Austin—SailPoint Technologies, a cybersecurity company that was acquired by private equity firm Thoma Bravo in 2014, wants to become a public company. SailPoint filed paperwork for an initial public offering on Oct. 20, and plans to list on the New York Stock Exchange under the symbol SAIL.
SailPoint is approaching the markets during a high tide of public interest in cybersecurity, given the countless breaches impacting hundreds of millions of consumers. SailPoint focuses on large businesses, offering services that monitor and control the access people like employees and contractors have to a company’s data.
Founded in 2005, SailPoint didn’t say how much it’ll try to raise in the IPO, though the Austin, TX-based company did provide some insight into its financial situation. SailPoint had $132.4 million in revenue in 2016, a 39 percent increase over the prior year. The company reported a net loss during both years: $3.2 million in 2016 and $10.8 million in 2015.
SailPoint believes it can add to its current group of 750 enterprise customers, a group of large (more than 7,500 employees) and mid-size businesses (more than 1,000 employees). The company calls its work “identity governance,” a corporate way of saying that SailPoint can see and restrict who has access to certain apps or software, and can tell its customers how those people are using that access. It also offers other services, such as password management.
SailPoint says its products work across all types of IT platforms, such as software and applications that operate on a computer, in the cloud, or in some hybrid form. As SailPoint notes in its public filing, hackers often use nefarious tricks to get log-in information for people like employees of companies, hoping to sneak their way into potentially valuable information. SailPoint’s service helps customers create “a system of record for digital identities” to help companies govern access, the company says in the filing.
With the prevalence of security breaches in recent years, from Sony to Equifax to WannaCry, interest in the cybersecurity sector has received a prominent boost, particularly in security software offerings to the corporate sector. Even businesses that have traditionally operated as government contractors, such as Delta Risk, are looking to add more corporate clients. Delta Risk, which has offices in Arlington, VA, San Antonio, TX, and King of Prussia, PA, offers consultations to companies that have had a security breach, and also helps companies decide who can access its data, says CEO Scott Kaine. The company also will manage and monitor customers’ networks.
About 60 percent of Delta Risk’s annual revenue of almost $20 million comes from federal contracts, Kaine says, with the remainder from commercial clients. He’d like that split to be closer to 50-50. Rather than being indicative of higher demand of security services, the planned shift is partly intended to create a more balanced customer base so that Kaine can more easily manage staffing, helping avoid potentially choppy staffing needs caused by a dependence on one, he says.
“In terms of volume and demand, it hasn’t changed much in the last couple of years,” Kaine says. “It’s definitely hitting the press more, and it’s a bit easier to sell.”
SailPoint says data breaches have increased. More than 6 billion records were stolen in the first half of 2017, up from 4.2 billion during the same period a year earlier, according to a study by Risk Based Security that SailPoint cites in its regulatory filing.
Since its founding, SailPoint raised almost $21 million, according to regulatory filings. Including a $6.5 million Series C that does appear to be listed in the filings, that total would be $27.3 million. As Xconomy previously reported, that came in three rounds of equity funding from firms such as Austin Ventures and Silverton Partners, both of which are based in Austin, as well as Lightspeed Venture Partners in Menlo Park, CA.
It appears Thoma Bravo may retain a large stake in the company after an IPO, because of the number of shares Thoma Bravo stands to own. SailPoint says it will be a “controlled company”—which means a single person, entity, or group holds more than 50 percent ownership, according to Westlaw. That allows the company to avoid certain governance requirements, including a rule that the majority of the board must be made up of independent directors, Westlaw says.
