the authorization burden from centralized IT managers to the users themselves. Lumos is building the first distributed authorization layer that can manage all the apps that run the business.
We’re very excited to partner with the Lumos team and lead their Series A round. Andrej, Alan, and Leo are the perfect team to build the tool that can bring light to this darkness. Lumos is leading the charge to manage identity as part of the business and we are truly grateful for the opportunity to help build that future.
***
Peter Levine is a General Partner at Andreessen Horowitz where he focuses on enterprise investing.