1Password Co-CEO David Faugno On Major MSP Push, IPO Aspirations

As 1Password launches an MSP version of its Enterprise Password Manager, Faugno tells CRN that MSPs are a ‘very important part of our future.’

As 1Password launched an MSP version of its Enterprise Password Manager on Wednesday, Co-CEO David Faugno told CRN that providers of managed services are a crucial part of the company’s expanded channel push.

The new 1Password Enterprise Password Manager - MSP Edition comes as the vendor continues to make progress with bringing its platform — initially focused on consumers — to businesses, which now contribute 75 percent of the vendor’s revenue.

[Relate: 1Password Targets Shadow IT With Acquisition Of Trelica]

“MSPs are a very, very important part of our future,” Faugno said in an interview. “We've spent a lot of [time] on making sure we're getting it right for them. We've done all the hard work on multitenancy, on the password manager platform.”

1Password also fully intends to bring more of its capabilities to MSPs in the future, as well, he said.

“As soon as we get the sort of full, hardened capabilities of the broader platform, the first priority will be making sure that it's right sized for the MSP community,” Faugno said.

In that vein, Faugno also discussed 1Password’s acquisition in January of SaaS access management company Trelica, which serves to boost the vendor’s capabilities around the discovery of unsanctioned “shadow IT” usage.

1Password brings a very different approach to tackling shadow IT than some others, however, due to its capabilities in password management, he noted.

“Because we have the password management system integrated, we can very seamlessly help the end user get the much more secure footing on those credentials for that particular application,” Faugno said.

Meanwhile, Faugno also discussed the potential for 1Password to pursue an initial public offering at some point. The company received a valuation of $6.8 billion in 2022 in connection with raising $620 million in funding, and has been profitable since the early days of its business, he said.

While no decisions have been made about pursuing an IPO, Faugno said, “we do believe that this platform and this company can be a very large, standalone business. And we do believe that public markets are a likely stop on that journey, and an accelerator of that journey.”

What follows is an edited portion of CRN’s interview with Faugno.

With your expansion beyond consumer password management, how much have you grown in terms of serving businesses at this point?

We've built our go to market motion to serve businesses of all sizes. We have over 150,000 customers now — 75 percent of our business is selling to companies. Only 25 percent remains in the consumer piece. And over the last couple of years, we’ve really started to embrace and focus on the channel as a way to communicate what we do to the world. And it is going to be front and center of the way we go to market from here forward. We're [now launching] our MSP program in GA. We've been able to get to our scale of customer penetration without the MSP lever, which is a huge one for us. And we've made great progress with hyperscalers — particularly the AWS Marketplace has been tremendous for us in recent periods, as well as traditional resellers.

What is your message to MSPs about working with 1Password?

MSPs are a very, very important part of our future. We've spent a lot of [time] on making sure we're getting it right for them. We've done all the hard work on multitenancy, on the password manager platform. We've got many, many MSPs signed up to be part of the program. We've got a great team assembled of industry veterans and experts. And we've got great relationships to leverage to be successful there. So we're really eager about what the MSP part of the equation can be.

We'll start with the password manager part of the platform for the MSP community. And as soon as we get the full, hardened capabilities of the broader platform, the first priority will be making sure that it's right sized for the MSP community. But many of the components of the platform [are] available for the non-managed service channel, the traditional resellers, the hyperscalers, etc.

What does the recent acquisition of Trelica bring to 1Password?

We think of our platform, which we call extended access management, as having three pillars. It's around identities, devices and applications. And so [it’s about], how do you know that the people are who they say they are, that the devices they're using are healthy, and that you understand the applications that they're using, and you have appropriate security applied against it?

