Posted: May 06, 2013
Going big in Silicon Valley
Denver’s Ping Identity leads booming cloud-security marketBy Eric Peterson
As he embarks on what might well be Ping Identity’s final funding push, Andre Durand, CEO and founder of Denver’s Ping Identity, has relocated his family to work from California for the first six months of 2013. “I’m getting schooled in the ways of Silicon Valley,” he says. “It really is pretty astounding. It’s go big or go home.”
That credo currently applies to Ping Identity as well. The company, founded by Durand in 2002, has emerged as the largest IT-security firm in the country with more than $50 million in annual revenues, 300 employees and 900 customers – primarily enterprises with a minimum of 1,000 employees and the requisite data center.
But the market doesn’t begin and end with enterprise customers. Ping Identity supports businesses of all sizes in their quest to make the cloud an impervious environment for an increasingly mobile work force and customer base. The company’s CloudDesktop provides users a secure, single sign-on, whether they’re at the office, on the road or on the beach.
Durand describes the all-too-common problem Ping Identity solves in terms of “the seven layers of the Internet,” specifically the app layer that’s next to the network layer. “What’s missing in the middle is this thing called identity,” he says.
The problem dates back to the dawn of the Web. Vinton Cerf, sometimes referred to as “the inventor of the Internet,” was asked what he would have done differently when he first networked two computers in 1973. “He said, ‘I would have solved identity,’” says Durand.
“You have the entire IT security industry because of that decision in 1973,” he continues. “When the Internet was invented identity was not solved, so every application has its own notion of security.”
This was no big deal in the mainframe era. “Thirty years ago, the concept of computer security was physical security,” says Durand. “You locked the door behind the terminal. If you were inside, you had access to the terminal. There was no network.” Identity was not so much of an issue in that environment.
In 2013, it’s a whole new world. Everything is networked, from phones to data centers, and identity is perhaps the biggest headache for companies operating in this environment. In the consumer world, Web-surfers are enjoying single sign-on through Facebook and other social networks and want the same ease when logging in at work.
Standards for online identity began emerging a little more than 10 years ago, following the emergence of SMTP as the standard for email a decade before. “We’re in the same position with identity we were with pre-SMTP email. Now we have silos of identity like we had silos of email. We’re basically trying to retrofit the Internet for identity.”
Which is where Ping Identity thinks it has the answers that will make it the Kleenex of cloud security. It has built a business over the last decade helping companies implement standards for identity, just as the perfect storm of mobile apps and big data threatens to drown the market in a deluge of mostly weak passwords.
“Everything has changed,” says Durand of today’s hyper-networked mobile world. “It’s no longer reasonable to expect that everybody comes in to a desk and uses a landline to access an app. IT throws up its hands and says, ‘How am I going to herd all of the cats? How am I going to secure the cloud?’ When companies leverage these new standards, they re-secure the cloud.”
According to Durand, Ping’s “software makes it possible to log into the enterprise once,” he says. “Once you’re logged in, you’re already logged into all of the enterprise cloud apps. You never see another login screen.”
That’s basically VP of Marketing Roger Oberg’s mantra: “We have too many screens.”
“Some of us have four or five screens on their desks,” he elaborates. “Then there are screens in our cars, screens on our phones and tablets – we’re over-screened.”
Recalling a lecture at South by Southwest Interactive in March, Oberg quotes Samsung design guru Golden Krishna: “‘The best interface is no interface.’ One way you do that is you get rid of screens, and one of the most annoying is the login screen. And can we also eliminate that awful process of filling out your information?”
Ping Identity’s products – PingFederate and PingOne – do just that. Enterprise-level clients like Equinix and Land O’Lakes use PingFederate while PingOne is installed at companies of all sizes. Suddenly users can securely and compliantly log on to the cloud from anywhere in the world; which means we’ve come a long way from that locked door of 1983.
Oberg says the paradigm of username/password security is ingrained in software developers of all stripes by now. “Every time you write an app, you have to write a way for users to log in,” he says. “It never occurs to you that maybe you don’t have to do that.”
The recent “explosion of apps” makes things much worse. “We’ve exacerbated the password problem,” says Oberg. “You can remember one password – try 30 or 40.”
For the record, Oberg says the best practice is one strong password, not numerous weak ones. Two more best practices for cloud security: Use the same system for employees and customers and embrace standards like OpenID, SAML and SCIM. “These things have been hammered and tested by the bad guys and hardened by lots of use.”
The payoffs of securing the cloud are not exclusively for safekeeping information. Research shows eliminating login screens substantially boosts employee productivity.
Case study in point: Equinix, based in Redwood City, Calif., operates 105 data centers in 13 countries. Before Ping Identity, logins and lost passwords were many, and mobile access was spotty. With Ping Identity, those problems are a thing of the past as the company estimates it gained an amazing two weeks per month in added productivity, cutting 70,000 logins from employees’ lives. Oh, and it took a whole two hours to get CloudDesktop up and running.
