The average company now uses 354 SaaS applications with enterprises averaging a whopping 364! Each of these apps introduces vulnerabilities across a company’s tech silo and companies have attempted to reduce exposure by implementing access management solutions like SSO (single sign-on). However, 80% of employees admit to using SaaS at work without prior approval, leaving the door open for unscrupulous attackers. The only defense has been completely blocking SaaS installs and in turn, limiting productivity. Push Security reimagines the corporate SaaS implementation by guiding monitoring employee usage and guiding them in real-time on how to minimize vulnerabilities for things like discouraging the use of a weak password or encouraging them to use multifactor authentication. By reducing the complexity of security management, organizations and employees can leverage the ever-increasing repository of SaaS apps without creating unnecessary risks. Employers also get a macro view of what apps are being used and what risks are present at any given time. Push is free to use for up to 10 employees and costs $5/employee per month beyond that.
AlleyWatch caught up with Push Security CEO and Cofounder Adam Bateman to learn more about the business, the company’s strategic plans, latest round of funding, and much, much more…
Who were your investors and how much did you raise?
Decibel VC led the $4M seed round, with angel investors: Jon Oberheide (Duo Security), Ollie Whitehouse (NCC Group), John Viega (Capsule8), Haroon Meer (Thinkst), Ian Shaw (MWR Infosecurity), Harry Grobbelaar (Intigriti), Ash Devata (Duo/Cisco), Peter Katz (Expel), Paul DiMarzo (Duo Security), Ross McKerchar (Sophos), Peter Baker (Superlunar).
Tell us about your product or service.
Businesses have reached a tipping point where more SaaS is owned by employees than IT and 80% of workers admit to using SaaS at work without getting approval. Attackers can quickly sweep across SaaS apps, gain access to weak user accounts and get sensitive company data to hold for ransom. This is a big problem, but no one knows exactly how big because the attacks are going totally unnoticed.
Push is the first company to build a user-centric product that discovers employee SaaS use and initiates conversations with them to help them make smart security decisions. This keeps employees safe and has the compounding effect that all employees securing themselves secures the entire company.
Here’s an example of what we would send to an employee:
It’s a highly scalable way to secure SaaS and let employees keep moving fast rather than enforcing and blocking SaaS – which everyone hates. Most of the competitors are in the detect, block, enforce camp. Our goal is to help companies stay productive, securely.
What inspired the start of Push Security?
We started working across MWR Infosecurity’s vast enterprise customer base of Fortune 50-500 companies, helping design and execute large scale defence programmes and built a custom technology stack to allow us to monitor and protect large scale enterprise 24/7, which was very successful and deflecting highly sophisticated state-sponsored attacks.
This made a big difference for those enterprises, but this level of service is only accessible to the top 1% of organisations with huge security budgets.
We had one goal in mind when we started Push: to make a difference not to just that top 1% but to everyone. That meant we needed something that would be ridiculously scalable, easy and would take problems away (fix) rather than just highlight problems.
How is it different?
We built a chatbot that works with employees to improve how securely they’re logging into and using SaaS. The chatbot nudges employees at the right time with the right tone and level of information and gets employees to fix security issues before they become a nightmare for the company.
The chatbot scales for SaaS growth and for companies of any size, including those with small (or even nonexistent) security teams. Manually trying to work with employees to help them secure SaaS is too time-consuming for most security teams and just can’t work if you have more than, say, 12 employees.
There are some other SaaS security tools that are using chatbots as well, but they appear to be more of an add-on feature, rather than a core element of the product as it is for us. We’re highly focused on UI and making sure that our chats are giving the right level of information, in the right tone of voice, and that nudges are happening at the right time for the employee to make sure they’ll take action instead of just ignoring chat messages. You can add a chat integration element fairly easily to any tool, but building one that makes an immediate and direct impact on security takes loads of effort and testing.
What market you are targeting and how big is it?
We built this so that it’s accessible to SMEs and companies with < 2000 employees, but are getting interest from larger companies as well.
