Demand for Zero Trust
Zero trust is certainly not a new concept. It has been over a decade since John Kindervaag popularized the term as an analyst at Forrester. Companies have been adopting zero trust security principles for years. I did a podcast with Den Jones in 2018 to talk about the zero trust initiatives he was working on at Adobe.
That said, zero trust is a concept that seems new again. The COVID-19 pandemic forced organizations to accelerate or embrace digital transformation and a remote, work-from-home business model, and that transition vastly expanded the attack surface and exposed new opportunities for threat actors at the same time. There is renewed interest in zero trust concepts because the things that made zero trust architecture and principles a good idea 5 years ago have intensified. Suddenly, zero trust is more of an imperative than a luxury.
The momentum behind zero trust is also driven in part by the Biden Administration and the federal government. In response to a dramatic spike in ransomware activity—with attacks that had a serious impact on the US economy and critical infrastructure—President Biden signed an executive order mandating federal agencies and organizations to improve their cybersecurity defenses. A blog post from the White House explains, “The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.”
Building Momentum
Illumio has been an established leader in the zero trust arena for years, so the company was in position to take advantage of the heightened demand. As a result, Illumio had a record fiscal year with over 60 percent worldwide revenue growth, and it was able to secure a $225 million Series F funding round—putting the company’s valuation at $2.75 billion.
I spoke with Andrew Rubin, CEO and founder of Illumio, about the latest news. Rubin pointed out the apparent insanity of the cybersecurity market. Organizations spent north of $170 billion on cybersecurity in 2021, yet rather than solving or even reducing the problem, things seem to continue to get worse.
Rubin clarified that he is not suggesting that organizations stop trying to defend against attacks but stressed that there has to be acknowledgment and acceptance of the fact that breaches are real and they’re going to continue happening.
He explained that CISOs and CIOs need to ask, “What are we doing when we're breached to prevent it from becoming a catastrophe?”
According to Rubin, the answer is zero trust. “Zero trust is sort of born of this notion that you can't stop bad things from happening. So, you need to try to stop them as much as you can and then you need a strategy for containing them when they do occur.”
Redefining Zero Trust Segmentation
Along with the press release highlighting the phenomenal year and ongoing momentum, Illumio also announced today the appointment of Jennifer Johnson as Chief Marketing Officer (CMO).
Johnson was formerly CMO at Amplitude, Tenable, and Tanium. I actually worked for her briefly when she first joined Tenable. She was instrumental in positioning both Amplitude and Tenable for their respective IPOs.
“Helping organizations solve one of the most existential challenges of our lifetime inspires me. I’m excited to join a world-class team that shares this passion and mission,” expressed Johnson in the press release. “As a marketer and category designer, I’m thrilled to join Illumio at this market inflection point to help guide the company through its next phases of growth. Zero Trust Segmentation is rapidly becoming a business-critical investment to help organizations contain the spread of breaches in an increasingly complex and hybrid world."
Johnson is an evangelist for the organization Play Bigger—a Silicon Valley advisory firm built around the philosophy of category design. At Tenable, Johnson shifted the focus of the company from competing with other vendors in the vulnerability management space to establishing itself as the de facto leader in a unique new category called Cyber Exposure. I imagine she will strive to do something similar at Illumio—carving out a unique category and messaging that clearly sets zero trust segmentation as distinct from the rest of the zero trust field.
Things are looking pretty good for Illumio. When you combine the momentum the company already had, with the fuel the Biden Administration is pouring on the fire, and the addition of Johnson to perhaps redefine the category, Illumio is poised to capitalize on demand for zero trust and take things to the next level.