The secret sauce: encryption and compliance (critical for public companies), and control of who accesses what (critical for most every business).
“Our customers, many of whom are Fortune 500 companies, access our products through our secure connection with Ping Identity,” says Katie Boswell, director of IT infrastructure for Truist in Washington, D.C., a Ping Identity client since the mid-2000s.
Truist provides cloud-based solutions for employee-giving programs. “We don’t want people not to access our products because of lost passwords,” Boswell says. “There is a definite correlation between how easy it is to log in and how much people give.”
Boswell says Ping Identity’s solutions are “the best of both worlds” – internally and externally. “If you’re a user, you like it because it’s easy to get in, and if you’re an IT administrator, you like it because it’s secure.”
And that goes for just about any organization, with any kind of security need. Ping Identity integrates with every available layer of computer security, including multi-factor identification that confirms identity via text message, biometrics and retina scans.
And looking at all of the research and case studies on the impact of Ping Identity’s solutions, it’s hard to ignore that something big is happening here, as a long-term bet on the cloud pays off in a big way. “Sometime around 2007 or 2008, the cloud became real, and our business scaled as a result,” says Durand. “Ping was pushing the ball uphill and now we’re chasing it downhill.”
The company’s growth curve is notably steeper than the broad $2.6 billion identity and access management (IAM) market, which has been growing at an impressive 11 percent clip in recent years. Ping Identity’s revenue has shot up by 50 percent a year for three years running, and Durand expects the torrid pace to continue.
“We’re in the lead position,” says Durand. He says there is considerable competition from companies big and small, including Silicon Valley darling CipherCloud, but there’s also a great opportunity for Ping Identity to emerge as “the gorilla” of cloud security.
One huge factor: Ping Identity’s unique position to work with businesses large and small. Large companies use PingFederate and PingOne to manage identity, while small and medium-sized companies can get by with just PingOne.
Explains Oberg: “We can compete with the big guys, but they don’t have CloudDesktop. The small guys don’t have federated solutions for big companies. Every company needs both, and we’re the only company that can offer both.”
The IAM market is poised to hit $4 billion by 2016 (and some analysts project an even rosier $6 billion), with adoption by companies of 300 to 1,000 employees fueling that growth. Research firm IDG estimated that large enterprises represent 96 percent of the current market. As is the case with revenue, Ping Identity is likewise outpacing its competitors in terms of mid-market traction. About 10 percent of sales currently come from small and medium-sized companies.
With all of this growth, there’s a bit of a feeding frenzy surrounding the IAM industry. Notes Oberg: “It’s a prime spot for VC to flow into.”
Against this landscape, Durand describes having a CFO like Michael Sullivan, formerly of Englewood-based IHS, as critical to Ping Identity’s future. “The fact that we landed him was a big bonus for me and a huge win for Denver,” he says of Sullivan, who joined the company in March. “Typically, the cream of the crop gets scalped to the coasts.”
Landing top talent like Sullivan dovetails nicely into the thinking that an IPO is in the works. Erik Mitisek, co-founder of Denver’s NextGreatPlace, is something of an ambassador of the local tech scene thanks to his involvement with Built in Denver and Denver Startup Week. He expects a Ping Identity IPO to be a boon for the entire city’s IT community. “They’re going to be an anchor in Denver for a long time,” Mitisek says.
Ping Identity’s colorful office in LoDo reflects Durand’s driven personality, says Oberg, from the carpet labeled “Be Extraordinary” at the entrance to the “requisite foosball table” in the back. And it’s hard to miss the big gong on the central dais that’s struck to signify big company news. “We whack that thing,” Oberg says.
Ping Identity is Durand’s third startup, after Durand Communications (1991-99), which he launched in his native California before coming to Colorado with Jabber (1999-2002). He says his 11-year tenure atop Ping Identity surprises most investors. “Most of them ask, ‘Are you really the founder?’” he laughs. “It is statistically so rare to be involved as a founder for this long.”
And after 11 years at the helm of Ping Identity, Durand continues to beat the odds through its ongoing furious growth spurt and everything that comes with it. It will definitely be interesting to watch what he does with the company when it is in its teenage years.
Denver-based writer Eric Peterson is the author of Frommer's Colorado, Frommer's Montana & Wyoming, Frommer's Yellowstone & Grand Teton National Parks and the Ramble series of guidebooks, featuring first-person travelogues covering everything from atomic landmarks in New Mexico to celebrity gone wrong in Hollywood. Peterson has also recently written about backpacking in Yosemite, cross-country skiing in Yellowstone and downhill skiing in Colorado for such publications as Denver's Westword and The New York Daily News. He can be reached at Eptcb126@msn.com