It was another great RSA Conference for Bomgar. Our CEO, Matt Dircks, and Director of Product Management, Sam Elliott, took a break from their hectic RSA schedules to sit down and discuss the state of affairs at Bomgar.
Watch this short video to learn what Matt and Sam say about Bomgar’s unique position in the growing privileged account management market, what Bomgar’s recently released Privileged Access Threat Report says about the security risk that insiders and third-party vendors pose, what the rest of the year holds for Bomgar, and more.
Sam Elliott: Hi, I am Sam Elliott, the Director of Product Management at Bomgar, and I'm here today at RSA with Bomgar's CEO Sam Elliott. Matt, thanks so much for joining us today.
Matt Dircks: Hey Sam, good to see you man. Always good to be out at RSA. I love the energy, it's always good to talk to customers.
SE: Yeah, it's a lot of fun, I agree. I'm going to ask you a few questions, if that's okay.
SE: I'd like to start with ... Just tell me, how's it going for us here at RSA? What have you seen? What have you liked about RSA this year?
MD: Yes, I mentioned it's always great to have the energy at RSA. You get to reconnect with a lot of colleagues that you've worked with in the past. I've been doing this thing for too many years to mention, and it's great to reconnect, see where people are at. It's really good to see what customers are dealing with. I think sometimes, we can get very insulated from day to day issues that customers are facing. We kind of come up with all these cool, great ideas, but in reality they may not be solving the problem that customers are looking to solve.
MD: So, it's always great to reconnect. The booth traffic's been great. Since we've acquired Lieberman Software in January of '18, it's just made our presence that much bigger, physically as well as our customer base. It's been a great couple of days thus far.
SE: So let's talk about that Lieberman acquisition. Earlier this year, we acquired Lieberman. What is your goal for that acquisition, and what's your vision?
MD: I think that the goal is really for us to accelerate our success in providing privilege access to privilege account solutions out there. As you know, there's multiple elements of it. You have to have the access element of it, but you also have to have the ability to manage credentials at scale, do that at a way that's automated, do that in a way that's integrated. While we have a good solution we've developed ourselves, we knew that if we took the best in class technology that Lieberman had and combined it with our marketing, our sales, our customer base, our products organization that we would have a significant opportunity to be Top 3 in that market.
MD: I think, you know, early days ... Four months in, I think that's proven out to be very, very true. In our first quarter, we were 30% above plan, 50% growth year over year in terms of bookings, some big winds. I think it'll only get better. It surely helps to accelerate that, and ultimately, our vision is that we want to be that firm that allows customers to not have to compromise between productivity or security; provide very solid solutions and continue to grow our footprint globally. You'll see some additional investments in Channel this year. You'll see us expand more aggressively and do Asia-Pacific, which we've not done thus far. We'll continue to add hopefully many more satisfied and happy customers.
SE: Great. So PAM, as you mentioned, is rapidly growing. You see Bomgar growing as well. What would you say is Bomgar's distinctive competence and what makes us different in that space?
MD: I think it's probably three things. The first would be is our people. I mean, our people genuinely care about our customers. A lot of people can say that, but if you look at our renewal rates that are very satisfied customers; 95+% of our customers renew with us, and I take that as a very solemn duty to make sure that they're happy and vote with their wallets. A significant amount of those customers grow their business with us every year, so that's one thing that is a result.
MD: Secondly, we've always had this ethos about being easy to implement, not requiring a huge amount of services. Even though the probably PAM is a little more difficult inherently and a little more complex, we still take that same ethos to how we solve that problem. Quicker time to value, easy to integrate within the organization, and then I think the corollary of the third is that the third point would be that we understand how IT operations thinks and works, because we came up from that side.
MD: Typically, a lot of security-centric companies will come in, they'll deal with the security organization, come up with some great technology but make it very, very hard to adopt culturally or roll out from an operational perspective. We kind of bridge that gap. We provide the security folks with what they need, but also, they can go to their brothers and sisters on the other side of the business and essentially say, "Hey, this is something I can roll out in a matter of days or weeks rather than months or years."
SE: So, it's important to us to really balance that idea of productivity and security.
MD: Yeah. We just published our third annual privilege access threat report, where we take about a thousand security professionals and IT professionals throughout the world, and two-thirds of those folks are really worried about access and security. Less than half of those folks are really doing anything, because they're concerned about the implications on their business, their productivity.
MD: Typically, what we see happening is if it's a question between adopting a technology that deals with a potential threat versus the risk of an absolute failure on a service account or a backend database, et cetera. People are willing to roll the dice. Our point is: you don't have to roll the dice. You can have both of those things. You can have your chocolate and your peanut butter, if you will.
SE: Right. So you mentioned our privilege access threat report that we just recently announced for this year. Some of the findings in the research really helped to validate the risk that both insiders and third party vendors pose to an organization. Can you talk about that a little bit?
MD: It's one thing ... People often ask us, "Do you guys do single-sign on?" No. That's really all the users, and that's a great thing. There's partnerships that we have on there, but we're talking about those privilege users where they're insiders that might have access to domains, and as domain administrators or particular service accounts or third parties that come in that essentially have an exponential risk associated with their credential or their account. Not only do you compromise their individual account to maybe Word or Office 365, if they're a domain admin, you have the keys to the kingdom there.
MD: It's very important that you think about that in terms of how you manage and mitigate risk, because you never eliminate risk, you just either transfer it, mitigate it, manage it somehow. It's very important to us, and I think it speaks to the increasingly complex environment that people are dealing with. Cloud, on-premise, back office apps, mobile apps, whatever it is. You still have a very concentrated amount of power in the hands of a few privilege users, both internally or third party vendors. I think one of those statistics that we cite is that there's almost 200 external vendors a week that are coming into people's infrastructure and there's no idea if they're using a traditional approach like a VPN. They have no idea what they're doing, no idea what they've done, no recording, no auditing, no compliance for privacy and compliance objectives.
MD: We really focus on those, because that is the exponential threat.
SE: Right. Alright Matt, well that's really interesting. I appreciate you being here with us today. This is Sam Elliott and Matt Dircks from RSA. Thanks for watching.