1Mby1M Deal Radar 2010: BeyondTrust, Los Angeles, California

Today Deal Radar goes deep into the IT machine to discuss an often overlooked topic: privileged accounts. Many readers will remember the highly publicized hacking of Google last January, which is again in the news following the release of the U.S. diplomatic cables. Let’s take a step back, says BeyondTrust, which creates products for privileged identity management. According to BeyondTrust, “the website that the user in China visited installed malware on the desktop that gave hackers enough access to the desktop to worm their way into Google’s Gaia single sign-on system. While the public would blame the hackers, or the misled user in China, if the user did not have administrative privileges on his or her desktop, giving them the rights to install software or change settings, the breach would have never occurred.”

BeyondTrust’s goal is to help companies manage privileged accounts – the access privileges on servers, devices, operating systems, desktops, or applications that allow access to change core settings of the IT infrastructure or install applications – such that intentional, accident, or indirect security breaches do not occur.

The CEO of Los Angeles–based BeyondTrust is John Mutch, who has 25 years of experience as a high-tech executive. Mutch is responsible for a well-known turnaround stories in the software industry: He was appointed to CEO of Peregrine Systems in 2003 under SEC decree, where he rebuilt the company and eventually sold it to HP for $425 million. He was also the CEO of HNC Software and founder and managing partner at MV Advisors, a strategic block investment firm. He saw the opportunity at BeyondTrust to “transform a sleepy 25-year-old company” into, due to emerging virtualization and cloud models that are becoming increasingly common, a company that will grow rapidly.

Privileged identity management is the fastest-growing segment of the identity management ecosystem with expected 33% growth from 2010-2014, according to AMR. Readers interested learning more about the field can go the the site of the recent Gartner Identity and Access Summit. The company says that its potential addressable market exceeds $5 billion, a calculation it made based on the number of companies in each of six revenue categories above $1 billion. It found data for the number of companies within each revenue category, estimated the number of desktops, servers and other hardware/software a typical company within each revenue category would have, and multiplied that by its license fees, which vary greatly by product and the size of a deal. BeyondTrust’s target customers have 500 mission critical servers or more than 10,000 desktops, are in highly regulated environments, and have mixed operating systems (Unix, Linux, Windows, virtual OSs, cloud vendors).

Beyond Trust makes a number of products for servers and desktops under the PowerBroker line. With PowerBroker servers for Unix and Linux, administrators can delegate privileges and authorization without disclosing their root password. PowerBroker Express monitors and records all user activity. Administrators assign Windows permissions for tasks and applications with PowerBroker Desktop. PowerBroker Virtualization helps administrators control access to virtual resources. Finally, a password manager safe, a management console, and a directory integrator are designed to help ensure compliance and make management and reporting simpler.

The top competitors on the server side are, in order of market share, Computer Associates, IBM, Quest, and Novell. On the desktop side they’re Avecto (which partners with Cyber-Ark) and Viewfinity. Each provides tools for very specific problems related to privileged access. In BeyondTrust’s view, the increasing complexity brought on by virtualization and cloud computing is overwhelming IT departments in a way means such an approach is no longer sufficient. For example, if an organization upgrades from Windows XP to Windows 7 today, chances are that organization just doubled the number of desktop operating systems it has to manage administrative privileges for. When an organization doubles, triples or sometimes, for servers, multiplies the number of administrative privileges by 10x or more, they can’t also manage them in four different user interfaces for different areas of the IT infrastructure.

Clients span a variety of industries: oil and gas, financial, services, the government, healthcare, telecom, and manufacturing. The company has more than 1,200 clients, including DCI, Cetrel S.A., Los Alamos Labs, the University of Texas, VistaPrint, Quintiles, and DSM.

For 2009, revenue was $31.8 million with a 35% EBITDA margin. Fifty percent of revenue was recurring maintenance renewal, and the company has a 95% renewal rate. BeyondTrust raised $42 million in 2006 with PricewaterhouseCoopers and NVCA. It’s owned by Insight Venture Partners.

The company says it plans to continue incremental product development growth through an aggressive dual strategy of product development and acquisitions in an effort to offer increasingly well-rounded, comprehensive, and automated platforms. The next step is to be bought or go for an IPO. With it success in generating greater than 30% EBITDA along with a progressive-thinking owner (Insight) that is willing to assist with growth through strategic acquisitions, BeyondTrust believes it can make this step.

Recommended Readings
The 1M/1M Incubation Radar: CionSystems
VMWorld 2010: An Interview with BeyondTrust (a video interview from Virtual Strategy magazine)
Too much access? Privileged Identity Management can help (from Computerworld)

This segment is a part in the series : 1Mby1M Deal Radar 2010