We’re working with companies now across fintech, utilities, security, insurance, pharmaceutical, and retail verticals. We’re even defending a small car dealership using us now to detect malicious mail rules. The cool thing to us is that we’ve got companies with 16,000 employees down to those with just 10-12 employees, which means we’re accessible to everyone trying to solve these problems.
What’s your business model?
Our business model is fully product-led. We offer Push for free for up to 10 employees and then it’s $5/user on a subscription service (monthly or annually).
What are your post-COVID office plans??
We actually don’t have an office and are fully distributed. Right now, about 50% of us are in the UK, 1 person in Michigan in the US, and the rest are in South Africa, which is where two of our cofounders are from. We are 100% a distributed team and an all-remote company, and we plan to stay that way.
We actually don’t have an office and are fully distributed. Right now, about 50% of us are in the UK, 1 person in Michigan in the US, and the rest are in South Africa, which is where two of our cofounders are from. We are 100% a distributed team and an all-remote company, and we plan to stay that way.
What was the funding process like?
We pitched a fair number of investors in the US and Europe, and had some really great discussions during that process, which helped us hone in on the exact problems we were going to solve. After chatting with Jon Sakoda and his team at Decibel VC, we knew we found our match and we’re looking forward to working with them as we continue to build and grow. They’ve been great advisors for us.
What are the biggest challenges that you faced while raising capital?
There’s a tendency, even in this current climate, to invest more funds than we need at this stage of growth. We know we want to stay lean and grow responsibly rather than just accept a ton of funding, hire loads of people, and pump out product features. One of the challenges when raising is that you need to stay laser focused on how what you’re building solves real problems for the market. It’s really easy to get distracted by new ideas that might be novel and neat, but don’t actually solve a problem people are facing.
What factors about your business led your investors to write the check?
Our founding team are experienced security experts with a strong track record defending Fortune 50-500 companies against sophisticated attacks. With a background in offensive as well as defensive security, we understand how attackers operate, so we understand the problem we’re solving really well.
We’re also entering the market at the right time. As SaaS adoption is trending radically upwards, SaaS security an exponentially growing problem. Coupling this with a user-centric approach to security is not only really novel, it’s incredibly scalable.
What are the milestones you plan to achieve in the next six months?
We’ve built some very close relationships with a variety of organizations or different sizes and across different sectors, who we’ve worked closely with to solve the most meaningful problems. Over the next 6 months we’ll scale up our user base to help more companies solve these same problems. Once we’re happy with the number of companies we’re actively defending, we plan to seek additional funding to grow our user base again, as well as our feature set, and the number of SaaS apps we can support.
What advice can you offer companies in London that do not have a fresh injection of capital in the bank?
Take your time developing a product that solves real problems and talk to peers who will give you an unbiased view of whether the market needs your solution. What’s the point of building something cool if it doesn’t actually fix a problem people have? Once you have a really strong product-market fit, it’s hard for savvy investors to say no to your pitch. But going after VC before you’re ready is a really easy mistake to make as a founder. So make sure you’ve done as much research ahead of time before raising.
Take your time developing a product that solves real problems and talk to peers who will give you an unbiased view of whether the market needs your solution. What’s the point of building something cool if it doesn’t actually fix a problem people have? Once you have a really strong product-market fit, it’s hard for savvy investors to say no to your pitch. But going after VC before you’re ready is a really easy mistake to make as a founder. So make sure you’ve done as much research ahead of time before raising.
Where do you see the company going now over the near term?
Continuing on as we’ve been doing so far! We have a small, but brilliant team of engineers, security researchers, designers, product and marketing experts at Push and while we’ll certainly be growing in the future, we’re excited to keep building and adding to our foundational technology. We have a strong product roadmap lined up, but we’re going to ensure we work closely with customers to understand what problems they have that we may be able to solve for them.
What’s your favourite outdoor activity in London?
Recently a fellow founder, Mark Curphey, started up a monthly meetup where a bunch of security people get together and grab lunch and share ideas. It’s been a great casual way to learn from each other and talk through problems we might be able to solve.
