SGNL is reshaping the way authorization works in the identity and access management space to improve security and “limit the blast radius” for account compromises like credential theft or session hijacking. We spoke with CEO and founder Scott Kriz about their exciting new approach to a legacy challenge.
Limiting The Blast Radius
While identity and access management are usually viewed as a subset of cybersecurity, in reality they’re an industry all their own. As a former Google employee who developed the underlying technology that runs Google Cloud Identity, Scott Kriz founded his newest startup, SGNL (pronounced like signal), as a solution to the under-developed authorization part of the puzzle.
Authentication has been solved for the most part, but what access is granted and what actions users can perform once they’re in is a challenge that Kriz noticed was continually being tackled by in-house teams with custom solutions. So in 2021, Kriz left Google to form SGNL, motivated by the paradigm-toppling philosophy of “zero standing privilege”—the concept that access and authorization be determined on-demand with no persistent privileges for any user, and initiated by a legitimate trigger.
In 2024, SGNL has caught fire with their robust offering which seems to check all the boxes: context-based policies, dynamic enforcement, integrations, audit-ability, scalability, and flexible SaaS options.
In our 17 minute interview with Kriz, we cover his background in the industry, his motivation for starting SGNL, and some insight into what it’s like to have to interview for your own job at Google.