The newly created pillar of our platform is the application trust level, [and that] roadmap is accelerated dramatically by what Trelica brings to bear. That is discovery of all the applications that exist in the organization — beyond what the IT org has told that the users is available. And then identification of risks and workflow and project management to appropriately apply security measures to those and really manage those applications to the most secure spot. And now that those elements are all together on one platform, they work together with one another to actually solve real-world problems — like a developer has unencrypted SSH keys on his device that he doesn't even remember are there. With a click of a button, they can be moved into a secure vault and encrypted and deleted from the plaintext, and a big gaping hole is taken away.

It's a combination of these capabilities on one platform that really unlocks value. And we're having a tremendous amount of success — not only with customers, but with ecosystem partners. And we're excited to bring a more integrated platform to the channel so that they can serve their customers.

How would you describe the difference between extended access management and IAM (identity and access management)?

I would call extended access management kind of a superset of the identity and access management space. If a company has moved into a full IAM suite, they have a directory, an IdP [identity provider], they have a single sign-on capability. And that's great, but that's largely for the applications that the business has suggested that users should use. The reality is, of the applications that the IT department knows about, only about 50 percent of them are actually federated behind an IAM. There's another 50 percent of the applications that actually haven't been moved into the IAM. Maybe they will, maybe they won't. There's a number of reasons why. Sometimes organizations don't want to pay the SSO tax. You have to actually upgrade the level of the application in order to be able to put it behind the SSO. Sometimes the applications aren't available to be put behind the SSO. And sometimes they just don't have the resources to go provision those applications. The other thing is the new applications are coming in from the edge faster than they can manage them in the organization.

But the bigger issue is, the IT organization doesn't know about most of the applications that are being used. Users actually are now defining how they need to get their jobs done. People are finding the tools that most resonate with them to do their jobs. Where the IAM already exists, we're going to wrap around it and complement it. This is the same way we complement the privileged access management solutions that exist, and even the MDM solutions that exist for delivering devices to people and removing them when they quit. But there's all the stuff that happens in between, and all the stuff that you don't know about — that has to be continuously monitored and checked. And that's what extended access management does. So think of it as a superset of IAM in that regard.

How are you doing things differently from the other tools out there that are attempting to tackle shadow IT?

The differentiation between us and any of those bespoke, standalone solutions are the integration of these three capabilities. The three capabilities together on one platform unlock some really powerful things. I used the example of the SSH key that you discover is on your device. But similarly, when you discover an application, you can then assess, what's the risk associated with that application from with respect to the credentials that are being used? Because we have the password management system integrated, we can very seamlessly help the end user get the much more secure footing on those credentials for that particular application. And we can also do things like apply passkeys, apply multifactor authentication. Lots of the policies and rules that you want to have for different combinations of users and applications can be integrated with the platform. And the device check can actually do the enforcement to make sure that those things have happened before you let them through. It’s super powerful when those things live together on one platform. And that's why we think we've got a huge opportunity here.

What can you say about 1Password’s potential IPO aspirations?

We have no explicit plans to be public. We've not made any decisions. We don't have any date that we're working back from. However, we do believe that this platform and this company can be a very large, standalone business. And we do believe that public markets are a likely stop on that journey, and an accelerator of that journey. So as a function of that, we're doing a lot of the things internally we need to do to be prepared to take that step. That [affects] the way we deploy systems, the way we build our team, the way we focus on our predictability and dependability. And so those things make us a better business in the meantime — and when the timing is right from being a public company, we'll do that. We've been profitable since the beginning of our existence and continue to be able to operate in that way. We have plenty of money in the bank for the things we need to do, including these acquisitive activities. And so there's no unnatural pressure.

What do you see as the outlook for tech IPOs overall?

From a public markets perspective, I think we've gone through a long period of stagnation without new public entrants, and there's a demand build-up from the institutional investors — particularly in security, because there's just so few assets to invest in, and it's such a robust category. I think there is cautious optimism from the investment community about stability in the markets that will allow for new entrants to enter. The success we've seen in some of the recent activity has caused a lot of folks to think that there will be some opportunities here — maybe not [to the level of] the IPO frenzy pre-pandemic. But certainly, more than the activity we've seen over the last couple years.